HI Martin,<br><br>I read your blog post this morning, and I thought it
was thoughtful and to the point. You have obviously taken time out to
fully understand what <span><span class="nfakPe">Clickpass</span></span> does before posting and thats much appreciated. Your two paragraph was probably more succinct then anything we have written.<br>
<br>To put this into context, we started <span><span class="nfakPe">Clickpass</span></span>
in June (before OpenID 2.0), and with the main purpose of making OpenID
a more user friendly experience, while keeping within the standard as
much as possible. So to answer your concerns:<div class="Ih2E3d"><div><br>
<br><blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote">* I strongly encourage you to implement OpenID 2.0 and use directed<br>
identity to implement your login button. This will make it easier for<br>
sites to accept your users without entering an explicit partnership with<br>
you.</blockquote></div><br></div><div class="Ih2E3d">We
started before OpenID 2.0 was launched, also we weren't sure how fast
it would get adopted and there are definitely some frameworks where
the libraries are still not in place. Having said that I am really keen
to implement <span><span class="nfakPe">Clickpass</span></span> as an OpenID 2.0 provider and its at the top of my priority list, hopefully we will have something out soon.</div><div><br><div class="Ih2E3d">
<br><blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote">
* You could do with some minimal instructions at your site telling<br>
your users how to deal with login forms that are not specifically<br>
<span><span><span class="nfakPe">Clickpass</span></span></span>-enabled. Unless you're planning to parter with every RP under<br>
the sun, your users are going to encounter this eventually.</blockquote></div></div><br><div class="Ih2E3d">One of the aims with <span><span class="nfakPe">Clickpass</span></span>
was to try to get normal people to use OpenID without them needing to
understand how it works. I think once we enable OpenID 2.0 we will
definitely add more user education on how it can be used at other RPs,
so point taken. <br>
<br>The last thing to say about the <span><span class="nfakPe">Clickpass</span></span>
button is that the idea was very much to allow people to use whatever
OpenID they want to use with it, or let us manage there various OpenIDs
at sites. We have had a lot of people tell us that its a good solution,
and we have shown it a lot of people, even people who don't know OpenID
and they have been very happy with the experience.<br>
<br></div>You are correct to separate the enrollment UI as completely separate to the <span><span class="nfakPe">Clickpass</span></span> button. (I am grouping SREG here).<div class="Ih2E3d"><br><br>Firstly
I completely agree, our solution is not ideal. Ideally I would prefer
to not ask user for their passwords to third party services and ideally
I would like to use SREG. And We are working on coming up solutions to
this. But firstly why we did it this way:<br>
<br></div>Most significant RPs have existing user accounts, even new ones
that role out will most likely keep username/password systems in place,
but what we found was that RPs dont deal with merging and signing up
well at all. This puts off people trying OpenID. If you try out how
Plaxo or Magnolia (two of the better implemented versions) do it and
imagine going through that procedure without knowing in-depth what
OpenID is you will see our point.<br>
<br>- This led us to make the merge screen. Again ideally we would like
to not be asking for usernames/passwords for third parties, but this
was the quickest and simplest way of doing it, most users are already trained by
facebook and other services so we didn't think we would be making a big
dent in that process. I think we can probably come up with a better
solution in the future using OAuth.<div class="Ih2E3d"><br>
<br>- On SREG. I am actually looking at a way of doing signup using
SREG for Plaxo. The reason we avoided it, was that it didn't quite make
sense to ask the user to send that information until we actually know
they want to signup for the service and the way SREG was working on
other providers was confusing to users. Will let you know when we have
a better solution for this.<br><br>
<br></div>I think we can do better at explaining some of these
decisions on
our website, and we will be launching a blog today to help. I hope we
can continue to adapt and come up with more satisfying ways of
achieving ease of use. I would
love to hear more feedback from you and what other ideas you might
have. <br><br>Thanks,<br><font color="#888888"><font color="#888888">
<br>Immad</font></font><br><br><div class="gmail_quote">On Fri, Mar 14, 2008 at 1:55 AM, Martin Atkins <<a href="mailto:mart@degeneration.co.uk">mart@degeneration.co.uk</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">Immad Akhund wrote:<br>
> Hi,<br>
><br>
> I am Immad, CTO of Clickpass. We just launched today, and I would love<br>
> to get feedback from you guys. I am sure many of you would have already<br>
> seen it, but if you haven't this is Clickpas;<br>
><br>
> <a href="http://www.clickpass.com" target="_blank">http://www.clickpass.com</a> (tc:<br>
> <a href="http://www.techcrunch.com/2008/03/11/clickpass-could-change-the-way-you-surf-the-web/" target="_blank">http://www.techcrunch.com/2008/03/11/clickpass-could-change-the-way-you-surf-the-web/</a>)<br>
><br>
<br>
</div>Hi Immad,<br>
<br>
I actually spent some time looking at Clickpass yesterday, though I<br>
hadn't yet seen this thread so instead I posted what I think in<br>
retrospect is an overly-emotional blog entry[1].<br>
<br>
I'll restate some of my main concerns here more succinctly.<br>
<br>
As far as I can tell, you actually have two basically-separate products:<br>
an OpenID 1.1 provider, and some reusable enrollment UI.<br>
<br>
Regarding the OpenID Provider:<br>
<br>
* I strongly encourage you to implement OpenID 2.0 and use directed<br>
identity to implement your login button. This will make it easier for<br>
sites to accept your users without entering an explicit partnership with<br>
you.<br>
<br>
* I also encourage you to implement the Simple Registration Extension<br>
so that sites do not have to create a special-case endpoint in order to<br>
give your users a good enrollment experience. Many sites already have<br>
the machinery in place to support SREG; you can, of course, still<br>
support your proprietary registration protocol for sites that do not<br>
implement SREG.<br>
<br>
* You could do with some minimal instructions at your site telling<br>
your users how to deal with login forms that are not specifically<br>
Clickpass-enabled. Unless you're planning to parter with every RP under<br>
the sun, your users are going to encounter this eventually.<br>
<br>
Regarding the enrollment UI:<br>
<br>
* PLEASE find a way to do the account linking thing that doesn't<br>
involve asking users to enter their RP credentials on *your* domain.<br>
<br>
[1] <a href="http://www.apparently.me.uk/13547.html" target="_blank">http://www.apparently.me.uk/13547.html</a><br>
<div><div></div><div class="Wj3C7c"><br>
<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Cell: +1 617 460 7271<br>Skype: i.akhund<br>Blog: <a href="http://immadsnewworld.com">http://immadsnewworld.com</a><br><br>Clickpass, CTO