[OpenID] An alternative OpenID UX
Rabbit
rabbit at cyberpunkrock.com
Tue Apr 14 21:57:05 UTC 2009
On Apr 14, 2009, at 5:11 PM, Martin Atkins wrote:
>
> * RPs presumably want to create a good user experience, so they're
> under pressure to accept login from popular OPs that their users are
> likely to use. In particular, it's unlikely that any RP would
> deliberately exclude Google, Yahoo!, Microsoft and so forth. Since
> most users are going to be using a large provider, most users
> wouldn't be affected by such whitelisting.
>
Which also presents a problem when the RP wants to require a policy
that the big players don't follow. Seems to me policy requirements
should be relaxed upon entry and rely upon out-of-band solutions to
pick up where policy compliance left off. In the verified e-mail
example, the RP can trust that certain OPs have supplied a verified e-
mail while for others the User is shown "You're e-mail must be
verified. Click here" but in both cases, the User is still allowed to
choose their OP. This is analogous to progressive enhancement
techniques employed in web design.
=Rabbit
More information about the general
mailing list