[OpenID] [LIKELY_SPAM]Re: [LIKELY_SPAM]Re: [LIKELY_SPAM]Re: Combining Google & Yahoo user experience research

Chris Messina chris.messina at gmail.com
Thu Oct 23 00:33:35 UTC 2008


On Wed, Oct 22, 2008 at 5:11 PM, Martin Atkins <mart at degeneration.co.uk> wrote:
> Chris Messina wrote:
>>
>> Delegation seems possible with email identifiers, but unlikely.
>
> People quite often use delegation on their vanity domains today. I don't see
> that being any less attractive once my identifier is mart at degeneration.co.uk
> rather than http://mart.degeneration.co.uk/; I still don't want to run my
> own OpenID provider.
>
> It could be argued that delegation from vanity domains is one of the key
> reasons why OpenID attracted so many early adopters.

Sure. Now, I delegate factoryjoe.com to my OpenID provider, but I
don't actually have email setup on my domain.

I'd sure be interesting if I could use chris at factoryjoe.com as my OpenID though.

If I've set up an OpenID provider on my domain, how would delegation
work in that case? I could see that you could 302 to some offsite
location once you've created a connection between that identifier and
some remote OpenID provider (which is the way that emailtoid.net
works), but I'm having a hard time fully understanding how delegation
would work for emails.


>
>> 2. should a collision occur, there is a possibility that the end user
>> will actually sign off from the current session ("Oh, that's not my
>> account... hmm") and sign in under their own account, and complete the
>> return_to RP with either the original identifier as the claimed
>> identifier, or with a directed identity. In either case, this flow
>> would be rather intuitive, but also supports the case where the
>> presented email identifier is not [always] returned to the RP.
>>
>
> Indeed. It would be acceptable for the OP to say to the user "You're Fred,
> not John. Would you like to log in as John instead?" or something to that
> effect.
>
> That way the switch to a different account is not a surprise to me. If I
> typed John into the RP, it's quite likely that it's John I intended to
> authenticate as.

Perhaps it's a matter of semantics/presentation, but this would freak
most people out. If I had mistyped an email identifier into the RP, I
wouldn't want my OP telling me that I'm someone else. I'd rather it
tell me "John is logged in here. Are you not John? I really have no
idea who you are, I'm just a dumb computer."

Take a look at this UI: http://flickr.com/photos/factoryjoe/2880843612/

That seems pretty intuitive to me (it's also what we're doing with the
WordPress OpenID plugin:
http://flickr.com/photos/factoryjoe/2885643921/sizes/o/).

Chris


-- 
Chris Messina
Citizen-Participant &
  Open Technology Advocate-at-Large
factoryjoe.com # diso-project.org
citizenagency.com # vidoop.com
This email is:   [ ] bloggable    [X] ask first   [ ] private



More information about the general mailing list