[OpenID] Windows Live ID OpenID CTP Status Update (August 2009)

Brian Kissel bkissel at janrain.com
Sat Aug 29 00:37:42 UTC 2009 

I would go one further that average internet users just want to click a button, they don't want to type anything at all - not an email address, not a domain, not their user name, nothing.  I know there's a lot of discussion about the "Nascar" approach not being scalable, but we've tried all kinds of UX models over the last couple of years and clicking on a recognized icon of a major national branded identity provider like Microsoft, Yahoo, Google, AOL, Facebook, etc. always gets the best success rate.  Each RP will or can know what handful of OPs cover the majority of their users and can present them as the baseline interface, with an optional second level support for OpenID type text entry.  

At present, site users like this best as do the RPs we've worked with.  Maybe as time progresses and we can collectively educate the market that OpenID is the platform behind this SSO functionality, we can "train the users" to do something that is more extensible or creates a richer/better user experience, but that time is down the road.  Right now I think we should all be focused doing whatever it takes to get more RPs to deploy the technology and more end users to take advantage of it, and ultimately demand it.

Cheers,

Brian
___________

Brian Kissel
CEO, JanRain - OpenID-enable your websites, customers, partners, and employees
5331 SW Macadam Ave., Suite 375, Portland, OR 97239
Email: bkissel at janrain.com     Cell: 503.866.4424     Fax: 503.296.5502


-----Original Message-----
From: openid-general-bounces at lists.openid.net [mailto:openid-general-bounces at lists.openid.net] On Behalf Of Johannes Ernst
Sent: Friday, August 28, 2009 1:32 PM
To: Jorgen Thelin
Cc: openid-general at lists.openid.net
Subject: Re: [OpenID] Windows Live ID OpenID CTP Status Update (August 2009)

I agree with your "heresy". It's not heresy in my book.

There was a reason we started LID from the perspective of "I want to  
have a public identifier that I can use everywhere."

The counter-argument is a "code as law" argument. If we can hide many  
things under the covers, e.g. the actual identifier as the use cases  
have evolved, can't we hide "automatic privacy" under the covers, too?  
Personally, I have never seen an end-to-end design for that, but that  
doesn't mean there can't be one?!?



On Aug 28, 2009, at 13:24, Jorgen Thelin wrote:

> I think I am about to commit heresy on this list -- but this raises  
> a very important issue so I will persevere.
> "All hands -- Shields up, and brace for impact!" :)
>
> First off, for context -- there are probably ZERO "mainstream users"  
> on this list, so this is a very biased sample when evaluating  
> functionality for mainstream users! How mainstream users think and  
> what experience they need is almost certainly the exact opposite of  
> what the super-power-users on this list want.
>
> Hypothesis: <heresy> Directed identity choices don't work for  
> *mainstream* users </heresy>
>
> - Looking at the Live ID CTP experience, we found that most users  
> (even very tech literate ones) just don't know the difference  
> between a global / unique identifier and an "anonymous" / pairwise  
> identifier.
> - Those users don't know when they should be using which type, or  
> really much about why.
> - The few that do understand the difference will pretty much always  
> choose a single identifier type according to their personal  
> preferences -- some people strongly favor having correlatable  
> identifiers across all services, and others absolutely abhor that  
> idea.
> - Most users will always go with the default selection if they don't  
> understand the question, or else they will cancel and refuse to  
> answer. They rely on the IdP to "do the right thing" on their behalf.
> - We found it pretty much impossible to craft any explanatory text  
> to explain the different types of identifiers, or provide the  
> necessary privacy guidance to help users decide which to use.
>
> Our conclusion is that full directed identity functionality is  
> something that the folks on this list clearly care about, but is a  
> model that just doesn't register with or help the other 99.999999%  
> of any large user base.
>
> "logic clearly dictates that the needs of the many outweigh the  
> needs of the few"
> http://www.imdb.com/title/tt0084726/quotes
>
> - Jorgen
>
> -----Original Message-----
> From: openid-general-bounces at lists.openid.net [mailto:openid-general-bounces at lists.openid.net 
> ] On Behalf Of Peter Williams
> Sent: Thursday, August 27, 2009 9:38 PM
> To: Peter Watkins
> Cc: openid-general at lists.openid.net
> Subject: Re: [OpenID] Windows Live ID OpenID CTP Status Update  
> (August 2009)
>
>
> I swear I read recently that it was being dropped, in an upcoming UI  
> redesign based on a UX study.
>
> Yahoo folks can confirm: is the feature being dropped, or being  
> retained?
>
> Is it part of the strategy to
>
> (a) let users pick available aliases?
> (b) let users direct which alias is released to which RP?
>
> I don't really see it as particularly important one way or the  
> other; except in the determining which elements of the mission (re  
> privacy/user centric features) are or are not being pursued by the  
> giant corporations; which are being messaged or dropped by the  
> Foundation.
>
>
> .
> -----Original Message-----
> From: Peter Watkins [mailto:peterw at tux.org]
> Sent: Thursday, August 27, 2009 9:23 PM
> To: Peter Williams
> Cc: openid-general at lists.openid.net
> Subject: Re: [OpenID] Windows Live ID OpenID CTP Status Update  
> (August 2009)
>
> Peter Williams wrote:
>> So the experiment with directed I'd to allow users to release  
>> different identity urls/synonyms to subsets of relying part sites  
>> has failed. Even yahoo has withdrawn, I believe.
>>
> Where'd you get that impression? I just now logged in to Yahoo and
> verified that I can still use the "OpenID Home" link to get the UI for
> requesting additional "me.yahoo.com" identifiers, and their OP login
> flow still lets me choose between the very ugly unique ID they first
> created for me, and the slightly less ugly identifier that I  
> created. So
> they still seem to support directed identity and allowing users to
> create a set of alternative identifiers.
>
> Or maybe I'm not understanding what you're saying. It wouldn't be the
> first time. ;-)
>
> Windows Live folks -- thanks for sharing. I look forward to digesting
> this tomorrow. And I look forward to seeing your final solution. I do
> hope it, like the offerings from Yahoo! and Google (and, if I recall
> correctly, the CTP setup), will allow for 100% https usage, so we can
> trust the process. If so, I'm sure we'll add an easy "Login with  
> Windows
> Live ID" button to our RP site. If not, we won't accept Live as an OP,
> even if a user is geeky enough to enter a valid URL in the OpenID  
> text box.
>
> -Peter
>
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
>
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general

_______________________________________________
general mailing list
general at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-general
 

__________ Information from ESET NOD32 Antivirus, version of virus signature database 4378 (20090828) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

More information about the general mailing list