[OpenID] FB Connect, OpenID and UX
Johannes Ernst
jernst+openid.net at netmesh.us
Tue Dec 16 16:41:14 UTC 2008
It's a bit more complicated than that. In many of those cases there is
a requirement that some service (say the travel site, for argument's
sake) cannot tell the difference whether it was the executive or the
assistant who logged in. (Let's call it the vanity argument: executive
is trying to pretend that she can be on top of all things at the same
time)
Also, the information that assistant is allowed to act on behalf of
the executive should be centralized in one place (perhaps the
corporate directory, for argument's sake), while relying parties
should not have to be modified to allow for this delegation model or,
see above, not even be able to tell.
I'm thinking that some kind of chained identity might help ... where,
say, assistant uses OpenID example.com/alice and executive uses
example.com/bob, both of which can be used to authenticate into the
account example.com/executive. That latter OpenID would then be used
by either to log into the travel site.
On Dec 15, 2008, at 17:52, Martin Atkins wrote:
> Johannes Ernst wrote:
>> My canonical example is the assistant who acts on behalf of the
>> executive -- responding to e-mail, editing calendars, booking flights
>> etc. often involving substantial legal liability.
>>
>> If technology works for that scenario (both the "trust continues" and
>> "had to fire assistant" cases), in my experience, it covers most
>> interesting use cases.
>>
>> Only trouble is that I don't know of any technology other than
>> password
>> sharing that really works for that scenario :-(\
>>
>
> I'd expect that the solution to this problem would be access control.
> Give each person exactly one user account and allow users to grant
> access to other users.
>
> I think this is more just a limitation of today's implementations
> than a
> fundamental technology limitation.
>
> To pick on your email example, it's not difficult to imagine a GMail
> feature where you can grant another user access to your email account
> when logging in with *their* credentials.
>
> I think many calendar services already support something along these
> lines, though not being an executive I can't say I've had the need
> for a
> secretary to access my calendar recently.
>
> _______________________________________________
> user-experience mailing list
> user-experience at openid.net
> http://openid.net/mailman/listinfo/user-experience
Johannes Ernst
NetMesh Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 977 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-user-experience/attachments/20081216/67adce7d/attachment-0004.gif>
-------------- next part --------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid.gif
Type: image/gif
Size: 903 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-user-experience/attachments/20081216/67adce7d/attachment-0005.gif>
-------------- next part --------------
http://netmesh.info/jernst
More information about the user-experience
mailing list