[OpenID] [LIKELY_SPAM]Re: [LIKELY_SPAM]Re: Combining Google & Yahoo user experience research
Martin Atkins
mart at degeneration.co.uk
Tue Oct 28 20:23:00 UTC 2008
SitG Admin wrote:
>> I guess the main caveat here is that OPs need to present a suitable
>> user interface in the email case that explains it from the point of
>> view of validating an email address rather than signing in. As usual,
>> the UI at OPs isn't really something OpenID can control, so the
>> success of the above approach will depend on figuring out what the
>> correct UI flow is for this use-case.
>
> I receive all my E-mail at a computer under my direct physical control;
> I don't handle it through a webmail interface. That makes my UI flow
> essentially offline. I may *download* the E-mail while online, but I can
> go offline (good for 0-day exploits that immediately try to dial home)
> before reading it, and copy any "please click here" URL's over to
> another computer by hand.
>
> I (and many other users in my situation) would not be thrilled with a UI
> proposal that required the use of web-mail.
>
If you do genuinely always go offline to read your email, I'd expect
that taking the round-trip to your email client to confirm your email
address -- something that will require you to visit a URL and thus to go
online again -- would be a benefit to you rather than a hindrance.
If you wanted to use this system at a domain of your own then you would
need to run, or have someone else run on your behalf, an email
verification service for your domain. This would require a public HTTP
server somewhere, but it could be completely separate from your email
services.
For example. right now I have the email address I sent this message from
configured to delegate OpenID services to MyOpenID using my own flavour
of email-based OpenID discovery[1]. I'm not running anything HTTP for
this and made no changes to my mail server to implement it.
[1] http://www.apparently.me.uk/18285.html
More information about the general
mailing list