[user-experience] OpenID user experience (new mailing list)

Johannes Ernst jernst+openid.net at netmesh.us
Thu Oct 26 20:33:11 UTC 2006 

On Oct 26, 2006, at 8:17, Dick Hardt wrote:

> On 25-Oct-06, at 8:05 PM, Johannes Ernst wrote:
>
>>>>>  - how can I log off and become anonymous again (currently  
>>>>> unsolved)
>>>
>>> agree on log off, not sure user will be truly anonymous though
>>
>> I think we need to decide what expectations we create with the  
>> user if there was a button saying "log off" or something like that  
>> -- does that mean I'm anonymous now, or not? Alternatively, we  
>> could also require the relying party to stop correlating the user  
>> (eg "delete all session cookies" -- not sure what the right  
>> approach is, but very sure that we need to communicate well to the  
>> user what she can expect.
>
> I think we are starting to move out of scope for OpenID. Activities  
> that sites do today like session management with cookies I believe  
> should be out of scope. What is in scope is where OpenID changes  
> things. Do you agree with that.

I tend to think about all of this from the perspective of the user  
(which is fitting for this list). Let's assume we come up with a  
definition for a "log off" button (we might not, we might consider  
that out of scope, although I'd argue it clearly is). Don't we have  
to define what exactly it means when the user clicks on it? If we  
don't, don't we create a security problem? "Dear bank, I didn't know,  
I did click the log off button and simply assumed ..." this kind of  
thing.

I also think that even if we did not define a "log off" experience  
per se, if we defined a "change persona" experience, we implicitly  
define a "log off" experience as well.

>> I guess this is something we need to discuss. Opinions, anybody?
>>
>>>>>  - how can I find out what the site knows about me wrt identity  
>>>>> information (currently unsolved)
>>>
>>> Not sure that this one would be in scope. Interested to hear what  
>>> your thoughts are.
>>
>> Speaking for myself as a user, I'd like to know that. For example,  
>> I might think "let's make sure these guys have my cell phone  
>> number". How would I check that they do?
>> It might be as simple as a link in a defined place with a defined  
>> label that goes to my "profile page" on that site. Or something  
>> more complex.
>
> Sounds potentially useful. Is it in scope though? There are lots of  
> things I would like to know. :-)

Well, if so, I'd suggest we look for good proposals. If they are  
good, let's define it as within scope, if we don't like them, let's  
not deal with it until we come across something that does seem to  
make sense.

>>> - What do I do when I am at a site that supports OpenID?
>>
>> Are you asking for a consistent help system, or a common layout,  
>> or ..?
>
> Common ceremony.  Right now it is "user enters Homesite, OpenID or  
> i-name into OpenID form and clicks button".

Ok, thanks. Added to the wiki page.



Johannes Ernst
NetMesh Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: pastedGraphic.tiff
Type: image/tiff
Size: 1962 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-user-experience/attachments/20061026/f78402d3/attachment-0002.tiff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-user-experience/attachments/20061026/f78402d3/attachment-0002.gif>
-------------- next part --------------
  http://netmesh.info/jernst

More information about the user-experience mailing list