Hmm, ok.<div><br></div><div>You mentioned user testing. I'm surprised that an act initiated by a user would cause them to instinctively close the popup.</div><div><br></div><div>I was thinking about this, and I think that we need to address this with a button or link that better describes what's about to happen. Here are some rough mockups:</div>
<div><br></div><div><a href="http://www.flickr.com/photos/factoryjoe/3280478828/">http://www.flickr.com/photos/factoryjoe/3280478828/</a><br></div><div><a href="http://www.flickr.com/photos/factoryjoe/3279658729/">http://www.flickr.com/photos/factoryjoe/3279658729/</a><br>
</div><div><a href="http://www.flickr.com/photos/factoryjoe/3280481558/">http://www.flickr.com/photos/factoryjoe/3280481558/</a><br></div><div><br></div><div>And for good measure, here's how to sign out:</div><div><br>
</div><div><a href="http://www.flickr.com/photos/factoryjoe/3279663105/">http://www.flickr.com/photos/factoryjoe/3279663105/</a><br></div><div><a href="http://www.flickr.com/photos/factoryjoe/3280495172/">http://www.flickr.com/photos/factoryjoe/3280495172/</a><br>
</div><div><br></div><div>Considering what Jacob Nielson has said about popups, I think this direction is worth pursuing (even if the arrived upon conclusions don't look precisely as I've mocked them up).</div><div>
<br></div><blockquote class="gmail_quote" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0.8ex; border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex; ">
<span class="Apple-style-span" style="font-family: Times; font-size: 16px; "><span class="Apple-style-span" style="color: rgb(85, 85, 85); font-family: Verdana; font-size: 13px; line-height: 19px; ">Unless you warn them, Web users are likely to expect the new page to load in the current window. Unexpected surprises can be fun, but not when you're browsing the Web.</span></span><br>
</blockquote><div><br></div><div><a href="http://www.sitepoint.com/article/beware-opening-links-new-window/">http://www.sitepoint.com/article/beware-opening-links-new-window/</a><br><br></div><div>What do you think?</div>
<div><br></div><div>Chris</div><div><br><div class="gmail_quote">On Sat, Feb 14, 2009 at 5:48 PM, Ben Clemens <span dir="ltr"><<a href="mailto:bclemens@currentmedia.com">bclemens@currentmedia.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div>
<font face="Calibri, Verdana, Helvetica, Arial"><span style="font-size:11pt">No reason to beat the issues to death, everyone is aware of them... it's probably better to focus on how much better it's become recently...<br>
<br>
Taking the auth into a pop-up certainly works better once the pop-up is launched, but in testing many times this would be a failed completion (users would instinctively close a launching pop-up, and three users who did allow it to launch were sure that the login was an ad — a legacy of ads that look like dialogs I guess). I am sure all of this will get better as people become aware of openid, etc.<br>
<br>
PS; the site is user-contribution-driven, so I'm claiming safe harbor and all that on the pugs :)<br>
<br>
best,<br>
Ben<div class="Ih2E3d"><br>
<br>
On 2/14/09 4:21 PM, "Chris Messina" <<a href="http://chris.messina@gmail.com" target="_blank">chris.messina@gmail.com</a>> wrote:<br>
<br>
</div></span></font><blockquote><div class="Ih2E3d"><font face="Calibri, Verdana, Helvetica, Arial"><span style="font-size:11pt">Thanks for posting to this list Ben. It's experiencing like yours that should inform the guidelines that we produce for implementing remote auth in a consistent way.<br>
<br>
I'd like to first ask about what is specifically hard to "embrace"? That is, is there one part of this user flow that's harder to embrace than another? Just the popup or something else?<br>
<br>
As for the flow, I'm starting to see some behaviors that suggests that the entire authentication flow (for legacy accounts or OpenIDs) should happen in a popup, and with the smars that Luke outlined in his post [1], just update elements on the page that vary depending on logged in/logged out state.<br>
<br>
Specifically, I was taking a look at the Get Satisfaction sign in experience (recently redesigned):<br>
<br>
<a href="http://flickr.com/photos/factoryjoe/3279892028/" target="_blank">http://flickr.com/photos/factoryjoe/3279892028/</a><br>
