[OpenID] Windows Live ID OpenID CTP Status Update (August 2009)

Johannes Ernst jernst+openid.net at netmesh.us
Fri Aug 28 20:32:27 UTC 2009 

I agree with your "heresy". It's not heresy in my book.

There was a reason we started LID from the perspective of "I want to  
have a public identifier that I can use everywhere."

The counter-argument is a "code as law" argument. If we can hide many  
things under the covers, e.g. the actual identifier as the use cases  
have evolved, can't we hide "automatic privacy" under the covers, too?  
Personally, I have never seen an end-to-end design for that, but that  
doesn't mean there can't be one?!?



On Aug 28, 2009, at 13:24, Jorgen Thelin wrote:

> I think I am about to commit heresy on this list -- but this raises  
> a very important issue so I will persevere.
> "All hands -- Shields up, and brace for impact!" :)
>
> First off, for context -- there are probably ZERO "mainstream users"  
> on this list, so this is a very biased sample when evaluating  
> functionality for mainstream users! How mainstream users think and  
> what experience they need is almost certainly the exact opposite of  
> what the super-power-users on this list want.
>
> Hypothesis: <heresy> Directed identity choices don't work for  
> *mainstream* users </heresy>
>
> - Looking at the Live ID CTP experience, we found that most users  
> (even very tech literate ones) just don't know the difference  
> between a global / unique identifier and an "anonymous" / pairwise  
> identifier.
> - Those users don't know when they should be using which type, or  
> really much about why.
> - The few that do understand the difference will pretty much always  
> choose a single identifier type according to their personal  
> preferences -- some people strongly favor having correlatable  
> identifiers across all services, and others absolutely abhor that  
> idea.
> - Most users will always go with the default selection if they don't  
> understand the question, or else they will cancel and refuse to  
> answer. They rely on the IdP to "do the right thing" on their behalf.
> - We found it pretty much impossible to craft any explanatory text  
> to explain the different types of identifiers, or provide the  
> necessary privacy guidance to help users decide which to use.
>
> Our conclusion is that full directed identity functionality is  
> something that the folks on this list clearly care about, but is a  
> model that just doesn't register with or help the other 99.999999%  
> of any large user base.
>
> "logic clearly dictates that the needs of the many outweigh the  
> needs of the few"
> http://www.imdb.com/title/tt0084726/quotes
>
> - Jorgen
>
> -----Original Message-----
> From: openid-general-bounces at lists.openid.net [mailto:openid-general-bounces at lists.openid.net 
> ] On Behalf Of Peter Williams
> Sent: Thursday, August 27, 2009 9:38 PM
> To: Peter Watkins
> Cc: openid-general at lists.openid.net
> Subject: Re: [OpenID] Windows Live ID OpenID CTP Status Update  
> (August 2009)
>
>
> I swear I read recently that it was being dropped, in an upcoming UI  
> redesign based on a UX study.
>
> Yahoo folks can confirm: is the feature being dropped, or being  
> retained?
>
> Is it part of the strategy to
>
> (a) let users pick available aliases?
> (b) let users direct which alias is released to which RP?
>
> I don't really see it as particularly important one way or the  
> other; except in the determining which elements of the mission (re  
> privacy/user centric features) are or are not being pursued by the  
> giant corporations; which are being messaged or dropped by the  
> Foundation.
>
>
> .
> -----Original Message-----
> From: Peter Watkins [mailto:peterw at tux.org]
> Sent: Thursday, August 27, 2009 9:23 PM
> To: Peter Williams
> Cc: openid-general at lists.openid.net
> Subject: Re: [OpenID] Windows Live ID OpenID CTP Status Update  
> (August 2009)
>
> Peter Williams wrote:
>> So the experiment with directed I'd to allow users to release  
>> different identity urls/synonyms to subsets of relying part sites  
>> has failed. Even yahoo has withdrawn, I believe.
>>
> Where'd you get that impression? I just now logged in to Yahoo and
> verified that I can still use the "OpenID Home" link to get the UI for
> requesting additional "me.yahoo.com" identifiers, and their OP login
> flow still lets me choose between the very ugly unique ID they first
> created for me, and the slightly less ugly identifier that I  
> created. So
> they still seem to support directed identity and allowing users to
> create a set of alternative identifiers.
>
> Or maybe I'm not understanding what you're saying. It wouldn't be the
> first time. ;-)
>
> Windows Live folks -- thanks for sharing. I look forward to digesting
> this tomorrow. And I look forward to seeing your final solution. I do
> hope it, like the offerings from Yahoo! and Google (and, if I recall
> correctly, the CTP setup), will allow for 100% https usage, so we can
> trust the process. If so, I'm sure we'll add an easy "Login with  
> Windows
> Live ID" button to our RP site. If not, we won't accept Live as an OP,
> even if a user is geeky enough to enter a valid URL in the OpenID  
> text box.
>
> -Peter
>
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
>
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general

More information about the general mailing list