UX best practice questions at RP Login with unknown OpenID

Tue Dec 2 19:54:55 UTC 2008

Another possibility, which may or may not be appropriate depending on 
what your site does, is to allow users to sign in with OpenID and get 
minimal functionality and later "ugprade" to a registered account, 
including agreeing to your terms of service and so forth.

This really depends on whether there's anything useful you can allow 
your users to do without registering, of course.

This is the approach taken by LiveJournal.com, for example. If you sign 
in with OpenID to post a comment you can post that comment immediately. 
You can "upgrade" your account by adding an email address and confirming 
it, though I must admit I'm not sure what new abilities you get from 
doing this.

Six Apart's TypePad Connect also does a similar thing: you can comment 
on blogs without completing a full registration form, but you aren't 
allowed to publish content on your profile until you complete 
registration and agree to the terms of service.

These are two very similar examples, but I'm sure there are other 
examples that aren't related to weblog comments.

(Obviously I'm not a lawyer and I won't try to advise you on what you 
can allow your users to do without registering!)

Sebastian Küpers wrote:
> Hi there,
> 
> I work right now on the implementation of OpenID as a RP and I came up
> with the following UX / best practice question:
> 
> we offer at the startpage a "login" and an additional "sign-up new
> account" option.
> for both options we offer openid als alternative. (login with your
> openid) (sign up new account with your openid)
> 
> atm it seems to be quite common, that if somebody logins (NOT signs
> up) with an unknown openid, the registration process starts
> automatically, instead of pointing out with a small hint, that this is
> an unknown openid and that he has now the option to sign up a new
> account for this service with the openid he just entered.
> 
> I wonder now, what is the best practice?
> 
> Option 1: Automatic signup with an unkown OpenID at login
> ---------------------------------
> PRO: it is quite likely, that he wants to signup a new account if we
> don't know his openid yet, therefore let's do it without any
> disrupting messages
> CON: people who have several OpenIDs in use, maybe just have picked
> the wrong one and realize pretty late, that they are about to sign up
> a new account instead of just logging in. (happens to me quite often
> to be honest)
> 
> Option 2: Give people a hint, that this openid is unkown and ask them
> first if they want to sign up a new account instead
> ---------------------------------
> PRO: it's more transparent what happens and people don't accidently
> sign up a new account, although they just wanted to login in their
> existing account
> CON: might be an security issue, because this allows people to
> evaluate if openids are already registered for this service
> 
> To be honest I tend to the solution that it would be better to give
> people the hint, instead of automatically start the signup, if the
> openid is unkown - what do you think?
> 
> Thanks,
> Sebastian
> 