<br>
It looks great, until you click OpenID, when you get this message:<br>
<br>
<a href="http://flickr.com/photos/factoryjoe/3279893768/" target="_blank">http://flickr.com/photos/factoryjoe/3279893768/</a><br>
<br>
FAIL!<br>
<br>
The irony is that if, instead of launching authentication from within a lightbox, they'd launched a popup using Luke's non-reloading fragment trick, this whole experience could be made seamless for the user... <br>
<br>
So, I'm leaning more and more towards pushing towards a nice fat universal "Sign in" button that always pops a new window when non-legacy accounts are available. Over time, I think people will become more familiar with the experience and possibly with the button too (if we design it well) so that throwing a popup won't cause confusion.<br>
<br>
Are you generally opposed to this approach?<br>
<br>
Chris<br>
<br>
P.S. What are those pugs doing in currentauth_4_openid_link.png</span></font><font size="2"><font face="Arial"><span style="font-size:10pt">?? <br>
</span></font></font><font face="Calibri, Verdana, Helvetica, Arial"><span style="font-size:11pt"><br>
[1] <a href="http://www.sociallipstick.com/2009/02/04/how-to-accept-openid-in-a-popup-without-leaving-the-page/" target="_blank">http://www.sociallipstick.com/2009/02/04/how-to-accept-openid-in-a-popup-without-leaving-the-page/</a><br>
<br>
On Fri, Feb 13, 2009 at 4:10 PM, Ben Clemens <<a href="http://bclemens@currentmedia.com" target="_blank">bclemens@currentmedia.com</a>> wrote:<br>
</span></font></div><blockquote><font face="Calibri, Verdana, Helvetica, Arial"><span style="font-size:11pt"><div class="Ih2E3d">I really appreciate the reply, and I understand the large problems of breaking a security model; I imagine the "big button that spawns a pop-up" solution is where we will have to go. Perhaps I just have to accept the "least bad" scenario given the limitations that exist, but it is hard to "embrace." :) <br>
<br>
<br></div><div class="Ih2E3d">
On 2/13/09 2:16 PM, "Luke Shepard" <<a href="http://lshepard@facebook.com" target="_blank">lshepard@facebook.com</a> <<a href="http://lshepard@facebook.com" target="_blank">http://lshepard@facebook.com</a>> > wrote:<br>
<br>
</div></span></font><blockquote><font face="Calibri, Verdana, Helvetica, Arial"><span style="font-size:11pt"><div class="Ih2E3d">First, these mocks look pretty sweet. It's clear you've done a lot of thinking about the experience of a relying party.<br>
<br>
Steps 1,2, and 4 can all be done on your site, and for step 3, there's no need to break security policy by using an iframe. I think the providers are working on better designs that make it completely clear what's happening to the user so as to require minimal context from the RP. However, if you really want to tell the user what's happening before they click, then I suggest making an iframe lightbox explaining what's happening, then giving them a big fat Google button to click on, which spawns the popup. That would seem to accomplish the same goals.<br>
<br>
If they weren't already, I'm pretty sure Google and others will start putting iframe-busting Javascript to make this kind of thing impossible.<br>
<br>
We are working on putting together a best practices doc on the wiki as a result of the UX summit on Tuesday. Any feedback would be appreciated:<br>
<a href="http://wiki.openid.net/Details-of-UX-Best-Practices-for-RPs" target="_blank">http://wiki.openid.net/Details-of-UX-Best-Practices-for-RPs</a><br>
<br></div><div class="Ih2E3d">
On 2/13/09 1:10 PM, "Ben Clemens" <<a href="http://bclemens@currentmedia.com" target="_blank">bclemens@currentmedia.com</a> <<a href="http://bclemens@currentmedia.com" target="_blank">http://bclemens@currentmedia.com</a>> > wrote:<br>
<br>
</div></span></font><blockquote><font face="Calibri, Verdana, Helvetica, Arial"><span style="font-size:11pt"><div class="Ih2E3d">Hi:<br>
<br>
I'm a designer working on an OpenID (and FB Connect) implementation for<br>
</div><a href="http://current.com" target="_blank">current.com</a> <<a href="http://current.com" target="_blank">http://current.com</a>> , a social news site from Current TV (a cable TV channel). I've<div class="Ih2E3d">
<br>
consulted with Chris Messina and wanted to ask this group for advice on the<br>
design I have so far.<br>
