<p><font size=2 color=navy face=Arial>
The bar shouldn't be supressed, and it didn't happen in any of our testing. See if it happens in firefox. I definitely planned it so the url should be visible, and will fix any bugs.<br><br>With regards to the credentials temporarily refreshing before successful login, this is a known deficiency we are addressing, and is because the login controller is being served inside the popup in an iframe due to MySpace security development policies.<br><br>I'll review the disclaimer language, but we wanted to keep it simple and lightweight, and our testing confirmed this. We do have different language for vanilla openid v. Pop-up.<br><br>Definitely pass along to me any additional feedback.<br><br>- Max<br>
<br>...sent from the road</font></p>
<p><hr size=2 width="100%" align=center tabindex=-1>
<font face=Tahoma size=2>
<b>From</b>: user-experience-bounces@openid.net <user-experience-bounces@openid.net>
<br><b>To</b>: OpenID user experience <user-experience@openid.net>
<br><b>Cc</b>: Max Engel <mengel@myspace.com>
<br><b>Sent</b>: Fri Mar 20 14:21:32 2009<br><b>Subject</b>: Re: MySpace OpenID Popup spotted in the wild
<br></font></p>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
Yeah, that was my number one concern. Hiding the URL bar is really the WRONG way to do it (something the spec MUST address, though I doubt in that context we can use the word MUST...).<div><br></div><div>To see this in action, visit the test site:</div>
<div><br></div><div><a href="http://8bitmusic.jdavid.net/">http://8bitmusic.jdavid.net/</a></div><div><br></div><div>The experience with the site is extremely weird: I signed in properly using the popup and the login page refreshed instead of providing me some kind of "success" message. I thought I'd entered the wrong credentials and hit cancel, but then the parent window refreshed and showed my profile, with a bunch of my data prepopulated (without asking me for explicit access permission):</div>
<div><br></div><div><a href="http://www.flickr.com/photos/factoryjoe/3370317843/">http://www.flickr.com/photos/factoryjoe/3370317843/</a></div><div><br></div><div>Clearly this leaves something to be desired, but now we at least have an alternative to Facebook Connect that we can look at!</div>
<div><br></div><div>Chris<br><br><div class="gmail_quote">On Fri, Mar 20, 2009 at 11:28 AM, Allen Tom <span dir="ltr"><<a href="mailto:atom@yahoo-inc.com">atom@yahoo-inc.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div bgcolor="#ffffff" text="#000000">
<a href="http://www.flickr.com/photos/factoryjoe/3369029303/" target="_blank">http://www.flickr.com/photos/factoryjoe/3369029303/</a><br>
<br>
Looks really nice! My main feedback is that the browser's address bar
needs to be displayed so that users can tell if they're logging into
myspace or not.<br>
<br>
The instructions on MySpace's home page says that you shouldn't login
to this popup. :)<br>
<br>
<h3>Always make sure you're visiting the real <a href="http://myspace.com" target="_blank">myspace.com</a>!</h3>
<ol>
<li>Check the URL in your browser.</li>
<li>Make sure it begins with <a href="http://www.myspace.com/" target="_blank">http://www.myspace.com/</a></li>
<li>If ANY OTHER PAGE asks for your info, DON'T LOG IN!</li>
</ol>
<br>
<br>
</div>
<br>_______________________________________________<br>
user-experience mailing list<br>
<a href="mailto:user-experience@openid.net">user-experience@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/user-experience" target="_blank">http://openid.net/mailman/listinfo/user-experience</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>Chris Messina<br>Citizen-Participant &<br> Open Web Advocate<br><br><a href="http://factoryjoe.com">factoryjoe.com</a> // <a href="http://diso-project.org">diso-project.org</a> // <a href="http://vidoop.com">vidoop.com</a><br>
This email is: [ ] bloggable [X] ask first [ ] private<br>
</div>