[PROPOSAL] Handle "http://user at example.com" Style Identifiers

Dick Hardt dick at sxip.com
Sun Nov 12 23:06:10 UTC 2006 

This is becoming a UX discussion, so I hope you don't mind me moving  
it to that list ...

Giving the user an error message that their email does not support  
OpenID *may* drive some adoption.

I think most users will NOT be curious about a new way to log into a  
site. They want into the site, and want it to be easy. That is why  
they are at the site. Those of us that are in the market are of  
course interested and curious about these new ways -- but we are very  
much the minority!

I think most RP only sites will support both username/password and  
OpenID since they don't want to force users to get an account. See  
whobar.org for how I think this might work.

-- Dick

On 8-Nov-06, at 8:16 PM, David Fuelling wrote:

> Hey Dick,
>
> Couldn't one make the opposite argument -- that most people's email  
> address
> NOT working when they plug it into the OpenId login field could  
> actually be
> a good thing? (especially in the beginning of OpenID)
>
> I say this because such scenarios (user enters email, and RP fails  
> because
> the email doesn't yet support open id) might actually be a catalyst  
> for more
> people to use OpenId, especially if users start barking at their  
> ISP/email
> providers to support OpenId because their email isn't working  
> correctly with
> certain sites they want to use.
>
> For example, consider the following two potential scenarios that  
> might go
> through a new user's mind when they first encounter OpenId:
>
> Scenario #1 (WITHOUT email allowed in the OpenId login form):
> User encounters an "openid enabled" site (RP ==> example.com), and  
> decides
> they are curious about this new "way" to login (simplifying, I know  
> -- but
> we're talking about a simple user).  The user pretty quickly  
> realizes that
> they need to somehow secure an Identity URL.  The typical user (my  
> parents,
> e.g.) might be inclined to say: "all my other (non-openid) sites  
> require my
> email address (usually) as a username.  Plus, since example.com still
> supports email address based username+passwords anyway, why not just
> continue to use that?"  Thus, the novice user who fails to see the  
> benefits
> of OpenId might just decide against OpenId because of the perceived
> difficulties in using it, especially in the beginning when OpenId  
> adoption
> will be gaining traction, but not the majority method used for site  
> login.
>
> Scenario #2 (WITH email allowed in the OpenId login form):  User  
> encounters
> an "openid enabled" site, and decides they are curious about the  
> new "way"
> to login.  If their email domain supports OpenId, then there's  
> really no
> reason for a novice user NOT to use OpenId -- it works with the email
> address.
>
> On the other hand, if the RP determines that the specified email  
> address
> doesn't support OpenId, it (the RP) then comes back to the User  
> with an
> educational page explaining why the email doesn't work, perhaps  
> with a "call
> your email provider and encourage them to adopt openid...and here's  
> why".
>
> Anyway, this might be a different perspective on whether or not the  
> ["oops,
> your login didn't work"] is a bad thing.
>
>
>> -----Original Message-----
>> From: Dick Hardt [mailto:dick at sxip.com]
>> Sent: Wednesday, November 08, 2006 5:06 PM
>> To: David Fuelling
>> Cc: specs at openid.net
>> Subject: Re: [PROPOSAL] Handle "http://user@example.com" Style  
>> Identifiers
>>
>> Hi David
>>
>> A Homesite is a new concept for users, so when they see a prompt for
>> it, they will know they have one or not. They are not just typing in
>> a random URL.
>>
>> Pretty much every user has an email address, so a prompt asking for
>> an email would suggest to user that their email will work -- which of
>> course hardly any will.
>>
>> -- Dick
>>
>
>

More information about the user-experience mailing list