<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi Andrew -<br>
<br>
The RP UX looks very promissing, and it'll be really slick with just a
little more polish.<br>
<br>
Can you make the Yahoo popup a bit wider? Although the UI Draft spec
says that the popup is supposed to be 450px wide, Yahoo's popup is
500px wide. (our users prefer larger fonts)<br>
<br>
Also, as per your blog post, Yahoo displays a warning for RPs that
don't implement RP discovery.<br>
<a class="moz-txt-link-freetext" href="http://blog.nerdbank.net/2008/06/why-yahoo-says-your-openid-site.html">http://blog.nerdbank.net/2008/06/why-yahoo-says-your-openid-site.html</a><br>
<br>
Because the OpenID authentication response exceeds 2KB, the Yahoo OP
automatically sends the response via HTTP POST, which results in a
degraded user experience. (browser warnings when switching from HTTPS
to HTTP) and also a "blank white page" for the autosubmitting form. I'm
a very surprised that the response exceeds 2KB on your demo site,
because generally speaking, OpenID responses that don't use AX or OAuth
Hybrid almost never exceed 2KB. I think your demo has an unusually
large return_to URL, which is contributing to the oversized response.<br>
<br>
On the Yahoo OP side of things, we're working on ways to shrink the
size of our responses to try to stay under the 2KB limit. For instance,
we'll be removing the PAPE responses unless they were requested, and
we'll try to shrink the size of our association handles. <br>
<br>
Also, as others have reported, the browser plugin warning is a bit
distracting. I'm runing WinXP with Firefox. Presumably this should be
fairly easy to fix.<br>
<br>
Good job!<br>
Allen<br>
<br>
<br>
<br>
<br>
Andrew Arnott wrote:
<blockquote
cite="mid:216e54900910221544h2f6124e2o47fb203b640ec3e2@mail.gmail.com"
type="cite">
<div class="gmail_quote"><span style="font-family: arial,sans-serif;">
<p style="font-weight: bold;">OpenID RP login UX</p>
<p>Live demo location: <a moz-do-not-send="true"
href="http://openidux.dotnetopenauth.net/"
style="font-family: arial,sans-serif; color: rgb(102, 77, 159);"
target="_blank">http://openidux.dotnetopenauth.net/</a></p>
<h3 style="font-family: arial,sans-serif; font-size: small;">Design
considerations</h3>
<p>The <a moz-do-not-send="true"
href="http://docs.google.com/Doc?docid=0AXB25E7fZcQCZGY1bm40ampfMTkxaHJ2emZya3M&hl=en"
style="font-family: arial,sans-serif; color: rgb(102, 77, 159);"
target="_blank">DNOA</a><a moz-do-not-send="true"
href="http://docs.google.com/Doc?docid=0AXB25E7fZcQCZGY1bm40ampfMTkxaHJ2emZya3M&hl=en"
style="font-family: arial,sans-serif; color: rgb(102, 77, 159);"
target="_blank"> login UX design document</a> contains the design
spec, and some of the reasoning that went into that design.</p>
<p>One high-level goal of all this work is to produce a set of HTML,
CSS, and JS files that can work on any web platform, so that ruby,
python, php, coldfusion, and (of course) <a moz-do-not-send="true"
href="http://asp.net/"
style="font-family: arial,sans-serif; color: rgb(0, 62, 168);"
target="_blank">ASP.NET</a> RP web sites can benefit from a better UI
for logging users in.</p>
<h3 style="font-family: arial,sans-serif; font-size: small;">Interesting
scenarios to experiment with and/or test</h3>
<ul>
<li>Login by clicking on Members Only. This invokes the full page
redirect login UI.</li>
<li>Login by clicking Login in the upper-right corner of the page.
This invokes the popup dialog UI.</li>
<li>Visit the account management page and add additional
OpenIDs or InfoCards to your account so you can log in with multiple
identities yet be recognized as holding just one account.</li>
<li>Login multiple times, using various OPs. Notice first that we
highlight the button you chose the prior time. This helps the user not
splinter his identity on a return visit in the event he has accounts
with more than one displayed OP.</li>
<li>Notice that in the login UI some OPs support checkid_immediate,
and on a return visit, a green checkmark appears in the lower-right
corner of an OP button when an immediate login is available. If a green
checkmark is not visible on an OP button, a popup window will be used
to guide the user through the initial login process. Some OPs (such as
Verisign and Yahoo) do not support checkid_immediate, and will never
display green checkmarks.</li>
<li>When logging in, try using the OpenID button. Notice that as
soon as you finish typing that discovery on that identifier begins and
a login button appears within the text box. Next time you visit,
the UX will remember what identifier you typed in and help you log in
again.</li>
<li>Try using the OpenID button with an identifier that delegates
to multiple OPs. Notice how the Login button that appears to help you
go through checkid_setup (if no checkid_immediate requests come back
positive) is a split button, allowing you to actually pick which OP to
log in with, and these OPs are in priority order (adjusted for OPs that
are down or misbehaving, which are moved to the bottom).</li>
</ul>
<h3 style="font-family: arial,sans-serif; font-size: small;">Special
release notes</h3>
<p>In this iteration, I've elected to go with the popup dialog
approach to displaying the login UI rather than a popup browser window.
This is still alterable, and your feedback and/or preferences on this
decision is most welcome.</p>
<p>The current set of OP buttons displayed include 4 OPs: Google,
Yahoo, Verisign and MyOpenID. The last two of these do <span
style="font-style: italic;">not</span> fit the qualifications given in
the design document, but they are included here to assist in the
feedback process, and because I don't know how to make four buttons
(Google, Yahoo, OpenID and InfoCard) look good, so I jumped up from
three to six.</p>
<p>In the OpenID text box area, after authentication completes a
green checkmark is displayed, but sometimes no login button appears to
complete login. This is a UX issue I haven't figured out how to solve
yet. But the way to proceed with login is to click the original, large
OpenID button again.</p>
<p>The browsers I've tested with are IE8, Chrome 3, FireFox 3.5 and
Safari 4. If you test with other/older browsers, please leave feedback
about how your experience was. But currently I'm not targeting older
browsers, so any bug reports regarding backward compatibility <span
style="font-style: italic;">may</span> not be fixed.</p>
<h3 style="font-family: arial,sans-serif; font-size: small;">How to
leave feedback</h3>
<p>Just reply to this message.</p>
</span>--<font color="#888888"><br>
Andrew Arnott<br>
"I [may] not agree with what you have to say, but I'll defend to the
death your right to say it." - S. G. Tallentyre<br>
</font></div>
<br>
<pre wrap="">
<hr size="4" width="90%">
_______________________________________________
general mailing list
<a class="moz-txt-link-abbreviated" href="mailto:general@lists.openid.net">general@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-general">http://lists.openid.net/mailman/listinfo/openid-general</a>
</pre>
</blockquote>
<br>
</body>
</html>