I highly recommend that all those whom I cc'd join the user-experience list at OpenID if you haven't already:<div><br></div><div><a href="http://openid.net/mailman/listinfo/user-experience">http://openid.net/mailman/listinfo/user-experience</a><br clear="all">
<br></div><div>I wanted to point out a disturbing but insightful trend that I've seen in apps, both on the Mac and iPhone lately... essentially embedding a WebKit view inside the app for doing delegated authentication. Example:</div>
<div><br></div><div><a href="http://www.flickr.com/photos/factoryjoe/3260710115/">http://www.flickr.com/photos/factoryjoe/3260710115/</a><br></div><div><br></div><div>Without the URL bar (presuming that the URL bar hasn't been tampered with), it's impossible to know who is hosting this page. Facebook is also none-the-wiser about whether this experience is taking place from within the browser or within some custom app. I also don't see how this can be stopped.</div>
<div><br></div><div>I'd like to hear your thoughts about this, given our desire to push the popup experience forward, mandating, I presume, visibility of the URL bar in these flows.</div><div><br></div><div>Chris</div>
<div><br>-- <br>Chris Messina<br>Citizen-Participant &<br> Open Web Advocate-at-Large<br><br><a href="http://factoryjoe.com">factoryjoe.com</a> # <a href="http://diso-project.org">diso-project.org</a><br><a href="http://citizenagency.com">citizenagency.com</a> # <a href="http://vidoop.com">vidoop.com</a><br>
This email is: [X] bloggable [ ] ask first [ ] private<br>
</div>