[OpenID] Windows Live ID OpenID CTP Status Update (August 2009)

Jorgen Thelin jthelin at microsoft.com
Fri Aug 28 20:24:51 UTC 2009 

I think I am about to commit heresy on this list -- but this raises a very important issue so I will persevere. 
"All hands -- Shields up, and brace for impact!" :)

First off, for context -- there are probably ZERO "mainstream users" on this list, so this is a very biased sample when evaluating functionality for mainstream users! How mainstream users think and what experience they need is almost certainly the exact opposite of what the super-power-users on this list want.

Hypothesis: <heresy> Directed identity choices don't work for *mainstream* users </heresy>

- Looking at the Live ID CTP experience, we found that most users (even very tech literate ones) just don't know the difference between a global / unique identifier and an "anonymous" / pairwise identifier.
- Those users don't know when they should be using which type, or really much about why.
- The few that do understand the difference will pretty much always choose a single identifier type according to their personal preferences -- some people strongly favor having correlatable identifiers across all services, and others absolutely abhor that idea.
- Most users will always go with the default selection if they don't understand the question, or else they will cancel and refuse to answer. They rely on the IdP to "do the right thing" on their behalf.
- We found it pretty much impossible to craft any explanatory text to explain the different types of identifiers, or provide the necessary privacy guidance to help users decide which to use.

Our conclusion is that full directed identity functionality is something that the folks on this list clearly care about, but is a model that just doesn't register with or help the other 99.999999% of any large user base.

"logic clearly dictates that the needs of the many outweigh the needs of the few"
http://www.imdb.com/title/tt0084726/quotes

- Jorgen

-----Original Message-----
From: openid-general-bounces at lists.openid.net [mailto:openid-general-bounces at lists.openid.net] On Behalf Of Peter Williams
Sent: Thursday, August 27, 2009 9:38 PM
To: Peter Watkins
Cc: openid-general at lists.openid.net
Subject: Re: [OpenID] Windows Live ID OpenID CTP Status Update (August 2009)


I swear I read recently that it was being dropped, in an upcoming UI redesign based on a UX study.

Yahoo folks can confirm: is the feature being dropped, or being retained?

Is it part of the strategy to

(a) let users pick available aliases?
(b) let users direct which alias is released to which RP?

I don't really see it as particularly important one way or the other; except in the determining which elements of the mission (re privacy/user centric features) are or are not being pursued by the giant corporations; which are being messaged or dropped by the Foundation.


.
-----Original Message-----
From: Peter Watkins [mailto:peterw at tux.org]
Sent: Thursday, August 27, 2009 9:23 PM
To: Peter Williams
Cc: openid-general at lists.openid.net
Subject: Re: [OpenID] Windows Live ID OpenID CTP Status Update (August 2009)

Peter Williams wrote:
> So the experiment with directed I'd to allow users to release different identity urls/synonyms to subsets of relying part sites has failed. Even yahoo has withdrawn, I believe.
>
Where'd you get that impression? I just now logged in to Yahoo and
verified that I can still use the "OpenID Home" link to get the UI for
requesting additional "me.yahoo.com" identifiers, and their OP login
flow still lets me choose between the very ugly unique ID they first
created for me, and the slightly less ugly identifier that I created. So
they still seem to support directed identity and allowing users to
create a set of alternative identifiers.

Or maybe I'm not understanding what you're saying. It wouldn't be the
first time. ;-)

Windows Live folks -- thanks for sharing. I look forward to digesting
this tomorrow. And I look forward to seeing your final solution. I do
hope it, like the offerings from Yahoo! and Google (and, if I recall
correctly, the CTP setup), will allow for 100% https usage, so we can
trust the process. If so, I'm sure we'll add an easy "Login with Windows
Live ID" button to our RP site. If not, we won't accept Live as an OP,
even if a user is geeky enough to enter a valid URL in the OpenID text box.

-Peter

_______________________________________________
general mailing list
general at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-general

More information about the general mailing list