UX best practice questions at RP Login with unknown OpenID
Martin Atkins
mart at degeneration.co.uk
Tue Dec 2 19:54:55 UTC 2008
Another possibility, which may or may not be appropriate depending on
what your site does, is to allow users to sign in with OpenID and get
minimal functionality and later "ugprade" to a registered account,
including agreeing to your terms of service and so forth.
This really depends on whether there's anything useful you can allow
your users to do without registering, of course.
This is the approach taken by LiveJournal.com, for example. If you sign
in with OpenID to post a comment you can post that comment immediately.
You can "upgrade" your account by adding an email address and confirming
it, though I must admit I'm not sure what new abilities you get from
doing this.
Six Apart's TypePad Connect also does a similar thing: you can comment
on blogs without completing a full registration form, but you aren't
allowed to publish content on your profile until you complete
registration and agree to the terms of service.
These are two very similar examples, but I'm sure there are other
examples that aren't related to weblog comments.
(Obviously I'm not a lawyer and I won't try to advise you on what you
can allow your users to do without registering!)
Sebastian Küpers wrote:
> Hi there,
>
> I work right now on the implementation of OpenID as a RP and I came up
> with the following UX / best practice question:
>
> we offer at the startpage a "login" and an additional "sign-up new
> account" option.
> for both options we offer openid als alternative. (login with your
> openid) (sign up new account with your openid)
>
> atm it seems to be quite common, that if somebody logins (NOT signs
> up) with an unknown openid, the registration process starts
> automatically, instead of pointing out with a small hint, that this is
> an unknown openid and that he has now the option to sign up a new
> account for this service with the openid he just entered.
>
> I wonder now, what is the best practice?
>
> Option 1: Automatic signup with an unkown OpenID at login
> ---------------------------------
> PRO: it is quite likely, that he wants to signup a new account if we
> don't know his openid yet, therefore let's do it without any
> disrupting messages
> CON: people who have several OpenIDs in use, maybe just have picked
> the wrong one and realize pretty late, that they are about to sign up
> a new account instead of just logging in. (happens to me quite often
> to be honest)
>
> Option 2: Give people a hint, that this openid is unkown and ask them
> first if they want to sign up a new account instead
> ---------------------------------
> PRO: it's more transparent what happens and people don't accidently
> sign up a new account, although they just wanted to login in their
> existing account
> CON: might be an security issue, because this allows people to
> evaluate if openids are already registered for this service
>
> To be honest I tend to the solution that it would be better to give
> people the hint, instead of automatically start the signup, if the
> openid is unkown - what do you think?
>
> Thanks,
> Sebastian
>
More information about the user-experience
mailing list