[OpenID] [LIKELY_SPAM]Re: [LIKELY_SPAM]Re: Combining Google & Yahoo user experience research
Martin Atkins
mart at degeneration.co.uk
Fri Oct 24 22:24:13 UTC 2008
George Fletcher wrote:
> I think there are at least two use cases involving email addresses that
> can be easily confused...
>
> 1. Use the email address as an indicator or pointer to a valid OpenID as
> the email address is an identifier that the user currently remembers.
> - this is the use case that EAUT is targeting and, if I understood
> correctly, what Chris is discussing as well
>
> 2. Verify an email address for those RP's that want/need/require a
> "verified email address"
> - this is more about the RP getting a verified identity attribute
> - the expectation is that an OpenID based flow would allow a user who
> has to verify their email address to do it in "real time" rather than
> the async email method used today
>
> I believe we need to keep these two use cases separate because the
> intentions/outcome is really quite different.
>
From a user experience perspective, your point 2 here is an extension
of point 1. In both of these cases, the user enters his email address to
log in. In the second case, he doesn't need to check his email to verify
his email address.[1]
What am I missing here? What is gained by having the user enter an email
address but not actually using it as the OpenID Identifier? This
approach just seems really bizarre and makes the whole thing far less
useful.
[1] With some caveats that we've discussed already, naturally.
More information about the general
mailing list