[OpenID] Feedback requested: New OpenID RP login UX prototype

Sun Nov 1 14:18:13 UTC 2009

The mechanisms for parallel account linking are all there (as advertised).
They work in practice with infocard (I only tested the personal card
variety.)

I used a personal infocard to signin. One "token" is displayed on profile
page. Presumably, this is the representation of the old SAML1 token
communicated to the RP in original infocard signaling design.

On the profile page, bound a second infocard to the RP account using the
infocard button on the PROFILE page. Second "token" is added to list of
tokens. This showcases the desired parallel account linking.

Since there is an infocard button (which invokes the card selector assigned
to the per-USER profile page), I was wondering why there would NOT be a
openid selector button. You see now how I got to asking: why not a similar
openid selector?

Anyways, there is no such selector. But, in compensation, I entered
yahoo.com in the openid text  box playing its role, which seems to test for
metadata availability before presenting a login button. This seems to be
some kind of composite, server-side user control. Presumably, in the era of
host-meta, this control's initializer would do the google-dance to ensure an
app-domain has cloud endpoints that the RP trusts to speak for that domain.
Errors in handling that trust or having user compensate for such issues
would be handled within in this control's UI.

So I then used the login button on the openid user control, which induced
yahoo to present content in a signin frame (where the yahoo site appeared to
detect interoperability issues on the url passing over control [see below],
and which appeared to present a yahoo-originated error report). A trial with
myopenid produced similar interoperability failure results (it hangs on the
myopenid site, apparently).

The logout button seems tied to the attempted interworking with yahoo. This
seems to imply you may have a mental model that the "last" openid/card bound
to the account (even from a profile management page) will be the one that
binds to the logout button of the entire site. This begs the question Nate
is famous for posing: is the users mental model of logout on any given IDP
site consistent with actual state. 

https://open.login.yahooapis.com/openid/op/auth?openid.claimed_id=http%3A%2F
%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A
%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.assoc_handle=
IKXoaIrmjUUWMyiC1hzVBt8gQCcGvaDi8.7GXaLI9azVaqB3HAIj19Rudo_o867PIEpkR3QQpYZy
Tp1pLJ1ksLUHETO724R57Rrx5i47FBkqbqKBpUVu9wEGSqEq2FDVL3w0Kg--&openid.return_t
o=http%3A%2F%2Fopenidux.dotnetopenauth.net%2FMembers%2FAccountInfo.aspx%3Fdn
oa.uipopup%3D1%26dnoa.popupUISupported%3D1%26dnoa.UsePersistentCookie%3DSess
ion%26dnoa.receiver%3Dctl00_Body_openIdBox%26index%3D0%26dnoa.userSuppliedId
entifier%3Dyahoo.com%26dnoa.op_endpoint%3Dhttps%253A%252F%252Fopen.login.yah
ooapis.com%252Fopenid%252Fop%252Fauth%26dnoa.claimed_id%3D&openid.realm=http
%3A%2F%2Fopenidux.dotnetopenauth.net%2F&openid.mode=checkid_setup&openid.ns=
http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.alias3=http%3A%2F%2Fspe
cs.openid.net%2Fextensions%2Fui%2F1.0&openid.alias3.lang=en-US&openid.alias3
.mode=popup

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20091101/5b35ecee/attachment.htm>