<div dir="ltr"><div class="gmail_quote">On Mon, Oct 13, 2008 at 7:01 PM, Dick Hardt <span dir="ltr"><<a href="mailto:dick.hardt@gmail.com">dick.hardt@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div style="word-wrap:break-word"><div><div class="Ih2E3d"><blockquote type="cite"><div dir="ltr"><br>Both companies have been asked for suggestions on how to merge the feedback from these two sets of research. Allen Tom & I have been exchanging mail about how to do that, and here is one way to merge the set of conclusions:<br>
<ol><li><span style="border-collapse:collapse;color:rgb(0, 0, 0);font-family:arial;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><div>
Based on the test Yahoo & Gmail have done earlier in the year, we already both believe that any "login" buttons have to include the brand of the IDP and must be right next to the login box. While that might not scale nor promote the OpenID technology brand, that is just the fact of life. </div>
</span></li></ol></div></blockquote></div>I don't agree is it a fact of life. It is a fact that it is a conclusion from your study, but it is not a fact that the RP should decide on a few IdPs to promote on their page. </div>
<div><br></div><div>I do agree that a mechanism to let a most users know they can use an IdP of their choosing is a good thing. A smart client could do that.</div></div></blockquote><div><br></div><div>I think we can (and must) do better than this. I agree with Dick that this is not a "fact of life". It's not like there's a list of @<a href="http://gmail.com">gmail.com</a>, @<a href="http://hotmail.com">hotmail.com</a>, @<a href="http://aol.com">aol.com</a> or @<a href="http://yahoo.com">yahoo.com</a> in every email application.</div>
<div><br></div><div>In fact, this points further to the need to solve the problem of email addresses as OpenID identifiers. I don't think that usability work can really continue (or be plausible long term) until we've made email identifiers part of the formal OpenID spec.</div>
<div><br></div><div>I know we've all been busy, but I strongly think that we should advance the EAUT spec [1] before we make any final decisions about whether RPs MUST sport any number of IDP logos/login buttons.</div>
<div><br></div><div>Otherwise, we will have failed.</div><div><br></div><div>Chris</div><div><br></div><div>[1] <a href="http://eaut.org/">http://eaut.org/</a></div></div></div>