Snorri: <div><br> </div><div>Could you kindly point me to the source of the <span class="Apple-style-span" style="color: rgb(31, 73, 125); font-size: 15px; ">+40% (French study) internet user close?</span></div><div><br> </div>
<div>If any other people has similar kind of statistics, it is very helpful for the community to share. </div><div><br> </div><div>This is a very powerful tool to persuade the potential RPs. If we can show that OpenID will improve the conversion rate, they will start pouring money on it. </div>
<div><br> </div><div>Nat <br><br><div><span class="gmail_quote">2008/3/21, Snorri <<a href="mailto:snorri@snorri.eu">snorri@snorri.eu</a>>:</span><blockquote class="gmail_quote" style="margin:0;margin-left:0.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="white" lang="FR" link="blue" vlink="purple">
<div>
<p><span lang="EN-US" style="font-size:11.0pt;color:#1F497D">The best would be to resume the "benefits for the RPs" in 10/12 short
points with a Marketing/Business language but "neutral" = no subjective</span></p>
<p style="text-indent:-18.0pt"><span lang="EN-US" style="font-size:11.0pt;font-family:Wingdings;color:#1F497D"><span>ð<span> </span></span></span><span lang="EN-US" style="font-size:11.0pt;color:#1F497D"><a href="http://www.openideurope.eu/openid/relying-party/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.openideurope.eu/openid/relying-party/</a>
</span></p>
<p><span lang="EN-US" style="font-size:11.0pt;color:#1F497D"> </span></p>
<p><span lang="EN-US" style="font-size:11.0pt;color:#1F497D">I would like to add:</span></p>
<p><span lang="EN-US" style="font-size:11.0pt;color:#1F497D">- The possibility of having databases always updated (depends on
the implementation) with the last information of end users, e.g.: My last address
if I move</span></p>
<p><span lang="EN-US" style="font-size:11.0pt;color:#1F497D">- Reduce deaths user accounts; Often users test only once a site
but with his OP… he can remember that he had already an Return to this site</span></p>
<p><span lang="EN-US" style="font-size:11.0pt;color:#1F497D">- +40% (French study) internet user close a site because there
are a form, OpenID can increase the rate of transformation of a prospect to become
a customer</span></p>
<p><span lang="EN-US" style="font-size:11.0pt;color:#1F497D"> </span></p>
<p><span lang="EN-US" style="font-size:11.0pt;color:#1F497D">Thoughts? (improve my words :)</span></p>
<p><span lang="EN-US" style="font-size:11.0pt;color:#1F497D"> </span></p>
<p><span lang="EN-US" style="font-size:11.0pt;color:#1F497D">Thank for your participation</span></p>
<p><span lang="EN-US" style="font-size:11.0pt;color:#1F497D"> </span></p>
<p><span lang="EN-US" style="font-size:11.0pt;color:#1F497D">-Snorri</span></p>
<p><span lang="EN-US" style="font-size:11.0pt;color:#1F497D"> </span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p><b><span style="font-size:10.0pt;color:windowtext">De :</span></b><span style="font-size:10.0pt;color:windowtext"> <a href="mailto:general-bounces@openid.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">general-bounces@openid.net</a>
[mailto:<a href="mailto:general-bounces@openid.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">general-bounces@openid.net</a>] <b>De la part de</b> Eddy Nigg (StartCom
Ltd.)<br>
<b>Envoyé :</b> jeudi 20 mars 2008 18:20<br>
<b>À :</b> Peter Williams<br>
<b>Cc :</b> <a href="mailto:general@openid.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">general@openid.net</a><br>
<b>Objet :</b> Re: [OpenID] Thinking About OpenID.com</span></p>
</div>
</div><div><span class="e" id="q_118cd804cbd4039a_1">
<p> </p>
<p style="margin-bottom:12.0pt">+1</p>
<div>
<p>-- </p>
<table border="0" cellspacing="0" cellpadding="0">
<tbody><tr>
<td colspan="2" style="padding:0cm 0cm 0cm 0cm">
<p>Regards </p>
</td>
</tr>
<tr>
<td colspan="2" style="padding:0cm 0cm 0cm 0cm">
<p> </p>
</td>
</tr>
<tr>
<td style="padding:0cm 0cm 0cm 0cm">
<p>Signer: </p>
</td>
<td style="padding:0cm 0cm 0cm 0cm">
<p>Eddy Nigg, <a href="http://www.startcom.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">StartCom Ltd.</a></p>
</td>
</tr>
<tr>
<td style="padding:0cm 0cm 0cm 0cm">
<p>Jabber: </p>
</td>
<td style="padding:0cm 0cm 0cm 0cm">
<p><a>startcom@startcom.org</a></p>
</td>
</tr>
<tr>
<td style="padding:0cm 0cm 0cm 0cm">
<p>Blog: </p>
</td>
<td style="padding:0cm 0cm 0cm 0cm">
<p><a href="http://blog.startcom.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">Join the Revolution!</a></p>
</td>
</tr>
<tr>
<td style="padding:0cm 0cm 0cm 0cm">
<p>Phone: </p>
</td>
<td style="padding:0cm 0cm 0cm 0cm">
<p>+1.213.341.0390</p>
</td>
</tr>
<tr>
<td colspan="2" style="padding:0cm 0cm 0cm 0cm">
<p> </p>
</td>
</tr>
</tbody></table>
</div>
<p><br>
<br>
Peter Williams: </p>
<div>
<p><span style="font-size:10.0pt">Point
