Users on Public Computers

Joshua Viney josh at eastmedia.com
Tue Nov 7 17:55:22 UTC 2006 

> -1
> global sign-out has many issues -- with SXIP 1.0 we had it, and it
> was actually irritating, you want to logout of site, not out of all
> sites, and having two logout like buttons with similar functionality
> is confusing ... I can go into more details, but have written about
> it in the past

I would love to hear some more details. Do you have any links to some  
of these discussions, or any usability data re: this issue, or  
screenshots of the Sxip 1.0 single-sign-out in action?

I agree that public computers are inherently more dangerous and need  
extra precautions, but I used it as an example because I think it  
highlights an underlying user experience problem that will eventually  
need to be addressed one way or the other. Putting on the product  
manager hat, if I look at something like OpenID and see that it  
doesn't have single-sign-out it would make me hesitant to implement  
more complex features like profile/attribute exchange. I believe  
there can be an implementation that is messaged properly and designed  
in such a way as to be useful without being irritating. I see a  
single-sign-out function being the counterpoint to a single-sign-on.  
If the OpenID spec makes recommendations concerning the sign-in  
feature, can it make recommendations re: the sign-out feature as  
well, or at least support the feature if it is implementation  
specific? It seems that there would need to be some protocol level  
support for single-sign-out.

	Again I find myself making a suggestion about the browser layer...  
(Terrell)

Re: a browser-level solution is very interesting, but may have too  
many dependencies. I would think there would have to be consideration  
for multiple browsers (IE included), backwards compatibility, and  
pretty constant support. Also, I've found that users do not use their  
browsers. By that I mean that users tend to focus on the sites they  
browse not the browser they use to access those sites. I have seen as  
high as 20% click-through from Google for keywords that include a  
complete site address (www.yoursitenamehere.com) on a site with over  
10 million registered members. That number translates to people  
knowing where they want to go and instead of entering the address in  
the address bar, they enter it into Google. That being said, if done  
right, a browser-level single-sign-out *could* make for a smoother  
user experience. In general though, I would prefer to be able to  
solve this problem before jumping outside the RPs' sites themselves.

- Josh



On Nov 7, 2006, at 11:14 AM, Dick Hardt wrote:

> On 6-Nov-06, at 4:41 PM, Joshua Viney wrote:
>>
>> One solution to consider would be a global sign-out feature on
>> relying party sites that signs users out of their IdP as well.
>
>
>
>> Another solution would be to make very specific recommendations
>> about messaging users who may be using public computers.
>
> +1
> Using your IdP from a public computer has many risks, and the IdP
> should take extra precaution in how it works with users on public
> computers.
>
> -- Dick
>
>
>
> _______________________________________________
> user-experience mailing list
> user-experience at openid.net
> http://openid.net/mailman/listinfo/user-experience

Josh Viney
http://www.eastmedia.com -- EastMedia
http://identity.eastmedia.com -- OpenID, Identity 2.0




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-user-experience/attachments/20061107/161bed36/attachment-0002.htm>

More information about the user-experience mailing list