Open Connect - A UX proposal for the OpenStack
Joseph A Holsten
joseph at josephholsten.com
Sun Dec 14 22:06:24 UTC 2008
Agreed. It is vital that, in the absence of ibid, the user check the
OP url. A warning of that sort would have to go on the RP's page of
the flow. But the RP is probably the one trying to spoof the user.
I think the best tactic is then to get respectable RPs to mention it
so checking becomes second nature. Has anyone put together a really
effective blurb to tell users how to check the URL? How about a box
like http://www.flickr.com/photos/josephholsten/3107919243/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 3107919243_17ae481569.jpg
Type: image/jpeg
Size: 12723 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-user-experience/attachments/20081214/33205c3b/attachment-0002.jpg>
-------------- next part --------------
http://josephholsten.com
On Dec 14, 2008, at 3:05 PM, David Fuelling wrote:
> Hi Sebastian,
>
> I love your mockups! Great ideas!
>
> The only flaw is the whole "password" bit, though I think this is a
> flaw with Facebook's solutions as well. For people that use
> Facebook a lot, and also start connecting to other websites using
> Facebook Connect, the potential for phishing seems very high -- If
> I'm not already logged-in to my Facebook account, and I try to
> "Connect" using Facebook, I'm asked for my Facebook email address/
> password. This is not good. In the future, once Facebook Connect
> becomes very familiar to people, it will be easy to phish this type
> of thing (on my popup window for facebook, the URL is "http://
> www.connect.facebook.com/lo...", the rest of which is cut-off).
> Most people won't bother to look and see what the rest of the URL
> says (it could be http://www.connect.facebook.com.lookout.com").
>
> I think your UI workflow will have the same problems as Facebook
> Connect. So, is there a way to utliize the workflow you propose,
> but if the user isn't logged-in to their OP, then take them to
> their OP's login page
> (which would involve a redirect). I know it's not an ideal "flow",
> but my feeling
> is that Facebook's connect popup (or Open Connect's popup) will be
> easily phishable in its current form that asks for a password to be
> entered.
>
> Overall, though, I think your flow is pretty cool!
>
> David
>
> On Sun, Dec 14, 2008 at 5:46 PM, Sebastian <pixelsebi at me.com> wrote:
> Hi UX list,
>
> I have created a few mockups over the weekend to illustrate a UX
> proposal, which just adapts the Facebook Connect design-pattern for
> the OpenStack:
>
> http://pixelsebi.com/2008-12-14/open-connect-a-ux-proposal-for-the-
> openstack/
>
> Looking forward to get your feedback!
>
> Best Regards,
> Sebastian
>
> _______________________________________________
> user-experience mailing list
> user-experience at openid.net
> http://openid.net/mailman/listinfo/user-experience
>
> _______________________________________________
> user-experience mailing list
> user-experience at openid.net
> http://openid.net/mailman/listinfo/user-experience
More information about the user-experience
mailing list