[OpenID] Fwd: [OpenID Foundation] New Poll Opened
Allen Tom
atom at yahoo-inc.com
Fri Mar 20 17:25:48 UTC 2009
Hi Paul,
What the OP decides to display within the Popup is out of scope,
consistent with how the content the OP displays in the current redirect
UI is out of scope. The OpenID spec does not define the method used to
authenticate the user, so some OPs may use username/password, and others
might use other authentication techniques. As Breno mentioned earlier,
the popup is really not much different than the existing UI, except that
it's in a popup.
I believe that that it is very prudent for OPs to educate their users
about phishing and security in general, and the text currently on
MySpace's homepage is a good example.
The language hint and the popup UI are related in that they are both UI
attributes passed by the RP to the OP so that the OP can display an
authentication UI that is optimized for the RP's user experience. We
intend that the resulting UI Extension will allow the language
preference and popup to be implemented independently of each other. We
expect that OPs can advertise support for either language preference,
popup, or both via discovery.
Thanks
Allen
Paul Madsen wrote:
> Allen, would not the fact that the content of the pop-up is
> specifically declared out of scope in the WG proposal preclude guiding
> the OP to provide such warnings or, for instance, display a sign-in
> seal, in the pop-up ?
>
> Separately, a language hint from the RP is clearly orthogonal to the
> question of pop-up/full window. Are there implications for them to be
> conflated into a single extension, e.g. for metadata advertisement of
> extension support?
>
> paul
>
> Allen Tom wrote:
>> The popup window will be REQUIRED to display the address bar. OPs
>> will be strongly encouraged to educate their users to always pay
>> attention to the URL of the address bar before entering their
>> credentials.
>>
>> In particular, I think MySpace does an excellent job on their home page:
>>
>>
>> Always make sure you're visiting the real myspace.com!
>>
>> 1. Check the URL in your browser.
>> 2. Make sure it begins with http://www.myspace.com/
>> 3. If ANY OTHER PAGE asks for your info, DON'T LOG IN!
>>
>> Allen
>>
>>
>> SitG Admin wrote:
>>>> Phishing still is a major concern, however, we do not think that
>>>> the popup window significantly changes the phishing scenarios
>>>> compared to the existing full browser window UIs today.
>>>
>>> Are you speaking of full-size windows, here, or windows that have an
>>> address bar in them? Pop-up windows that are missing this indication
>>> of what site the user is at may reduce confusion by eliminating
>>> distractions, but they also take away from the user's awareness of
>>> what's going on.
>>>
>>> -Shade
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>
>> ------------------------------------------------------------------------
>>
>> No virus found in this incoming message.
>> Checked by AVG.
>> Version: 7.5.557 / Virus Database: 270.11.19/2011 - Release Date: 19/03/2009 7:05 AM
>>
>
> --
> Paul Madsen
> e:paulmadsen @ ntt-at.com
> p:613-482-0432
> m:613-282-8647
> web:connectid.blogspot.com
> ConnectID <http://feeds.feedburner.com/%7Er/blogspot/gMwy/%7E6/1>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090320/413bb6c0/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 21486 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090320/413bb6c0/attachment-0002.gif>
More information about the general
mailing list