MySpace OpenID Popup spotted in the wild

max engel max at 8bitkid.com
Fri Mar 20 19:33:10 UTC 2009 

The bar shouldn't be supressed, and it didn't happen in any of our testing. 
See if it happens in firefox. I definitely planned it so the url should be 
visible, and will fix any bugs.

With regards to the credentials temporarily refreshing before successful 
login, this is a known deficiency we are addressing, and is because the 
login controller is being served inside the popup in an iframe due to 
MySpace security development policies.

I'll review the disclaimer language, but we wanted to keep it simple and 
lightweight, and our testing confirmed this. We do have different language 
for vanilla openid v. Pop-up.

Definitely pass along to me any additional feedback.

- Max

...sent from the road


  _____

From: user-experience-bounces at openid.net
To: OpenID user experience
Cc: Max Engel
Sent: Fri Mar 20 14:21:32 2009
Subject: Re: MySpace OpenID Popup spotted in the wild


Yeah, that was my number one concern. Hiding the URL bar is really the WRONG 
way to do it (something the spec MUST address, though I doubt in that 
context we can use the word MUST...).

To see this in action, visit the test site:

http://8bitmusic.jdavid.net/

The experience with the site is extremely weird: I signed in properly using 
the popup and the login page refreshed instead of providing me some kind of 
"success" message. I thought I'd entered the wrong credentials and hit 
cancel, but then the parent window refreshed and showed my profile, with a 
bunch of my data prepopulated (without asking me for explicit access 
permission):

http://www.flickr.com/photos/factoryjoe/3370317843/

Clearly this leaves something to be desired, but now we at least have an 
alternative to Facebook Connect that we can look at!

Chris


On Fri, Mar 20, 2009 at 11:28 AM, Allen Tom <atom at yahoo-inc.com> wrote:


http://www.flickr.com/photos/factoryjoe/3369029303/

Looks really nice! My main feedback is that the browser's address bar needs 
to be displayed so that users can tell if they're logging into myspace or 
not.

The instructions on MySpace's home page says that you shouldn't login to 
this popup. :)



Always make sure you're visiting the real myspace.com!


1.	Check the URL in your browser.
2.	Make sure it begins with http://www.myspace.com/
3.	If ANY OTHER PAGE asks for your info, DON'T LOG IN!




_______________________________________________
user-experience mailing list
user-experience at openid.net
http://openid.net/mailman/listinfo/user-experience






-- 
Chris Messina
Citizen-Participant &
 Open Web Advocate

factoryjoe.com // diso-project.org // vidoop.com
This email is:   [ ] bloggable    [X] ask first   [ ] private

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-user-experience/attachments/20090320/91f5eb42/attachment-0002.htm>

More information about the user-experience mailing list