<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<font face="Helvetica, Arial, sans-serif">In your testing, was the
"Email address or OpenID domain" form element labeled with the
openid_url name so that plugins like sxipper or seatbelt would detect
it as an field for an OpenID? Seems like naming it this way would break
the legacy browser form fill...<br>
<br>
Also, an the "validated E-mail" address... would it be worth exploring
a way for an OP to have a 3rd-party (the email provider) verified
attribute that the user can submit via AX? This way the user can use
whatever OP they want and just store with the OP the 3rd party verified
attribute. The RP can verify the attribute (via PKI) or some other
method without having to force the user through the password
verification process. This would require the user to go through some
process at least once to get the verified attribute into their OP.
That doesn't really exist yet, but is it something to work towards?<br>
<br>
Thanks,<br>
George<br>
</font><br>
Eric Sachs wrote:
<blockquote cite="mid:c4161f510809231445y414e150ejed04bfb27aa496f4@mail.gmail.com" type="cite">
<div dir="ltr">Technically the UI we described in our research
document can accept a lot of different identifiers. E-mail might be
the common one, but I also mentioned how an advanced user might enter
an OpenID domain using directed identity. However the RP could allow a
vanity URL to be typed in as well which would avoid the need for a
browser plugin. The harder part is how to enable the user to know that
option exists. I mentioned that the phrase "<span class="Apple-style-span" style="border-collapse: collapse; font-family: Helvetica;">Enter your
E-mail address or OpenID domain" appears to avoid confusing average
users. Unfortunately when the OpenID logo was included or the word
domain was replaced by URL, then average users did get confused.</span>
<div><span class="Apple-style-span" style="border-collapse: collapse; font-family: Helvetica;"><br>
</span></div>
<div><span class="Apple-style-span" style="border-collapse: collapse; font-family: Helvetica;">If an RP
accepts OpenID domains for directed identity, then I can't think of a
reason they would not also always accept vanity OpenID URLs. So maybe
we should not worry about training really advanced users to know this
option exists. Maybe it would be enough to just make sure there are
common open source implementations of this UI style which have this
feature built in.</span></div>
<div><span class="Apple-style-span" style="border-collapse: collapse; font-family: Helvetica;"><br>
</span></div>
<div><span class="Apple-style-span" style="border-collapse: collapse; font-family: Helvetica;">Of course,
this still leaves the problem of an RP who wants to require a validated
E-mail address for a user. But I think that is an orthogonal issue.<br>
</span>
<div><br>
<br>
<div class="gmail_quote">On Tue, Sep 23, 2008 at 2:31 PM, SitG Admin <span dir="ltr"><<a moz-do-not-send="true" href="mailto:sysadmin@shadowsinthegarden.com">sysadmin@shadowsinthegarden.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">>> Would it be possible to send the
browser a user-side script that<br>
>> would accept their E-mail address (with the standard field
name, to<br>
>> enable autofill) and attempt to reformat it into an OpenID,
possibly<br>
>> with a popup to show them the transformation and explain that
they<br>
>> should enter this URL in future?<br>
><br>
>The user-specific URL may be machine-generated and non-mnemonic. It
is<br>
>at least usually longer than the domain, and I think users always<br>
>prefer to type less in login boxes. I assume you mean we should
train<br>
>them to enter a reference to the IDP.<br>
<br>
</div>
No, though this might be better where Directed Identity is in use. I<br>
prefer "real" ("vanity", as max engel called them) URI's, however, so<br>
I visualize users entering, for example;<br>
<a moz-do-not-send="true" href="mailto:max_engel@yahoo.com">max_engel@yahoo.com</a><br>
And then the user-side script pops up an alert when they try to log<br>
in, showing "max_engel" in green, "@" in red, and "<a moz-do-not-send="true" href="http://yahoo.com" target="_blank">yahoo.com</a>"
in<br>
blue; and proposing a transformation into this format instead:<br>
<a moz-do-not-send="true" href="http://profiles.yahoo.com/max_engel" target="_blank">http://profiles.yahoo.com/max_engel</a><br>
Where the red "@" has been removed, the green and blue are the same,<br>
and everything else is black.<br>
<div>
<div class="Wj3C7c"><br>
-Shade<br>
_______________________________________________<br>
general mailing list<br>
<a moz-do-not-send="true" href="mailto:general@openid.net">general@openid.net</a><br>
<a moz-do-not-send="true" href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
<pre wrap="">
<hr size="4" width="90%">
_______________________________________________
general mailing list
<a class="moz-txt-link-abbreviated" href="mailto:general@openid.net">general@openid.net</a>
<a class="moz-txt-link-freetext" href="http://openid.net/mailman/listinfo/general">http://openid.net/mailman/listinfo/general</a>
</pre>
</blockquote>
<br>
</body>
</html>