[OpenID] Windows Live ID OpenID CTP Status Update (August 2009)

George Fletcher gffletch at aol.com
Fri Aug 28 20:35:21 UTC 2009 

I agree that mainstream users don't understand the issues so for them 
making a decision is almost impossible. However, what about cases where 
an RP knows it only wants a pair-wise, pseudonymous identifier? This 
takes the decision out of the user's realm and allows the RP to specify 
(or at least label it as a preference).

Another option might be to remove the concept of "semantics" from the 
identifier and just use it as a means of discovery. This means users 
don't have to decide anything. An RP would not then "display" the OpenID 
but rather use it as a protocol mechanism to discovery the user's OP.

 From my experience, overloading an identifier with multiple semantics 
only leads to complications down the road. It starts out seeming like a 
simplifying concept but in the end just causes problems.

Thanks,
George

Jorgen Thelin wrote:
> I think I am about to commit heresy on this list -- but this raises a very important issue so I will persevere. 
> "All hands -- Shields up, and brace for impact!" :)
>
> First off, for context -- there are probably ZERO "mainstream users" on this list, so this is a very biased sample when evaluating functionality for mainstream users! How mainstream users think and what experience they need is almost certainly the exact opposite of what the super-power-users on this list want.
>
> Hypothesis: <heresy> Directed identity choices don't work for *mainstream* users </heresy>
>
> - Looking at the Live ID CTP experience, we found that most users (even very tech literate ones) just don't know the difference between a global / unique identifier and an "anonymous" / pairwise identifier.
> - Those users don't know when they should be using which type, or really much about why.
> - The few that do understand the difference will pretty much always choose a single identifier type according to their personal preferences -- some people strongly favor having correlatable identifiers across all services, and others absolutely abhor that idea.
> - Most users will always go with the default selection if they don't understand the question, or else they will cancel and refuse to answer. They rely on the IdP to "do the right thing" on their behalf.
> - We found it pretty much impossible to craft any explanatory text to explain the different types of identifiers, or provide the necessary privacy guidance to help users decide which to use.
>
> Our conclusion is that full directed identity functionality is something that the folks on this list clearly care about, but is a model that just doesn't register with or help the other 99.999999% of any large user base.
>
> "logic clearly dictates that the needs of the many outweigh the needs of the few"
> http://www.imdb.com/title/tt0084726/quotes
>
> - Jorgen
>
> -----Original Message-----
> From: openid-general-bounces at lists.openid.net [mailto:openid-general-bounces at lists.openid.net] On Behalf Of Peter Williams
> Sent: Thursday, August 27, 2009 9:38 PM
> To: Peter Watkins
> Cc: openid-general at lists.openid.net
> Subject: Re: [OpenID] Windows Live ID OpenID CTP Status Update (August 2009)
>
>
> I swear I read recently that it was being dropped, in an upcoming UI redesign based on a UX study.
>
> Yahoo folks can confirm: is the feature being dropped, or being retained?
>
> Is it part of the strategy to
>
> (a) let users pick available aliases?
> (b) let users direct which alias is released to which RP?
>
> I don't really see it as particularly important one way or the other; except in the determining which elements of the mission (re privacy/user centric features) are or are not being pursued by the giant corporations; which are being messaged or dropped by the Foundation.
>
>
> .
> -----Original Message-----
> From: Peter Watkins [mailto:peterw at tux.org]
> Sent: Thursday, August 27, 2009 9:23 PM
> To: Peter Williams
> Cc: openid-general at lists.openid.net
> Subject: Re: [OpenID] Windows Live ID OpenID CTP Status Update (August 2009)
>
> Peter Williams wrote:
>   
>> So the experiment with directed I'd to allow users to release different identity urls/synonyms to subsets of relying part sites has failed. Even yahoo has withdrawn, I believe.
>>
>>     
> Where'd you get that impression? I just now logged in to Yahoo and
> verified that I can still use the "OpenID Home" link to get the UI for
> requesting additional "me.yahoo.com" identifiers, and their OP login
> flow still lets me choose between the very ugly unique ID they first
> created for me, and the slightly less ugly identifier that I created. So
> they still seem to support directed identity and allowing users to
> create a set of alternative identifiers.
>
> Or maybe I'm not understanding what you're saying. It wouldn't be the
> first time. ;-)
>
> Windows Live folks -- thanks for sharing. I look forward to digesting
> this tomorrow. And I look forward to seeing your final solution. I do
> hope it, like the offerings from Yahoo! and Google (and, if I recall
> correctly, the CTP setup), will allow for 100% https usage, so we can
> trust the process. If so, I'm sure we'll add an easy "Login with Windows
> Live ID" button to our RP site. If not, we won't accept Live as an OP,
> even if a user is geeky enough to enter a valid URL in the OpenID text box.
>
> -Peter
>
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
>
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
>
>

More information about the general mailing list