MySpace OpenID Popup spotted in the wild

Allen Tom atom at yahoo-inc.com
Fri Mar 20 20:27:51 UTC 2009 

Hi Max,

The MySpace OpenID popup is really nice, and the address bar is 
displaying for me on Firefox. The Login with MySpaceID button is 
probably the most attractive CTA that I've seen to date.

At the recent Facebook UX summit, there seemed to be agreement that the 
best size for a popup was 450W by 500H. If OPs all used the same size 
for their popups, the experience would be more consistent.

You may also want to consider having the RP dim the contents the main 
browser window while the popup is active to encourage the user to focus 
on the popup.

Another minor detail is that buttons and other clickable elements 
usually use the hand cursor when the user mouses over them. The buttons 
and links in the popup don't use the hand cursor.

One more thing, although the password submission is sent to 
https://secure.myspace.com, the popup URL isn't https. It's also not 
"www.myspace.com" which seems to conflict with the instructions on your 
home page.

Overall, awesome stuff!
Allen


max engel wrote:
>
> The bar shouldn't be supressed, and it didn't happen in any of our 
> testing. See if it happens in firefox. I definitely planned it so the 
> url should be visible, and will fix any bugs.
>
> With regards to the credentials temporarily refreshing before 
> successful login, this is a known deficiency we are addressing, and is 
> because the login controller is being served inside the popup in an 
> iframe due to MySpace security development policies.
>
> I'll review the disclaimer language, but we wanted to keep it simple 
> and lightweight, and our testing confirmed this. We do have different 
> language for vanilla openid v. Pop-up.
>
> Definitely pass along to me any additional feedback.
>
> - Max
>
> ...sent from the road
>
> ------------------------------------------------------------------------
> *From*: user-experience-bounces at openid.net
> *To*: OpenID user experience
> *Cc*: Max Engel
> *Sent*: Fri Mar 20 14:21:32 2009
> *Subject*: Re: MySpace OpenID Popup spotted in the wild
> Yeah, that was my number one concern. Hiding the URL bar is really the 
> WRONG way to do it (something the spec MUST address, though I doubt in 
> that context we can use the word MUST...).
>
> To see this in action, visit the test site:
>
> http://8bitmusic.jdavid.net/
>
> The experience with the site is extremely weird: I signed in properly 
> using the popup and the login page refreshed instead of providing me 
> some kind of "success" message. I thought I'd entered the wrong 
> credentials and hit cancel, but then the parent window refreshed and 
> showed my profile, with a bunch of my data prepopulated (without 
> asking me for explicit access permission):
>
> http://www.flickr.com/photos/factoryjoe/3370317843/
>
> Clearly this leaves something to be desired, but now we at least have 
> an alternative to Facebook Connect that we can look at!
>
> Chris
>
> On Fri, Mar 20, 2009 at 11:28 AM, Allen Tom <atom at yahoo-inc.com 
> <mailto:atom at yahoo-inc.com>> wrote:
>
>     http://www.flickr.com/photos/factoryjoe/3369029303/
>
>     Looks really nice! My main feedback is that the browser's address
>     bar needs to be displayed so that users can tell if they're
>     logging into myspace or not.
>
>     The instructions on MySpace's home page says that you shouldn't
>     login to this popup. :)
>
>
>           Always make sure you're visiting the real myspace.com
>           <http://myspace.com>!
>
>        1. Check the URL in your browser.
>        2. Make sure it begins with http://www.myspace.com/
>        3. If ANY OTHER PAGE asks for your info, DON'T LOG IN!
>
>
>
>
>     _______________________________________________
>     user-experience mailing list
>     user-experience at openid.net <mailto:user-experience at openid.net>
>     http://openid.net/mailman/listinfo/user-experience
>
>
>
>
> -- 
> Chris Messina
> Citizen-Participant &
>  Open Web Advocate
>
> factoryjoe.com <http://factoryjoe.com> // diso-project.org 
> <http://diso-project.org> // vidoop.com <http://vidoop.com>
> This email is:   [ ] bloggable    [X] ask first   [ ] private
> ------------------------------------------------------------------------
>
> _______________________________________________
> user-experience mailing list
> user-experience at openid.net
> http://openid.net/mailman/listinfo/user-experience
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-user-experience/attachments/20090320/ec1d89d7/attachment-0001.htm>

More information about the user-experience mailing list