[OpenID] New OpenID Customer Research Activity - Google research on federated login

Eric Sachs esachs at google.com
Tue Sep 23 21:45:10 UTC 2008 

Technically the UI we described in our research document can accept a lot of
different identifiers.  E-mail might be the common one, but I also mentioned
how an advanced user might enter an OpenID domain using directed identity.
 However the RP could allow a vanity URL to be typed in as well which would
avoid the need for a browser plugin.  The harder part is how to enable the
user to know that option exists.  I mentioned that the phrase "Enter your
E-mail address or OpenID domain" appears to avoid confusing average users.
 Unfortunately when the OpenID logo was included or the word domain was
replaced by URL, then average users did get confused.
If an RP accepts OpenID domains for directed identity, then I can't think of
a reason they would not also always accept vanity OpenID URLs.  So maybe we
should not worry about training really advanced users to know this option
exists.  Maybe it would be enough to just make sure there are common open
source implementations of this UI style which have this feature built in.

Of course, this still leaves the problem of an RP who wants to require a
validated E-mail address for a user.  But I think that is an orthogonal
issue.


On Tue, Sep 23, 2008 at 2:31 PM, SitG Admin <sysadmin at shadowsinthegarden.com
> wrote:

> >>  Would it be possible to send the browser a user-side script that
> >>  would accept their E-mail address (with the standard field name, to
> >>  enable autofill) and attempt to reformat it into an OpenID, possibly
> >>  with a popup to show them the transformation and explain that they
> >>  should enter this URL in future?
> >
> >The user-specific URL may be machine-generated and non-mnemonic. It is
> >at least usually longer than the domain, and I think users always
> >prefer to type less in login boxes. I assume you mean we should train
> >them to enter a reference to the IDP.
>
> No, though this might be better where Directed Identity is in use. I
> prefer "real" ("vanity", as max engel called them) URI's, however, so
> I visualize users entering, for example;
> max_engel at yahoo.com
> And then the user-side script pops up an alert when they try to log
> in, showing "max_engel" in green, "@" in red, and "yahoo.com" in
> blue; and proposing a transformation into this format instead:
> http://profiles.yahoo.com/max_engel
> Where the red "@" has been removed, the green and blue are the same,
> and everything else is black.
>
> -Shade
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080923/00b4dd9c/attachment-0002.htm>

More information about the general mailing list