<div dir="ltr">>> <span class="Apple-style-span" style="border-collapse: collapse; font-family: Helvetica; ">In your testing, was the "Email address or OpenID domain" form element labeled with the openid_url name so that plugins like sxipper or seatbelt would detect it as an field for an OpenID? Seems like naming it this way would break the legacy browser form fill...</span><div>
<span class="Apple-style-span" style="border-collapse: collapse; font-family: Helvetica;">Correct, it was not named that way, and for exactly that reason. Unfortunately support both legacy users and "URL" users at the same time is really tough.</span></div>
<div><span class="Apple-style-span" style="border-collapse: collapse; font-family: Helvetica;"><br></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: Helvetica;">>> Also, an the "validated E-mail" address... would it be worth exploring a way for an OP to have a 3rd-party (the email provider) verified attribute that the user can submit via AX? This way the user can use whatever OP they want and just store with the OP the 3rd party verified attribute. The RP can verify the attribute (via PKI) or some other method without having to force the user through the password verification process. This would require the user to go through some process at least once to get the verified attribute into their OP. That doesn't really exist yet, but is it something to work towards?</span></div>
<div><span class="Apple-style-span" style="border-collapse: collapse; font-family: Helvetica;"><br></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: Helvetica;">I believe this idea has come up in some of the past discussions about defining a mapping of an E-mail address to an OpenID URL. If we standardized that, then an RP could do discovery on that E-mail mapped URL which would be hosted by the E-mail provider, but then the E-mail provider could allow the owner of that E-mail to specify a different OP (or maybe multiple OPs) which they trust to assert their E-mail address. I was not part of those discussions, but maybe someone else can jump in to confirm whether I described that accurately.</span></div>
<div><span class="Apple-style-span" style="border-collapse: collapse; font-family: Helvetica;"><br></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: Helvetica;"><span class="Apple-style-span" style="font-family: arial; ">>> For the case of exposing my preferred services via an OP, wouldn't my OpenID XRDS file suffice?</span></span></div>
<div><span class="Apple-style-span" style="border-collapse: collapse;">On the backends I agree that is how the data would be exposed. However we still need to get OPs to offer a user interface to let user's edit that information, and to decide whether it is shared with all RPs, or whether some of the information needs more detailed ACLs. Also, I have heard frequent requests from OAuth SPs to have a way to redirect user's to their OP with a structured request to add that SP to the user's discovery information, with the hope that all the user needs to do in that case is click an "I agree" button on the OP site. The OpenSocial/PortableContacts REST APIs seem to be stirring up the most interest in this topic, so with luck that may be enough to get some momentum in this area.</span></div>
<div><span class="Apple-style-span" style="border-collapse: collapse;"><br></span></div><div><span class="Apple-style-span" style="border-collapse: collapse;"><br></span></div><div><br></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: Helvetica;"><br>
</span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: Helvetica;"><br></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: Helvetica;"><br>
</span><br><div class="gmail_quote">On Thu, Sep 25, 2008 at 5:46 AM, George Fletcher <span dir="ltr"><<a href="mailto:gffletch@aol.com">gffletch@aol.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div bgcolor="#ffffff" text="#000000">
<font face="Helvetica, Arial, sans-serif">In your testing, was the
"Email address or OpenID domain" form element labeled with the
openid_url name so that plugins like sxipper or seatbelt would detect
it as an field for an OpenID? Seems like naming it this way would break
the legacy browser form fill...<br>
<br>
Also, an the "validated E-mail" address... would it be worth exploring
a way for an OP to have a 3rd-party (the email provider) verified
attribute that the user can submit via AX? This way the user can use
whatever OP they want and just store with the OP the 3rd party verified
attribute. The RP can verify the attribute (via PKI) or some other
method without having to force the user through the password
verification process. This would require the user to go through some
process at least once to get the verified attribute into their OP.
That doesn't really exist yet, but is it something to work towards?<br>
<br>
Thanks,<br>
George<br>
</font><br>
Eric Sachs wrote:
<blockquote type="cite"><div><div></div><div class="Wj3C7c">
<div dir="ltr">Technically the UI we described in our research
document can accept a lot of different identifiers. E-mail might be
the common one, but I also mentioned how an advanced user might enter
an OpenID domain using directed identity. However the RP could allow a
vanity URL to be typed in as well which would avoid the need for a
browser plugin. The harder part is how to enable the user to know that
option exists. I mentioned that the phrase "<span style="border-collapse:collapse;font-family:Helvetica">Enter your
E-mail address or OpenID domain" appears to avoid confusing average
users. Unfortunately when the OpenID logo was included or the word
domain was replaced by URL, then average users did get confused.</span>
<div><span style="border-collapse:collapse;font-family:Helvetica"><br>
</span></div>
<div><span style="border-collapse:collapse;font-family:Helvetica">If an RP
accepts OpenID domains for directed identity, then I can't think of a
reason they would not also always accept vanity OpenID URLs. So maybe
we should not worry about training really advanced users to know this
option exists. Maybe it would be enough to just make sure there are
common open source implementations of this UI style which have this
feature built in.</span></div>
<div><span style="border-collapse:collapse;font-family:Helvetica"><br>
</span></div>
<div><span style="border-collapse:collapse;font-family:Helvetica">Of course,
this still leaves the problem of an RP who wants to require a validated
E-mail address for a user. But I think that is an orthogonal issue.<br>
</span>
<div><br>
<br>
<div class="gmail_quote">On Tue, Sep 23, 2008 at 2:31 PM, SitG Admin <span dir="ltr"><<a href="mailto:sysadmin@shadowsinthegarden.com" target="_blank">sysadmin@shadowsinthegarden.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="border-left:1px solid rgb(204, 204, 204);margin:0pt 0pt 0pt 0.8ex;padding-left:1ex">
<div>>> Would it be possible to send the
browser a user-side script that<br>
>> would accept their E-mail address (with the standard field
name, to<br>
>> enable autofill) and attempt to reformat it into an OpenID,
possibly<br>
>> with a popup to show them the transformation and explain that
they<br>
>> should enter this URL in future?<br>
><br>
>The user-specific URL may be machine-generated and non-mnemonic. It
is<br>
>at least usually longer than the domain, and I think users always<br>
>prefer to type less in login boxes. I assume you mean we should
train<br>
>them to enter a reference to the IDP.<br>
<br>
</div>
No, though this might be better where Directed Identity is in use. I<br>
prefer "real" ("vanity", as max engel called them) URI's, however, so<br>
I visualize users entering, for example;<br>
<a href="mailto:max_engel@yahoo.com" target="_blank">max_engel@yahoo.com</a><br>
And then the user-side script pops up an alert when they try to log<br>
in, showing "max_engel" in green, "@" in red, and "<a href="http://yahoo.com" target="_blank">yahoo.com</a>"
in<br>
blue; and proposing a transformation into this format instead:<br>
<a href="http://profiles.yahoo.com/max_engel" target="_blank">http://profiles.yahoo.com/max_engel</a><br>
Where the red "@" has been removed, the green and blue are the same,<br>
and everything else is black.<br>
<div>
<div><br>
-Shade<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net" target="_blank">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div></div><pre><hr size="4" width="90%"><div class="Ih2E3d">_______________________________________________
general mailing list
<a href="mailto:general@openid.net" target="_blank">general@openid.net</a>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a>
</div></pre>
</blockquote>
<br>
</div>
</blockquote></div><br></div></div>