[OpenID] Fwd: [OpenID Foundation] New Poll Opened

Allen Tom atom at yahoo-inc.com
Thu Mar 19 18:39:51 UTC 2009 

Hi Brett,

The original proposal was to name the WG the "Popup WG" but after the 
scope was expanded to include language preference, we renamed it the 
OpenID UI WG. Although the scope of  UI Extension 1.0 is strictly 
limited to the Popup UI and the Language Preference, we hope that the 
1.0 extension defines an mechanism that can be reused for future UI 
enhancements.

I do think that there is way too much overhead in forming an OpenID WG. 
The UI WG will be the fastest WG ever created, taking approximately 6 
weeks to create, which I feel is 5 weeks too long.

With regards to having the user enter their credentials in a popup 
window, there are many OPs and RPs that would like to use this feature 
immediately, and are waiting for a standard interface to be defined. 
Phishing still is a major concern, however, we do not think that the 
popup window significantly changes the phishing scenarios compared to 
the existing full browser window UIs today. We do think that the Popup 
UI will significantly increase the usability of OpenID, would could 
increase the demand for anti-phishing solutions, as OpenID becomes more 
widely used.

Allen

Brett McDowell wrote:
>
> This proposal is specifically scoped to a pop-up window paradigm. 
>  Therefore it concerns me that the specification is going to be 
> branded "OpenID User Interface Extension 1.0" and the Working Group 
> will be branded *the* "OpenID User Interface Working Group". 
>  Certainly there must be other approaches to improving OpenID UI. 
>  Hasn't the eCommerce industry been teaching users to never put their 
> credentials into a pop-up window for fear of phishing?
>
> I would like to vote in favor of this Working Group but I cannot 
> support it as written.  I humbly suggest the following changes:
>
> Name to: "OpenID Pop-Up User Interface Working Group"
> Specification to: "OpenID Pop-Up User Interface Extension 1.0"
>
> Those two minor changes would signify an awareness that there may be 
> other approaches to improving the OpenID UI, and it might even 
> encourage some alternative proposals to come forward which will only 
> strengthen OpenID UI down-the-road.
>
> P.S.
> If I'm out-of-compliance with OIDF process please let me know and 
> point me to the process document I should reference in the future.
>
> Thank you,
>
> Brett McDowell | +1.413.652.1248 | http://info.brettmcdowell.com
>
> Begin forwarded message:
>
>> *From: *membership at oidf.org <mailto:membership at oidf.org>
>> *Date: *March 19, 2009 9:40:23 AM EDT
>> *To: *brett at ICTprojects.com <mailto:brett at ICTprojects.com>
>> *Subject: **[OpenID Foundation] New Poll Opened*
>>
>> Hello Brett McDowell,
>>
>> Voting has opened on the following poll -- please register your vote 
>> before 2009-03-26.
>>
>> Link: https://openid.net/foundation/members/polls/15
>>
>> Title:  Approve the Creation of the OpenID User Interface Working Group
>>
>> Description: The Specifications Council recommends that the 
>> Foundation members approve the creation of the OpenID User Interface 
>> Working Group, as proposed below.
>>
>>     Name
>>
>> OpenID User Interface Working Group
>>
>>
>>     Background Information
>>
>> OpenID traditionally requires the Relying Party to redirect the entire
>> browser window to the OpenID Provider for the user to authenticate
>> before redirecting the browser back to the Relying Party. It is believed
>> that the User Experience (UX) could be significantly improved if the
>> authentication flow occurred within a smaller popup window, making the
>> experience less disruptive to the user.
>>
>> Although it is possible for Relying Parties to open a popup window for
>> the user to authenticate at the OpenID Provider using the Provider's
>> default user interface, the overall user experience can be optimized if
>> the OP was aware that its UI was running within a popup. For instance,
>> an OP may want to resize the popup browser window when using the popup
>> interface, but would probably not want to resize the full browser window
>> when using the default redirect interface. Another optimization is that
>> the OP can close the popup, rather than return a negative assertion if
>> the user chooses to cancel the authentication request.
>>
>> Users who begin the OpenID sign in process on a Relying Party in one
>> language and then transition to their OpenID Provider's site in a
>> different language may find the overall experience to be very
>> disruptive. In many cases, the Relying Party may want to pass a language
>> hint to the OpenID Provider to use to display the User Interface to the
>> user, especially if the user is not already authenticated at the OP.
>>
>>
>>
>>
>>     Statement of Purpose
>>
>> This workgroup intends to produce a very brief OpenID extension to
>> enable the OpenID Authentication User Interface to be invoked in a
>> standalone popup window, and to allow the Relying Party to request that
>> the user interface be displayed in a particular language.
>>
>>
>>
>>
>>     Scope
>>
>> Produce an extension that allows an OpenID Provider to indicate its
>> support of a popup friendly user interface, as opposed to the default
>> user interface optimized for a full browser window. The popup must be in
>> an independent browser window, and must not be framed by the RP.
>>
>>
>>
>> The extension will also define a mechanim for RPs to pass a language
>> hint to the OP to help determine the langange used to display the OpenID
>> Authentication user interface.
>>
>>
>>     Out of Scope
>>
>> The content of the user interface other than the language that the
>> interface is displayed in is out of scope.
>>
>>
>>
>>
>>     Specifications
>>
>> OpenID User Interface Extension 1.0
>>
>>
>>     Anticipated audience
>>
>> All those interested in improving OpenID Usability.
>>
>>
>>     Language of business
>>
>> English.
>>
>>
>>     Method of work
>>
>> Mailing list discussion. Posting of intermediate drafts in the OpenID
>> Wiki. Virtual conferencing on an ad-hoc basis.
>>
>>
>>     Basis for completion of the activity
>>
>> The OpenID User Interface Extension 1.0 final draft is completed.
>>
>>
>>     Proposers
>>
>>   * Allen Tom, atom at yahoo-inc.com, Yahoo!
>>   * Brian Ellin, brian at janrain.com, Janrain
>>   * David Recordon, david at sixapart.com, Six Apart
>>   * Chris Messina, chris at citizenagency.com, Vidoop/DiSo Project
>>   * Breno de Medeiros, breno at google.com, Google
>>   * Luke Shepard, lshepard at facebook.com, Facebook
>>
>>
>>     Initial Editors
>>
>>   * Allen Tom, atom at yahoo-inc.com, Yahoo!
>>   * Breno de Medeiros, breno at google.com, Google
>>
>> Available Choices:
>>
>> * Approve New Working Group
>> * Reject New Working Group
>> * Abstain
>>
>> Thank you for your participation!
>>
>> ---
>> The OpenID Foundation
>> http://openid.net/foundation/
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090319/6795c78d/attachment-0002.htm>

More information about the general mailing list