Thanks, Shade. I appreciate your thoughts, however I have some goals that don't really lead to where you seem to be going with it. Let me explain and see if you agree...<div><br></div><div>The goal of this starter kit is to make it easy, and compelling, for web sites to become OpenID RPs. In addition, to make the login UI itself look more uniform and predictable across RPs so users begin to expect "good" RP behavior. Therefore the starter kit takes the RP's needs into account at a higher priority than promoting OpenID itself. Sounds sort of like a contradiction, but I'll clarify that.</div>
<div><br></div><div>One of the greatest risks a web site takes on by becoming an OpenID RP is that their user base is dependent on OPs for their account access, and those OPs may go down, either temporarily or permanently. If an OP with a lot of users (for that RP anyway) goes down, that's a very significant customer service, and potentially legal and liability cost, to help customers recover their accounts. For this reason, only the very large OPs, that have a long history and strong track record for profitability (lending to long-term future) like Google and Yahoo will qualify for OP buttons so that the majority of an RPs user-base is "safe".</div>
<div><br></div><div>So what role does the OpenID button play at all? Well, the power user who happens to know what OpenID is, may actually care enough to not want to use the otherwise very convenient Google or Yahoo buttons. And I definitely want to cater to that. Such a power user would also (<i>theoretically</i>!) understand the implications of using an identifier that he/she may lose control over in the future and make judgment calls based on that. (also as a mitigation, multiple identifiers can be bound to the same account). </div>
<div><br></div><div>So Shade, regarding your suggestions... An RP gains no profitability from teaching users what OpenID is, nor from helping them choose an identifier from an OP that the RP has less reason to believe will be around for a long time. Also, as you already brought up, encouraging a user to just type a web site in, when most web sites aren't OPs (nor should they be), would confuse and frustrate users when they don't work. </div>
<div><br>So I see the OpenID button as a backdoor for the guys in the crowd (like me!) that would shout "hey, you say you take OpenID but all you take is Google & Yahoo!" to keep them happy. I summarize by saying that the Google and Yahoo buttons sell the UX to the CEO, and the OpenID button sells the UX to the web programmer.</div>
<div><br></div><div>Now, if given my reasoning/goals you still disagree, I'm happy to hear more of your thoughts as you may change my mind. :)</div><div><br></div><div>Of course ultimately, this starter kit will ship with a "change anything you want" license, so it's not like I have the all-powerful say of what these RPs do. If they want to enhance it to do more what you're describing, they're certainly free to. Although in the interest of a predictable UX for the user, I hope we can come to a UX that is good enough for RPs to just use.</div>
<div><br><div>--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre<br>
<br><br><div class="gmail_quote">On Thu, Nov 19, 2009 at 9:00 PM, SitG Admin <span dir="ltr"><<a href="mailto:sysadmin@shadowsinthegarden.com">sysadmin@shadowsinthegarden.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
If you could take a look at the site and help me figure out how to apply your suggestions it would help me.<br>
</blockquote>
<br></div>
I like that the OpenID box autodiscovered Yahoo when I typed in "<a href="http://yahoo.com" target="_blank">yahoo.com</a>" there instead of clicking on the graphic. That box itself, though, could be a bit confusing - what is "OpenID", to the uninitiated? Perhaps have, in addition to that (recognizable) logo, another way of triggering the OpenID login field - an icon saying "Click here to type in the website yourself." or something like that. That can come later; the tricky part, how to prompt them for sites they enter passwords at (without completely replacing the current instructions), should come first.<br>
<br>
It would be nice to prompt users with "You enter a password ONLY at these websites:", but that's awkwardly phrased, and doesn't reliably convey the essential (proper) idea, anyway. Also, what if none of the sites (a user selects) are offering OpenID?<br>
<br>
Perhaps asking "Where have you entered your password before?", and placing that *below* the main (account) line, as if that's the feature description and the question provides directions on utilizing the feature? It lacks the security boost of associating "always enter your password at the appropriate site only" with OpenID, but seems understandable enough.<br>
<br>
Back to triggering the OpenID login field, then - I think most users grasp the click-to-activate (or click-to-select) concept today, so how about"Let me type it in myself" or "Let me type in the address"? (Are there any studies on how well users have absorbed terms like "URL"? I don't want to suggest using that, not knowing if it would be widely recognized.) The language aims to empower; "let me" suggests that the user can bypass a dumb machine's limits, "myself" that power is being given into their hands; but too many words extends the size of that button and complicates the sentence (it should be easy to read).<br>
<br>
Just semi-idle thoughts for now. Help this helps you figure something out :)<br>
<br>
-Shade<br>
</blockquote></div><br></div></div>