[OpenID] OpenID User Interface Working Group

Mon Mar 23 01:08:21 UTC 2009

On 03/23/2009 02:53 AM, Allen Tom:
> Eddy Nigg (StartCom Ltd.) wrote:
>>
>> Your assumptions that users will notice the difference between a 
>> window with and without address bar are basically wrong. A small 
>> research would tell you that most users will enter their details anyway.
>>
> Does the popup make things worse for users who don't pay attention to 
> the address bar or to any visual indicators?

Most likely it makes it even more difficult and a bit more likely that 
they won't pay attention. Some study and research would be in place 
perhaps (proposal for the WG?)

>> Which leads us again to the issue of user/pass pairs and their 
>> usefulness 
> OpenID does not specify how the user authenticates with their OP, so 
> OPs are free to deploy authentication methods other than passwords.

Sure. We know that (for the better and worse) :-)

> As far as I can tell, all phishing sites currently use a full browser 
> window, so I'm not sure how the full browser window is more resistant 
> to phishing compared to a popup.
>

Neither am I...it's a wild guess I'm having. I suggest to find out about 
it in the WG through a proper study. It even could benefit OpenID at 
large if the research would be a bit extended...

Regards
Signer: 	Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Phone: 	+1.213.341.0390

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090323/2fe63027/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6724 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090323/2fe63027/attachment-0002.bin>