<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">We have not done much in the way of usability studies on this page. We do know that most users will grant access 'until revoked', which is not too surprising since that's the default choice.<div><br></div><div>The partner can (and does) get a stable identifier by sending a query to a rest endpoint that returns the member ID for the current token (and other information). It's the equivalent of a PoCo @self request.</div><div><br><div><br></div><div><br><div><div>On Apr 7, 2010, at 10:43 AM, Chris Messina wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">Have you done any usability studies on this flow/screen? Any idea whether people understand the "duration" dropdown? And — given that <a href="http://elegant.ly/">elegant.ly</a> is using the OAuth token to figure out identity — if and when the token expires — do they still have a stable identifier for the user?<div>
<br></div><div>Chris<br><br><div class="gmail_quote">On Wed, Apr 7, 2010 at 10:26 AM, Paul Lindner <span dir="ltr"><<a href="mailto:lindner@inuus.com">lindner@inuus.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div style="word-wrap:break-word">The screen you see is LinkedIn's standard OAuth Authorization Screen. When you click on the sign-in button it hits the 3rd party backend, which hits our requestToken endpoint, the resulting token is immediately used to redirect to the LinkedIn Authorize page. If you're logged out you're going to see the Email/Password fields. In all cases we prompt for the duration of the access grant. Once access is granted we redirect back to the originating site.<div>
<br></div><div>It appears that <a href="http://elegant.ly/" target="_blank">elegant.ly</a> then associates the retrieved access token with a cookie/session on their domain.</div><div><br></div><div>Very slick.</div><div><br>
</div><div><div><br><div><div>On Apr 7, 2010, at 9:05 AM, Chris Messina wrote:</div><br><blockquote type="cite"><div bgcolor="#FFFFFF"><div>Interesting. </div><div><br></div><div>But while the signin button doesn't come from you, the OAuth page you're redirected to does. </div>
<div><br></div><div>How else is that page intended to be used?</div><div><br></div><div>Chris<br><br>Sent from my iPhone 2G</div><div><br>On Apr 7, 2010, at 6:09 AM, Paul Lindner <<a href="mailto:lindner@inuus.com" target="_blank">lindner@inuus.com</a>> wrote:<br>
<br></div><div></div><blockquote type="cite"><div>Hi all,<div><br></div><div>This SignIn button is not something we've designed. However it shows that people will apply existing technology to solve their problems. In fact it's not that much different than 'Sign-in With Twitter' if you think about it...<div>
<div></div><div class="h5"><br>
<br><div class="gmail_quote">On Wed, Apr 7, 2010 at 5:00 AM, <span dir="ltr"><<a href="mailto:openid-general-request@lists.openid.net" target="_blank"></a><a href="mailto:openid-general-request@lists.openid.net" target="_blank">openid-general-request@lists.openid.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>Nice interface, thanks for sharing.<br>
<br>
A bit of Bo-Hoo at LinkedIn for using "Sign In" which seems to<br>
indicate log in when it's not really.<br>
But perhaps no one cares. Is authn and authz just an academic<br>
difference in the wild?<br>
<br>
The world will keep turning...<br>
<br>
<br>
On Fri, Apr 2, 2010 at 7:06 PM, Chris Messina <<a href="mailto:chris.messina@gmail.com" target="_blank"></a><a href="mailto:chris.messina@gmail.com" target="_blank">chris.messina@gmail.com</a>> wrote:<br>
> Take a look at this:<br>
> visit <a href="http://elegant.ly/" target="_blank"></a><a href="http://elegant.ly/" target="_blank">http://elegant.ly</a> and click the "Sign In" button...<br>
> You end up at LinkedIn where you're essentially doing an OAuth dance for<br>
> sign in.<br>
> Interesting, eh?<br>
> Chris<br>
><br>
> --<br>
> Chris Messina<br>
> Open Web Advocate, Google<br>
><br>
> Personal: <a href="http://factoryjoe.com/" target="_blank"></a><a href="http://factoryjoe.com/" target="_blank">http://factoryjoe.com</a><br>
> Follow me on Buzz: <a href="http://buzz.google.com/chrismessina" target="_blank"></a><a href="http://buzz.google.com/chrismessina" target="_blank">http://buzz.google.com/chrismessina</a><br>
> ...or Twitter: <a href="http://twitter.com/chrismessina" target="_blank"></a><a href="http://twitter.com/chrismessina" target="_blank">http://twitter.com/chrismessina</a><br>
><br>
> This email is: ? [X] shareable ? ?[ ] ask first ? [ ] private<br>
><br>
> _______________________________________________<br>
> general mailing list<br>
> <a href="mailto:general@lists.openid.net" target="_blank"></a><a href="mailto:general@lists.openid.net" target="_blank">general@lists.openid.net</a><br>
> <a href="http://lists.openid.net/mailman/listinfo/openid-general" target="_blank"></a><a href="http://lists.openid.net/mailman/listinfo/openid-general" target="_blank">http://lists.openid.net/mailman/listinfo/openid-general</a><br>
><br>
></div></blockquote></div><br></div></div></div>
</div></blockquote><div><div></div><div class="h5"><blockquote type="cite"><div><span>_______________________________________________</span><br><span>general mailing list</span><br><span><a href="mailto:general@lists.openid.net" target="_blank">general@lists.openid.net</a></span><br>
<span><a href="http://lists.openid.net/mailman/listinfo/openid-general" target="_blank">http://lists.openid.net/mailman/listinfo/openid-general</a></span><br></div></blockquote></div></div></div></blockquote></div><br></div>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Chris Messina<br>Open Web Advocate, Google<br><br>Personal: <a href="http://factoryjoe.com/">http://factoryjoe.com</a><br>Follow me on Buzz: <a href="http://buzz.google.com/chrismessina">http://buzz.google.com/chrismessina</a> <br>
...or Twitter: <a href="http://twitter.com/chrismessina">http://twitter.com/chrismessina</a> <br><br>This email is: [ ] shareable [X] ask first [ ] private<br>
</div>
</blockquote></div><br></div></div></body></html>