MySpace OpenID Popup spotted in the wild

Evert | Rooftop evert at
Fri May 1 18:11:31 UTC 2009

On 1-May-09, at 1:35 PM, Johannes Ernst wrote:
> If we could get the browser developers to add anything we wanted to  
> their browsers, what *exactly* would we want them to implement?
> This is not outlandish. The Mozilla folks asked repeatedly in the  
> past (and we never knew what to say in response) and the security of  
> a billion OpenIDs is not a set of user requirements that's easily  
> dismissed either.
> It appears that it would be some kind of user interface element  
> (think "popup" for a minute) that could display the OP's  
> authentication ceremony. But where the browser would somehow  
> "certify" that it was not a phishing attempt and came from one of  
> the user's trusted OPs. In a way that is better than having the user  
> to do a string compare on the URL shown in the address bar.
> What would such a user interface element look like? That's not  
> limited to what we can do without cooperation from the browser guys.
> In Firefox, it could be sitting in the side bar for example. (where  
> the bookmarks are) Or ...?

My $0.02.

We recently allowed openid logins to our application, most people  
don't care about it because their browser already had their username +  
password stored.
I want the browser to recognize openid on a page, and pre-fill it with  
my default openid account information.

Furthermore, a browser could indicate a site has enabled openid,  
through an icon in the addressbar, much like rss.

I personally don't know anyone who actively uses sidebars, especially  
with the 'awesomebar', every operation goes into the addressbar.
I think openid id could use a slightly more 'in your face'-type thing,  
not a sidebar, well-hidden in some submenu.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2433 bytes
Desc: not available
URL: <>

More information about the user-experience mailing list