6 is very subjective, judged using the following (subjective) criteria.</span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<p><span style="font-size:10.0pt">10+
years of evidence has shown that consumers are unwilling or unable to handle
self-signed cert root key download events, being unable or unwilling to
evaluate the trust providers who assurance underpin the delivery of SSL
security services. This is likely to extend to the world of https openids, a
type of openid that our trade association is apparently promoting as a
"best practice" (a material, legal event, note). Its not clear that
consumer will be suddenly be able to now determine which providers are capable
of providing anti-phishing protection.</span></p>
</div>
</blockquote>
<div>
<p><span style="font-size:10.0pt">Point
7 is perhaps ill advised as a basic rationale for openid adoption by RPs.</span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<p><span style="font-size:10.0pt">Relying
parties are inevitably liable for the circumstances of their act of
reliance on any (security) assertion made by a third party, says this
non-lawyer. Having admitted an openid to be used to impersonate a subscribed
user, and upon relying upon a UCI-grade OP's assertion, the RP will surely
continue to have the full panoply of legal obligations.<br>
<br>
Assume for example, that the RP (e.g. "plaxo") is operating in
the state of California. Assume also that the RP has account linked one or more
of a CONSUMER's openids to a single "plaxo" for-fee account (that is
subscribed to be in good standing), where we note that "plaxo"
is in the normal, _dominant_ business-to-consumer legal relationship
with the subscriber, as assessed under CA criteria. Assume now that the OP
involved in the account linking is just 1 of several UCI-grade OPs bound by
"plaxo" - upon one or more constructive acts of reliance involving
cert messages and openid auth messages - to this and other
subscriber accounts. Assume furthermore that "plaxo" is relying upon
one or more OPs with whom it has no agreements governing the act of reliance.
Lets assert now that it is now common public knowledge that a given OP has
engaged in an improper act, leading to the situation that there is a "high
level of risk" that Personal data of a "plaxo" subscriber
has been compromised. We could ask Plaxo's general counsel to volunteer legal advice
on a hypothetical: would s/he now feel legally obligated under CA law to
issue n written letters by US post to all "affected" _subscribers_,
warning them of the generalized exposure? If so, how would one enumerate those
who are "affected" in the case of UCI-grade openid?</span></p>
</div>
<div>
<p> </p>
</div>
</blockquote>
<div>
<p> </p>
</div>
<div>
<p> </p>
</div>
<div>
<div align="center" style="text-align:center">
<hr size="2" width="100%" align="center">
</div>
</div>
<div>
<p style="margin-bottom:12.0pt"><b><span style="font-size:10.0pt">From:</span></b><span style="font-size:10.0pt"> Chris Drake<br>
<b>Sent:</b> Thu 3/20/2008 3:34 AM<br>
<b>To:</b> Brendon J. Wilson<br>
<b>Cc:</b> <a href="mailto:general@openid.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">general@openid.net</a><br>
<b>Subject:</b> Re: [OpenID] Thinking About OpenID.com</span></p>
</div>
<div><pre>Hi Brendon,</pre><pre> </pre><pre>Some more suggestions...</pre><pre> </pre><pre>6) Security - when folks have their fave provider, they're less</pre><pre> vulnerable to phishing and password hijacking in other forms, not</pre>
<pre> to mention, the providers job is to improve in this area too,</pre><pre> freeing up the RP to ignore this stuff.</pre><pre> </pre><pre>7) Legal responsibilities - probably not one that Providers are happy</pre><pre>
with, but, it's not the RPs fault if a customer account is</pre><pre> plundered because of fault with the login system - freeing up the</pre><pre> RP from the legal liability/responsibility of that issue (eg: the</pre>
<pre> customer would sue the Provider, not the RP)</pre><pre> </pre><pre> Liability is probably different depending on the TOS involved, and</pre><pre> the country of the customer and provider (and maybe RP) - some</pre>
<pre> jurisdictions have laws that forbid the disclaiming of various kinds</pre><pre> of liabilities.</pre><pre> </pre><pre>Kind Regards,</pre><pre>Chris Drake</pre><pre> </pre><pre> </pre><pre>Thursday, March 20, 2008, 2:53:18 AM, you wrote:</pre>
<pre> </pre><pre>BJW> +1 Snorri's comment.</pre><pre> </pre><pre>BJW> I've been looking at OpenID for a client, and as I survey the OpenID</pre><pre>BJW> landscape it's become apparent very quickly that there's lots of</pre>
<pre>BJW> identity providers, but not a lot of relying parties. Any of the big</pre><pre>BJW> players seem to be staying out of that space, with the exception of</pre><pre>BJW> the blog platforms and open source CMS systems. Examples: AOL - only</pre>
