[OpenID] Fwd: [OpenID Foundation] New Poll Opened

Breno de Medeiros breno at google.com
Fri Mar 20 18:27:24 UTC 2009 

On Fri, Mar 20, 2009 at 11:14 AM, Paul Madsen <paulmadsen at rogers.com> wrote:

>  Thanks Allen, could you clarify something for me please? You describe the
> two aspects of the extension (language and pop-up) both as hints from the RP
> to the OP - these guiding the OP in building UI for the user.
>
> But the scope section of the WG proposal indicates that it is the OP that
> indicates to the RP its support for a pop-up UI, rather than the RP
> hinting/requesting that the OP build such a UI .....
>

As in other OpenID extensions, the OP indicates in its discovery document
support for these features. RPs automatically discovery that the features
are available and take advantage of them by sending hints to the OP in
requests.

The RP needs to know in advance that the OP supports popup UIs otherwise
sending the request in a popup may result in suboptimal experience because
the rendered UI is oversized.



>
>
> Am I missing something?
>
> paul
>
> Allen Tom wrote:
>
> Hi Paul,
>
> What the OP decides to display within the Popup is out of scope, consistent
> with how the content the OP displays in the current redirect UI is out of
> scope. The OpenID spec does not define the method used to authenticate the
> user, so some OPs may use username/password, and others might use other
> authentication techniques. As Breno mentioned earlier, the popup is really
> not much different than the existing UI, except that it's in a popup.
>
> I believe that that it is very prudent for OPs to educate their users about
> phishing and security in general, and the text currently on MySpace's
> homepage is a good example.
>
> The language hint and the popup UI are related in that they are both UI
> attributes passed by the RP to the OP so that the OP can display an
> authentication UI that is optimized for the RP's user experience. We intend
> that the resulting UI Extension will allow the language preference and popup
> to be implemented independently of each other. We expect that OPs can
> advertise support for either language preference, popup, or both via
> discovery.
>
> Thanks
> Allen
>
>
>
>
> Paul Madsen wrote:
>
> Allen, would not the fact that the content of the pop-up is specifically
> declared out of scope in the WG proposal preclude guiding the OP to  provide
> such warnings or, for instance, display a sign-in seal, in the pop-up ?
>
> Separately, a language hint from the RP is clearly orthogonal to the
> question of pop-up/full window. Are there implications for them to be
> conflated into a single extension, e.g. for metadata advertisement of
> extension support?
>
> paul
>
> Allen Tom wrote:
>
> The popup window will be REQUIRED to display the address bar. OPs will be
> strongly encouraged to educate their users to always pay attention to the
> URL of the address bar before entering their credentials.
>
> In particular, I think MySpace does an excellent job on their home page:
>
> Always make sure you're visiting the real myspace.com!
>
>    1. Check the URL in your browser.
>    2. Make sure it begins with http://www.myspace.com/
>    3. If ANY OTHER PAGE asks for your info, DON'T LOG IN!
>
> Allen
>
>
> SitG Admin wrote:
>
> Phishing still is a major concern, however, we do not think that the popup
> window significantly changes the phishing scenarios compared to the existing
> full browser window UIs today.
>
>
> Are you speaking of full-size windows, here, or windows that have an
> address bar in them? Pop-up windows that are missing this indication of what
> site the user is at may reduce confusion by eliminating distractions, but
> they also take away from the user's awareness of what's going on.
>
> -Shade
>
>
> ------------------------------
>
> _______________________________________________
> general mailing listgeneral at openid.nethttp://openid.net/mailman/listinfo/general
>
> ------------------------------
>
> No virus found in this incoming message.
> Checked by AVG.
> Version: 7.5.557 / Virus Database: 270.11.19/2011 - Release Date: 19/03/2009 7:05 AM
>
>
>
> --
> Paul Madsen
> e:paulmadsen @ ntt-at.com
> p:613-482-0432
> m:613-282-8647
> web:connectid.blogspot.com
> [image: ConnectID] <http://feeds.feedburner.com/%7Er/blogspot/gMwy/%7E6/1>
>
>
> ------------------------------
>
> No virus found in this incoming message.
> Checked by AVG.
> Version: 7.5.557 / Virus Database: 270.11.21/2014 - Release Date: 20/03/2009 6:59 AM
>
>
>
> --
> Paul Madsen
> e:paulmadsen @ ntt-at.com
> p:613-482-0432
> m:613-282-8647
> web:connectid.blogspot.com
> [image: ConnectID] <http://feeds.feedburner.com/%7Er/blogspot/gMwy/%7E6/1>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>


-- 
--Breno

+1 (650) 214-1007 desk
+1 (408) 212-0135 (Grand Central)
MTV-41-3 : 383-A
PST (GMT-8) / PDT(GMT-7)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090320/446b1976/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 21486 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090320/446b1976/attachment-0004.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 21486 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090320/446b1976/attachment-0005.gif>

More information about the general mailing list