If the library is written well, it could be upgraded to take advantage of any client-side hints that become available (with HTML5, or otherwise) without the API changing or the RP needing to do anything special. It can also have a UX that allows for full range of choice of OPs while providing a default set that will probabilistically match the RP's chosen audience -- e.g., if you know that a large % of your users are going to be from Yahoo! due to other integrations, you may well want to feature that prominently and I think that's okay as long as there is also a standard, simple way for non-Yahoos to log in.<div>
<br></div><div>Also, high end mobile devices won't have any trouble running your JS library -- actually they'll probably be easier than your desktop base. Lower-end mobile browsers do have special challenges of course; just want to separate these two cases our explicitly, as it may well be the case that the limitations of low end mobile devices necessitate a very different approach anyway.<br>
<div><br clear="all">--<br>John Panzer / Google<br><a href="mailto:jpanzer@google.com">jpanzer@google.com</a> / <a href="http://abstractioneer.org">abstractioneer.org</a> / @jpanzer<br><br>
<br><br><div class="gmail_quote">On Mon, Dec 14, 2009 at 8:47 AM, daniel jacobson <span dir="ltr"><<a href="mailto:fragment37@yahoo.com">fragment37@yahoo.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<table cellspacing="0" cellpadding="0" border="0"><tbody><tr><td valign="top" style="font:inherit"><div>Fair point about keeping the option with the user - one that I agree with. My key point here is to demonstrate the need for a library that creates an easy-to-implement option for RPs that can handle the federated model of OpenID in a robust way. One of the challenges with giving the user the choice is in making that process a good user experience, one that is intuitive and not intimidating. My suggestion about surfacing prominent providers is really about offering that one-click experience to the user. The first image in the second post that you provided (<a href="http://farm4.static.flickr.com/3257/3119473900_55bdc12279.jpg?v=0" target="_blank">http://farm4.static.flickr.com/3257/3119473900_55bdc12279.jpg?v=0</a>) captures the basic idea that I was shooting for... allowing a one-click option for the user (my idea was that those OPs -
AOL, Facebook, Google, etc. - would be identified by parameters passed through to the library).</div>
<div>-Daniel</div><div class="im">
<div> </div>
<div> </div>
<div><br><br>--- On <b>Mon, 12/14/09, Chris Messina <i><<a href="mailto:chris.messina@gmail.com" target="_blank">chris.messina@gmail.com</a>></i></b> wrote:<br></div>
</div><blockquote style="padding-left:5px;margin-left:5px;border-left:rgb(16,16,255) 2px solid"><div class="im"><br>From: Chris Messina <<a href="mailto:chris.messina@gmail.com" target="_blank">chris.messina@gmail.com</a>><br>
Subject: Re: Discovery of an OpenID session at an OP<br></div>To: "daniel jacobson" <<a href="mailto:fragment37@yahoo.com" target="_blank">fragment37@yahoo.com</a>><br>Cc: "Chris Obdam" <<a href="mailto:chris.obdam@holder.nl" target="_blank">chris.obdam@holder.nl</a>>, "<a href="mailto:openid-specs@lists.openid.net" target="_blank">openid-specs@lists.openid.net</a>" <<a href="mailto:openid-specs@lists.openid.net" target="_blank">openid-specs@lists.openid.net</a>>, <a href="mailto:santrajan@gmail.com" target="_blank">santrajan@gmail.com</a><br>
Date: Monday, December 14, 2009, 11:35 AM<div><div></div><div class="h5"><br><br>
<div><br><br>
<div class="gmail_quote">On Mon, Dec 14, 2009 at 7:55 AM, daniel jacobson <span dir="ltr"><<a href="http://us.mc1123.mail.yahoo.com/mc/compose?to=fragment37@yahoo.com" rel="nofollow" target="_blank">fragment37@yahoo.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="padding-left:1ex;margin:0px 0px 0px 0.8ex;border-left:#ccc 1px solid">
<table cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr>
<td valign="top">
<div>I think the biggest benefit to RPs is to create a library that is robust and portable that would allow for them to designate which OPs they care about. </div></td></tr></tbody></table></blockquote></div><br clear="all">
I don't want this thread to be taken off course, but for the RP to specify which OPs it supports greatly diminishes the user-centric element of OpenID. The point of OpenID is that I, as a user, can decide who I trust to store my data and provide my identity — rather than having to choose from a specific subset of providers that the RP decides on.
<div><br></div>
<div>This, I suppose, is en vogue today because of Facebook and Twitter Connect, but if the model is to move towards ever greater consolidation of OPs at the whim and discretion of RPs, then I believe we have greatly undermined a fundamental aspect of OpenID.</div>
<div><br></div>
<div>. . .</div>
<div><br></div>
<div>To your question about how this can be done — and "getting the Facebook folks involved" — you should read Luke Shepard's post on how Facebook's accomplishes sign-on with Facebook Connect:</div>
<div><br></div>
<div><a href="http://www.sociallipstick.com/?p=86" rel="nofollow" target="_blank">http://www.sociallipstick.com/?p=86</a></div>
<div><a href="http://www.sociallipstick.com/?p=167" rel="nofollow" target="_blank">http://www.sociallipstick.com/?p=167</a></div>
<div><a href="http://www.sociallipstick.com/?p=189" rel="nofollow" target="_blank">http://www.sociallipstick.com/?p=189</a><br>
<div><br></div>
<div>Chris</div>
<div><br>-- <br>Chris Messina<br>Open Web Advocate<br><br>Personal: <a href="http://factoryjoe.com/" rel="nofollow" target="_blank">http://factoryjoe.com</a><br>Follow me on Twitter: <a href="http://twitter.com/chrismessina" rel="nofollow" target="_blank">http://twitter.com/chrismessina</a><br>
<br>Citizen Agency: <a href="http://citizenagency.com/" rel="nofollow" target="_blank">http://citizenagency.com</a><br>Diso Project: <a href="http://diso-project.org/" rel="nofollow" target="_blank">http://diso-project.org</a><br>
OpenID Foundation: <a href="http://openid.net/" rel="nofollow" target="_blank">http://openid.net</a><br><br>This email is: [ ] shareable [X] ask first [ ] private<br></div></div></div></div></div></blockquote></td>
</tr></tbody></table><br>
<br>_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
<br></blockquote></div><br></div></div>