<pre>BJW> Propeller seems to have OpenID as a login option. Yahoo! - haven't</pre><pre>BJW> found an OpenID login yet. All of the focus right now seems to be on</pre><pre>BJW> getting people to get an OpenID.</pre>
<pre> </pre><pre>BJW> I think any discussion of how to evangelize OpenID to the general</pre><pre>BJW> public also requires the foundation to clearly articulate the value of</pre><pre>BJW> being a relying party, otherwise we risk stalled growth when users</pre>
<pre>BJW> finally decide to get an OpenID, but have nowhere to use it. JanRain</pre><pre>BJW> claims 8,000 relying parties, but I've seen little justification for</pre><pre>BJW> that number; OpenIDDirectory.com lists about 530 or so OpenID-related</pre>
<pre>BJW> sites, and 60 or so of them are identity providers. Demonstrating</pre><pre>BJW> value to potential relaying parties also requires showing, in no</pre><pre>BJW> uncertain terms, just how many people already use it.</pre>
<pre> </pre><pre>BJW> I'd like to propose the following strawman benefits of being a relying</pre><pre>BJW> party for the group to eviscerate (warning: businesspeak ahead):</pre><pre> </pre><pre>BJW> 1) Expedited customer acquisition: OpenID allows user to quickly and</pre>
<pre>BJW> easily complete the account creation process by eliminating entry of</pre><pre>BJW> commonly requested fields (email address, sex, birthdate), thus </pre><pre>BJW> reducing the friction to adopt a new service.</pre>
<pre> </pre><pre>BJW> 2) Reduced user account management costs: The primary cost for most IT</pre><pre>BJW> organizations is resetting forgotten authentication credentials. By</pre><pre>BJW> reducing the number of credentials, a user is less likely to forget</pre>
<pre>BJW> their credentials. By outsourcing the authentication process to a</pre><pre>BJW> third-party, the relying party can avoid those costs entirely.</pre><pre> </pre><pre>BJW> 3) "Thought leadership": There is an inherent marketing value for an</pre>
<pre>BJW> organization to associate itself activities that promote it as a</pre><pre>BJW> thought leader. It provides an organization with the means to </pre><pre>BJW> distinguish itself from its competitors. This is your chance to </pre>
<pre>BJW> outpace your competitors.</pre><pre> </pre><pre>BJW> 4) Your competitors are already doing it: Whoops! So you missed out on</pre><pre>BJW> number 4, so you have to do it, otherwise you're falling behind the</pre>
<pre>BJW> times. Ketchup!</pre><pre> </pre><pre>BJW> 5) Simplified user experience: Logical follow on from 1 & 2. However,</pre><pre>BJW> it's at the end of the list because that's not the business priority.</pre>
<pre>BJW> The business priority is the benefit that results from a simplified</pre><pre>BJW> user experience, not the simplified user experience itself.</pre><pre> </pre><pre>BJW> Thoughts?</pre><pre> </pre><pre>
BJW> Brendon</pre><pre>BJW> ---</pre><pre>BJW> Brendon J. Wilson</pre><pre>BJW> <a href="http://www.brendonwilson.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">www.brendonwilson.com</a></pre>
<pre>BJW> _______________________________________________</pre><pre>BJW> general mailing list</pre><pre>BJW> <a href="mailto:general@openid.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">general@openid.net</a></pre>
<pre>BJW> <a href="http://openid.net/mailman/listinfo/general" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://openid.net/mailman/listinfo/general</a></pre><pre> </pre><pre> </pre><pre> </pre>
<pre>_______________________________________________</pre><pre>general mailing list</pre><pre><a href="mailto:general@openid.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">general@openid.net</a></pre>
<pre><a href="http://openid.net/mailman/listinfo/general" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://openid.net/mailman/listinfo/general</a></pre><pre> </pre></div>
<pre> </pre><pre style="text-align:center"><hr size="4" width="90%" align="center">
</pre><pre> </pre><pre>_______________________________________________</pre><pre>general mailing list</pre><pre><a href="mailto:general@openid.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">general@openid.net</a></pre>
<pre><a href="http://openid.net/mailman/listinfo/general" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://openid.net/mailman/listinfo/general</a></pre><pre> </pre>
<p> </p>
</span></div></div>
</div>
<br>_______________________________________________<br>
general mailing list<br>
<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:general@openid.net">general@openid.net</a><br>
<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>Nat Sakimura (=nat)<br><a href="http://www.sakimura.org/en/">http://www.sakimura.org/en/</a>
</div>