[OpenID] Fwd: [OpenID Foundation] New Poll Opened

Paul Madsen paulmadsen at rogers.com
Fri Mar 20 19:07:09 UTC 2009 

Thanks Breno, the point I was trying to make was that, as I read it, the 
WG proposed scope allows for

a) how the OP will advertise support for pop-up UI
b) how the RP sends the hint as to language

But not the other 'corners', i.e that also in scope is how the RP sends 
the UI hint or how the OP advertises support for different languages

It just seems asymmetrical.

paul

Breno de Medeiros wrote:
>
>
> On Fri, Mar 20, 2009 at 11:14 AM, Paul Madsen <paulmadsen at rogers.com 
> <mailto:paulmadsen at rogers.com>> wrote:
>
>     Thanks Allen, could you clarify something for me please? You
>     describe the two aspects of the extension (language and pop-up)
>     both as hints from the RP to the OP - these guiding the OP in
>     building UI for the user.
>
>     But the scope section of the WG proposal indicates that it is the
>     OP that indicates to the RP its support for a pop-up UI, rather
>     than the RP hinting/requesting that the OP build such a UI .....
>
>
> As in other OpenID extensions, the OP indicates in its discovery 
> document support for these features. RPs automatically discovery that 
> the features are available and take advantage of them by sending hints 
> to the OP in requests.
>
> The RP needs to know in advance that the OP supports popup UIs 
> otherwise sending the request in a popup may result in suboptimal 
> experience because the rendered UI is oversized.
>
>  
>
>
>
>     Am I missing something?
>
>     paul
>
>     Allen Tom wrote:
>>     Hi Paul,
>>
>>     What the OP decides to display within the Popup is out of scope,
>>     consistent with how the content the OP displays in the current
>>     redirect UI is out of scope. The OpenID spec does not define the
>>     method used to authenticate the user, so some OPs may use
>>     username/password, and others might use other authentication
>>     techniques. As Breno mentioned earlier, the popup is really not
>>     much different than the existing UI, except that it's in a popup.
>>
>>     I believe that that it is very prudent for OPs to educate their
>>     users about phishing and security in general, and the text
>>     currently on MySpace's homepage is a good example.
>>
>>     The language hint and the popup UI are related in that they are
>>     both UI attributes passed by the RP to the OP so that the OP can
>>     display an authentication UI that is optimized for the RP's user
>>     experience. We intend that the resulting UI Extension will allow
>>     the language preference and popup to be implemented independently
>>     of each other. We expect that OPs can advertise support for
>>     either language preference, popup, or both via discovery.
>>
>>     Thanks
>>     Allen
>>
>>
>>
>>
>>     Paul Madsen wrote:
>>>     Allen, would not the fact that the content of the pop-up is
>>>     specifically declared out of scope in the WG proposal preclude
>>>     guiding the OP to  provide such warnings or, for instance,
>>>     display a sign-in seal, in the pop-up ?
>>>
>>>     Separately, a language hint from the RP is clearly orthogonal to
>>>     the question of pop-up/full window. Are there implications for
>>>     them to be conflated into a single extension, e.g. for metadata
>>>     advertisement of extension support?
>>>
>>>     paul
>>>
>>>     Allen Tom wrote:
>>>>     The popup window will be REQUIRED to display the address bar.
>>>>     OPs will be strongly encouraged to educate their users to
>>>>     always pay attention to the URL of the address bar before
>>>>     entering their credentials.
>>>>
>>>>     In particular, I think MySpace does an excellent job on their
>>>>     home page:
>>>>
>>>>
>>>>           Always make sure you're visiting the real myspace.com
>>>>           <http://myspace.com>!
>>>>
>>>>        1. Check the URL in your browser.
>>>>        2. Make sure it begins with http://www.myspace.com/
>>>>        3. If ANY OTHER PAGE asks for your info, DON'T LOG IN!
>>>>
>>>>     Allen
>>>>
>>>>
>>>>     SitG Admin wrote:
>>>>>>     Phishing still is a major concern, however, we do not think
>>>>>>     that the popup window significantly changes the phishing
>>>>>>     scenarios compared to the existing full browser window UIs
>>>>>>     today.
>>>>>
>>>>>     Are you speaking of full-size windows, here, or windows that
>>>>>     have an address bar in them? Pop-up windows that are missing
>>>>>     this indication of what site the user is at may reduce
>>>>>     confusion by eliminating distractions, but they also take away
>>>>>     from the user's awareness of what's going on.
>>>>>
>>>>>     -Shade
>>>>
>>>>     ------------------------------------------------------------------------
>>>>
>>>>     _______________________________________________
>>>>     general mailing list
>>>>     general at openid.net <mailto:general at openid.net>
>>>>     http://openid.net/mailman/listinfo/general
>>>>       
>>>>     ------------------------------------------------------------------------
>>>>
>>>>     No virus found in this incoming message.
>>>>     Checked by AVG. 
>>>>     Version: 7.5.557 / Virus Database: 270.11.19/2011 - Release Date: 19/03/2009 7:05 AM
>>>>       
>>>
>>>     -- 
>>>     Paul Madsen
>>>     e:paulmadsen @ ntt-at.com <http://ntt-at.com>
>>>     p:613-482-0432
>>>     m:613-282-8647
>>>     web:connectid.blogspot.com <http://connectid.blogspot.com>
>>>     ConnectID <http://feeds.feedburner.com/%7Er/blogspot/gMwy/%7E6/1>
>>
>>     ------------------------------------------------------------------------
>>
>>     No virus found in this incoming message.
>>     Checked by AVG. 
>>     Version: 7.5.557 / Virus Database: 270.11.21/2014 - Release Date: 20/03/2009 6:59 AM
>>       
>
>     -- 
>     Paul Madsen
>     e:paulmadsen @ ntt-at.com <http://ntt-at.com>
>     p:613-482-0432
>     m:613-282-8647
>     web:connectid.blogspot.com <http://connectid.blogspot.com>
>     ConnectID <http://feeds.feedburner.com/%7Er/blogspot/gMwy/%7E6/1>
>
>     _______________________________________________
>     general mailing list
>     general at openid.net <mailto:general at openid.net>
>     http://openid.net/mailman/listinfo/general
>
>
>
>
> -- 
> --Breno
>
> +1 (650) 214-1007 desk
> +1 (408) 212-0135 (Grand Central)
> MTV-41-3 : 383-A
> PST (GMT-8) / PDT(GMT-7)
> ------------------------------------------------------------------------
>
> No virus found in this incoming message.
> Checked by AVG. 
> Version: 7.5.557 / Virus Database: 270.11.21/2014 - Release Date: 20/03/2009 6:59 AM
>   

-- 
Paul Madsen
e:paulmadsen @ ntt-at.com
p:613-482-0432
m:613-282-8647
web:connectid.blogspot.com
ConnectID <http://feeds.feedburner.com/%7Er/blogspot/gMwy/%7E6/1>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090320/b4ab2509/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 21486 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090320/b4ab2509/attachment-0006.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 21486 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090320/b4ab2509/attachment-0007.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gMwy.1.gif
Type: image/gif
Size: 21486 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090320/b4ab2509/attachment-0008.gif>

More information about the general mailing list