[OpenID] Account Chooser working group charter submission

Mon Aug 29 17:47:16 UTC 2011

At the last few Internet Identity
Workshops<http://www.internetidentityworkshop.com/>there have been
discussions about building a “cloud based” identity
selector.  The idea has been to mix the user experience advantages of
Information Cards, the popularity of consumer identity providers, and still
support large numbers of identity providers as InCommon has done.  The end
result is a user experience that is being called an “Account
Chooser<http://accountchooser.com/>
.”

A charter for a new account chooser working
group<https://sites.google.com/site/oauthgoog/workinggroupcharter>was
submitted today for review by the specs council.  We plan to discuss
it
in more detail at the upcoming September 12/13 OpenID
Summit<http://openid.net/oidf-summits/>hosted by Microsoft in Mountain
View, CA.

The end goal of this account chooser technique is to make the sign-in
process as simple as a user clicking their picture from a list of accounts
they frequently use on a website.

[image: greenAC.png]

For example, Bonnie is on her mobile phone and wants to login to a website.
 She is shown a list of accounts including her personal account, her work
account, and an entry for her husband who sometimes borrows her phone.  She
simply clicks the account she wants to use.

If she had a new phone, or computer, she would need to add those accounts to
the device, so she would see a screen like the one below where she could
click her identity provider if it was listed.  If not, she can simply type
her email address.  If there is a known identity provider for that email
address, she will be redirected to it, otherwise she will be asked for her
password on this site.

[image: greenadd.png]

In preparation for the upcoming OpenID
Summit<http://openid.net/oidf-summits/>we have started to build the
accountchooser.com website with an overview of this user experience, as well
as an initial implementor’s guide.  A new mailing list will be created by
this working group for further discussion once the spec council gives their
approval.

There are a few websites where you can currently experiment with an account
chooser:

   - Google now provides the option to opt-in to using an account
chooser<https://sites.google.com/site/gitooldocs/experiment---account-chooser>instead
of Google’s traditional email/password based login box
   - There is also a test site <https://account-chooser.appspot.com/> which
   lets you manually reconfigure your account after you login
   - A sample e-commerce site <http://openidsamplestore.com/basic/> is also
   available that uses an account chooser (though it is under construction this
   week, so it may be unstable)

There are multiple ways to deploy an account chooser. The quickest option is
generally to use a SaaS vendor who provides an account chooser as well as
integration with popular identity providers. Current SaaS vendors in this
category include the Google Identity
Toolkit<http://code.google.com/apis/identitytoolkit/>and Janrain
Login Helper <http://www.janrain.com/products/login-helper>.  Another option
is to use a JavaScript widget that implements an account chooser, but then
operate your own server side logic to integrate with identity providers. It
is possible to use the Google Identity
Toolkit<http://code.google.com/apis/identitytoolkit/>in this mode, and
other vendors may provide similar widgets in the future.

-- 
Eric Sachs | Senior Product Manager | esachs at google.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20110829/180b44f2/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: greenadd.png
Type: image/png
Size: 31455 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20110829/180b44f2/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: greenAC.png
Type: image/png
Size: 33027 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20110829/180b44f2/attachment-0003.png>