[user-experience] OpenID user experience (new mailing list)

Thu Oct 26 15:17:34 UTC 2006

On 25-Oct-06, at 8:05 PM, Johannes Ernst wrote:

>>>>  - how can I log off and become anonymous again (currently  
>>>> unsolved)
>>
>> agree on log off, not sure user will be truly anonymous though
>
> I think we need to decide what expectations we create with the user  
> if there was a button saying "log off" or something like that --  
> does that mean I'm anonymous now, or not? Alternatively, we could  
> also require the relying party to stop correlating the user (eg  
> "delete all session cookies" -- not sure what the right approach  
> is, but very sure that we need to communicate well to the user what  
> she can expect.

I think we are starting to move out of scope for OpenID. Activities  
that sites do today like session management with cookies I believe  
should be out of scope. What is in scope is where OpenID changes  
things. Do you agree with that.

>
> I guess this is something we need to discuss. Opinions, anybody?
>
>>>>  - how can I find out what the site knows about me wrt identity  
>>>> information (currently unsolved)
>>
>> Not sure that this one would be in scope. Interested to hear what  
>> your thoughts are.
>
> Speaking for myself as a user, I'd like to know that. For example,  
> I might think "let's make sure these guys have my cell phone  
> number". How would I check that they do?
> It might be as simple as a link in a defined place with a defined  
> label that goes to my "profile page" on that site. Or something  
> more complex.

Sounds potentially useful. Is it in scope though? There are lots of  
things I would like to know. :-)

>
>>> Secondly, in your view, what other issues related to user  
>>> experience should be discussed and/or resolved?
>>
>> Add:
>>
>> - How do I migrate my username/password account to using OpenID?
>
> Are you referring to the situation where I already have an account  
> at a site, but now I'd like to disable auth by username/password  
> and only use OpenID?
>
> If so, that sounds like a useful case.

yes, either disable or link

>
>> - What do I do when I am at a site that supports OpenID?
>
> Are you asking for a consistent help system, or a common layout,  
> or ..?

Common ceremony.  Right now it is "user enters Homesite, OpenID or i- 
name into OpenID form and clicks button".

>
>> - What happens when xxxx error happens?
>
> That's another good one: how do errors get reported to the user,  
> and what can the user do about them?

Yes. To clarify, protocol related errors.