One possible solution would be the Blogger faked "posting" flow... where they added a 1-2 second delay when posting blog entries back in the day because it happened "so fast" that people thought that the blog post had failed (seriously, we were coming off of dial up fumes).<div>
<br></div><div>I wonder if we shouldn't inject a semi-faux "...signing you in to your XXX Account..." delay that would take care of the signed in/check_immediate cases mentioned. The flow would be consistent and momentary and ultimately could be made to take no longer than existing sign in flows.</div>
<div><br></div><div>I have practical question: will RPs actually abide by the recommendation to support popups? My instinct says no, and that many will use the same window or a lightbox. Are we concerned about this? Do we have any leverage to force a certain approach besides shame?</div>
<div><br></div><div>Chris<br><br><div class="gmail_quote">On Tue, Nov 11, 2008 at 3:19 PM, Praveen Alavilli <span dir="ltr"><<a href="mailto:AlavilliPraveen@aol.com">AlavilliPraveen@aol.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
One of the big problems with using checkid_immediate is that several<br>
OPs break iframes - so there is no reliable way of doing async with<br>
checks with out doing a redirect inside the same browser window or in<br>
a popup.<br>
<div><div></div><div class="Wj3C7c"><br>
<br>
On Nov 11, 2008, at 5:46 AM, George Fletcher <<a href="mailto:gffletch@aol.com">gffletch@aol.com</a>> wrote:<br>
<br>
> Hi,<br>
><br>
> I'm sure there will be an IIW session on OpenID and UX so I wanted to<br>
> ask that the following case be included in the discussion.<br>
><br>
> If a popup window is used for the authenitcation flow (e.g. Facebook<br>
> connect), then what do we do in the case that the user is already<br>
> authenticated to their OpenID Provider and has previously given<br>
> permanent consent to the site to receive their authentication (and<br>
> possible SREG) data?<br>
><br>
> I believe that right now, there would be a popup window flash. This<br>
> seems like it might be a little scary for normal users.<br>
><br>
> This could be mitigated by doing an "check_immediate" first but in<br>
> that<br>
> case, the user would have had to at least given their OpenID so that<br>
> site could do discovery.<br>
><br>
> I suppose we could try and rely on cookies, and cookie the user with<br>
> their last chosen OpenID Provider, but this makes it difficult with<br>
> users with multiple accounts from different OPs (and gets a little<br>
> weird<br>
> in the directed identity case). Also, I only allow cookies per session<br>
> so that would break the experience for me as well.<br>
><br>
> Thoughts?<br>
><br>
> Thanks,<br>
> George<br>
> _______________________________________________<br>
> general mailing list<br>
> <a href="mailto:general@openid.net">general@openid.net</a><br>
> <a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Chris Messina<br>Citizen-Participant &<br> Open Technology Advocate-at-Large<br><a href="http://factoryjoe.com">factoryjoe.com</a> # <a href="http://diso-project.org">diso-project.org</a><br>
<a href="http://citizenagency.com">citizenagency.com</a> # <a href="http://vidoop.com">vidoop.com</a><br>This email is: [ ] bloggable [X] ask first [ ] private<br>
</div>