MySpace OpenID Popup spotted in the wild
max engel
max at 8bitkid.com
Fri Mar 20 19:33:10 UTC 2009
The bar shouldn't be supressed, and it didn't happen in any of our testing.
See if it happens in firefox. I definitely planned it so the url should be
visible, and will fix any bugs.
With regards to the credentials temporarily refreshing before successful
login, this is a known deficiency we are addressing, and is because the
login controller is being served inside the popup in an iframe due to
MySpace security development policies.
I'll review the disclaimer language, but we wanted to keep it simple and
lightweight, and our testing confirmed this. We do have different language
for vanilla openid v. Pop-up.
Definitely pass along to me any additional feedback.
- Max
...sent from the road
_____
From: user-experience-bounces at openid.net
To: OpenID user experience
Cc: Max Engel
Sent: Fri Mar 20 14:21:32 2009
Subject: Re: MySpace OpenID Popup spotted in the wild
Yeah, that was my number one concern. Hiding the URL bar is really the WRONG
way to do it (something the spec MUST address, though I doubt in that
context we can use the word MUST...).
To see this in action, visit the test site:
http://8bitmusic.jdavid.net/
The experience with the site is extremely weird: I signed in properly using
the popup and the login page refreshed instead of providing me some kind of
"success" message. I thought I'd entered the wrong credentials and hit
cancel, but then the parent window refreshed and showed my profile, with a
bunch of my data prepopulated (without asking me for explicit access
permission):
http://www.flickr.com/photos/factoryjoe/3370317843/
Clearly this leaves something to be desired, but now we at least have an
alternative to Facebook Connect that we can look at!
Chris
On Fri, Mar 20, 2009 at 11:28 AM, Allen Tom <atom at yahoo-inc.com> wrote:
http://www.flickr.com/photos/factoryjoe/3369029303/
Looks really nice! My main feedback is that the browser's address bar needs
to be displayed so that users can tell if they're logging into myspace or
not.
The instructions on MySpace's home page says that you shouldn't login to
this popup. :)
Always make sure you're visiting the real myspace.com!
1. Check the URL in your browser.
2. Make sure it begins with http://www.myspace.com/
3. If ANY OTHER PAGE asks for your info, DON'T LOG IN!
_______________________________________________
user-experience mailing list
user-experience at openid.net
http://openid.net/mailman/listinfo/user-experience
--
Chris Messina
Citizen-Participant &
Open Web Advocate
factoryjoe.com // diso-project.org // vidoop.com
This email is: [ ] bloggable [X] ask first [ ] private
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-user-experience/attachments/20090320/91f5eb42/attachment-0002.htm>
More information about the user-experience
mailing list