Open Connect - A UX proposal for the OpenStack

Joseph A Holsten joseph at josephholsten.com
Sun Dec 14 22:06:24 UTC 2008


Agreed. It is vital that, in the absence of ibid, the user check the  
OP url. A warning of that sort would have to go on the RP's page of  
the flow. But the RP is probably the one trying to spoof the user.

I think the best tactic is then to get respectable RPs to mention it  
so checking becomes second nature.  Has anyone put together a really  
effective blurb to tell users how to check the URL? How about a box  
like http://www.flickr.com/photos/josephholsten/3107919243/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 3107919243_17ae481569.jpg
Type: image/jpeg
Size: 12723 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-user-experience/attachments/20081214/33205c3b/attachment-0002.jpg>
-------------- next part --------------


http://josephholsten.com


On Dec 14, 2008, at 3:05 PM, David Fuelling wrote:

> Hi Sebastian,
>
> I love your mockups!   Great ideas!
>
> The only flaw is the whole "password" bit, though I think this is a  
> flaw with Facebook's solutions as well.  For people that use  
> Facebook a lot, and also start connecting to other websites using  
> Facebook Connect, the potential for phishing seems very high -- If  
> I'm not already logged-in to my Facebook account, and I try to  
> "Connect" using Facebook, I'm asked for my Facebook email address/ 
> password.  This is not good.  In the future, once Facebook Connect  
> becomes very familiar to people, it will be easy to phish this type  
> of thing (on my popup window for facebook, the URL is "http:// 
> www.connect.facebook.com/lo...", the rest of which is cut-off).  
> Most people won't bother to look and see what the rest of the URL  
> says (it could be http://www.connect.facebook.com.lookout.com").
>
> I think your UI workflow will have the same problems as Facebook  
> Connect. So, is there a way to utliize the workflow you propose,  
> but if the user isn't logged-in to their OP, then take them to  
> their OP's login page
> (which would involve a redirect). I know it's not an ideal "flow",  
> but my feeling
> is that Facebook's connect popup (or Open Connect's popup) will be  
> easily phishable in its current form that asks for a password to be  
> entered.
>
> Overall, though, I think your flow is pretty cool!
>
> David
>
> On Sun, Dec 14, 2008 at 5:46 PM, Sebastian <pixelsebi at me.com> wrote:
> Hi UX list,
>
> I have created a few mockups over the weekend to illustrate a UX
> proposal, which just adapts the Facebook Connect design-pattern for
> the OpenStack:
>
> http://pixelsebi.com/2008-12-14/open-connect-a-ux-proposal-for-the- 
> openstack/
>
> Looking forward to get your feedback!
>
> Best Regards,
> Sebastian
>
> _______________________________________________
> user-experience mailing list
> user-experience at openid.net
> http://openid.net/mailman/listinfo/user-experience
>
> _______________________________________________
> user-experience mailing list
> user-experience at openid.net
> http://openid.net/mailman/listinfo/user-experience



More information about the user-experience mailing list