<br>
The largest issue for me has been attempting to do parts of the process in a<br>
pop-up window. While the domain of the site the user is providing their<br>
credentials to is a gigantic issue of course, the issue of *what exactly<br>
</div><a href="http://current.com" target="_blank">current.com</a> <<a href="http://current.com" target="_blank">http://current.com</a>> will use the account access for* is *even bigger* for users I've<div class="Ih2E3d">
<br>
talked with. Users do not want to provide access if we will be adding items<br>
to their account without their permission, and after a pop-up is launched<br>
(or there's a redirect), I have no ability to message the user about what my<br>
site will do with the access they are providing. So, this version of the<br>
design loads the external auth into an iFrame (now, excuse me while I cower<br>
behind a mattress and prepare for the tomatoes and other thrown objects).<br>
<br>
Thanks in advance for any feedback, advice, criticism, and an obvious, easy<br>
way around these issues :)<br>
<br>
<a href="http://labs.current.com/openid/currentauth_1_default.png" target="_blank">http://labs.current.com/openid/currentauth_1_default.png</a><br>
<a href="http://labs.current.com/openid/currentauth_2_openid_identity.png" target="_blank">http://labs.current.com/openid/currentauth_2_openid_identity.png</a><br>
<a href="http://labs.current.com/openid/currentauth_3_openid_auth.png" target="_blank">http://labs.current.com/openid/currentauth_3_openid_auth.png</a><br>
<a href="http://labs.current.com/openid/currentauth_4_openid_link.png" target="_blank">http://labs.current.com/openid/currentauth_4_openid_link.png</a><br>
<br>
Ben Clemens<br>
</div><a href="http://current.com" target="_blank">current.com</a> <<a href="http://current.com" target="_blank">http://current.com</a>> <br>
<br>
_______________________________________________<br>
user-experience mailing list<br>
<a href="http://user-experience@openid.net" target="_blank">user-experience@openid.net</a> <<a href="http://user-experience@openid.net" target="_blank">http://user-experience@openid.net</a>> <br><div class="Ih2E3d">
<a href="http://openid.net/mailman/listinfo/user-experience" target="_blank">http://openid.net/mailman/listinfo/user-experience</a><br>
<br>
</div></span></font></blockquote><font face="Calibri, Verdana, Helvetica, Arial"><span style="font-size:11pt"><br>
<hr align="CENTER" size="3" width="95%"></span></font><font size="2"><font face="Consolas, Courier New, Courier"><span style="font-size:10pt">_______________________________________________<br>
user-experience mailing list<br>
<a href="http://user-experience@openid.net" target="_blank">user-experience@openid.net</a> <<a href="http://user-experience@openid.net" target="_blank">http://user-experience@openid.net</a>> <br><div class="Ih2E3d">
<a href="http://openid.net/mailman/listinfo/user-experience" target="_blank">http://openid.net/mailman/listinfo/user-experience</a><br>
</div></span></font></font></blockquote><div class="Ih2E3d"><font face="Calibri, Verdana, Helvetica, Arial"><span style="font-size:11pt"><br>
_______________________________________________<br>
user-experience mailing list<br>
<a href="http://user-experience@openid.net" target="_blank">user-experience@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/user-experience" target="_blank">http://openid.net/mailman/listinfo/user-experience</a><br>
<br>
</span></font></div></blockquote><font face="Calibri, Verdana, Helvetica, Arial"><span style="font-size:11pt"><br>
<br>
</span></font></blockquote>
</div>
<br>_______________________________________________<br>
user-experience mailing list<br>
<a href="mailto:user-experience@openid.net">user-experience@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/user-experience" target="_blank">http://openid.net/mailman/listinfo/user-experience</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>Chris Messina<br>Citizen-Participant &<br> Open Web Advocate-at-Large<br><br><a href="http://factoryjoe.com">factoryjoe.com</a> # <a href="http://diso-project.org">diso-project.org</a><br>
<a href="http://citizenagency.com">citizenagency.com</a> # <a href="http://vidoop.com">vidoop.com</a><br>This email is: [ ] bloggable [X] ask first [ ] private<br>
</div>