<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi Marc,<br>
<br>
Sure you can blog about the work the community has been doing make the
OpenID sign-in experience more user friendly. Everything in the UI
Extension is public knowledge, and Google, Yahoo, and MySpace all
support the popup functionality.<br>
<br>
We'll be blogging about this on openid.net next week.<br>
<br>
LMK if you have any questions<br>
Allen<br>
<br>
<br>
Marc Canter wrote:
<blockquote
cite="mid:c07b07c70909200506q2789bc47qc7e40f21a49222ec@mail.gmail.com"
type="cite">
<pre wrap="">can we blog about this or wait?
On Sat, Sep 19, 2009 at 11:32 PM, Allen Tom <a class="moz-txt-link-rfc2396E" href="mailto:atom@yahoo-inc.com"><atom@yahoo-inc.com></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Jonathan Coffman wrote:
</pre>
<blockquote type="cite">
<pre wrap="">In seeing Yahoo's announcement of their pop-up flow, and Google's previous
migration -- is this quickly becoming the defacto standard?
</pre>
</blockquote>
<pre wrap="">Hi Jonathan,
Yahoo's usability testing indicates that the new OpenID popup flow performs
better than then old redirect flow, and this is also consistent with
Facebook's experience with Connect.
The popup flow is currently an extension, meaning that it's optional, and
it's the RP's choice to invoke either the popup or redirect. If you have the
resources to experiment with both flows in a production environment,
definitely everyone would be very interested in the results.
Some of my stakeholders are asking for a templated/co-branded experience
</pre>
<blockquote type="cite">
<pre wrap="">so that users, when redirected, see a logo, etc from the RP on the
sign-up/log-in page for our OP. Obviously, that's not too difficult to do
but I feel like the whole argument might be overcome with a simplified OP
design by utilizing the popup draft spec.
Section 6 in the Draft User Interface spec defines a mechanism for the RP
</pre>
</blockquote>
<pre wrap="">to pass its logos to the OP. Showing the RP's logos to the user on the OP's
approval/login screens definitely is very helpful to users, and feedback
from our testers in our usability labs was overwhelmingly positive when we
did this.
Speaking on behalf of Yahoo, there are issues with displaying metadata
about the RP that was not manually reviewed for correctness by the OP. For
instance, the RP could be a malicious site that is pretending to be a
trusted site, such as a bank. The malicious RP could misrepresent itself by
passing the bank logo to the OP.
Other OPs that are planning to supporting the RP Icons portion of the UI
Extension may have other opinions about how important it is for OPs to
manually verify the RP's logos before displaying them to the user.
An alternative approach for having the RP pass metadata about itself to the
OP (including icons, name, description) would be to use the OpenID OAuth
Hybrid Extension, and have all the RP metadata bound to the RP's OAuth
consumer_key. Most OAuth service providers usually have certain
business/legal criteria to issue an OAuth consumer_key, and in Yahoo's case,
business partners are allowed to have logos assocaited with their consumer
key, and all of these logos are manually reviewed before being enabled.
Thanks
Allen
_______________________________________________
user-experience mailing list
<a class="moz-txt-link-abbreviated" href="mailto:user-experience@lists.openid.net">user-experience@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-user-experience">http://lists.openid.net/mailman/listinfo/openid-user-experience</a>
</pre>
</blockquote>
<pre wrap=""><!---->
</pre>
<pre wrap="">
<hr size="4" width="90%">
_______________________________________________
user-experience mailing list
<a class="moz-txt-link-abbreviated" href="mailto:user-experience@lists.openid.net">user-experience@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-user-experience">http://lists.openid.net/mailman/listinfo/openid-user-experience</a>
</pre>
</blockquote>
<br>
</body>
</html>