Posted at 6:07 pm on May 14, 2009 by David Recordon
This morning, Google released an upgrade to their OpenID Provider to support the draft OpenID User Interface Extension along with JanRain who added support for it to their Relying Party service RPX. This means that Google users signing into sites like UserVoice (choose “Google” to see it in action) now have a much better user experience; one much closer to that of Facebook Connect. Google also allows users to choose to share their profile information with Relying Parties via OpenID Attribute Exchange and the Google Data APIs via OAuth.
The OpenID User Interface Extension is one of the main pieces of work that has come from the OpenID Design Summit hosted by Facebook earlier this year. The extension replaces the traditional OpenID sign in flow of being redirected from the Relying Party to the OpenID Provider with a popup window which shows the URL bar on top of the Relying Party itself.
The new popup style UI, which implements the OpenID User Interface Extension Specification, is designed to streamline the federated login experience for users. Specifically, it’s designed to ensure that the context of the Relying Party website is always available and visible, even in the extreme case where a confused user closes the Google approval window. JanRain, a provider of OpenID solutions, is an early adopter of the new API, and already offers it as part of their RPX product. As demonstrated by UserVoice using JanRain’s RPX, the initial step on the sign-in page of the Relying Party website is identical to that of the “full page” version, and does not require any changes in the Relying Party UI.
Once the user selects to sign in using his or her Google Account, the Google approval page is displayed. However, it does not replace the Relying Party’s page in the main browser window. Instead it is displayed as a popup window on top of it. We have updated our Open Source project to include a complete Relying Party example, providing code for both the back-end (in Java) and front-end (javascript) components.
Once the user approves the request, the popup page closes, and the user is signed in to the Relying Party website.
User experience continues to be one of our key priorities for the community and foundation this year, and progress like seeing Google and JanRain ship the first implementation of the OpenID popup flow is demonstrating that we’ve been able to seize the momentum coming into this year and make real progress in a short period of time.
We’re looking forward to discussing this and other initiatives at the Internet Identity Workshop this coming Monday.
This entry was posted
on Thursday, May 14th, 2009 at 6:07 pm and is filed under News.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 7:27 pm on October 30, 2008 by The Shared Admin
This is a historic week for OpenID. Google and Microsoft announced the release of code to support OpenID 2.0 across their most important properties. On Monday, Microsoft, announced OpenID 2.0 support for their 460 million users on the LiveID platform. On Wednesday Google said it will be supporting OpenID 2.0 for any user that has a Google account. Both of these deployments are great news for the OpenID community and the Internet at large. It can be safely said that within the coming months, every single user on the Internet will have an OpenID.
There was some discussion from a few people yesterday claiming that Google’s implementation was a fork of OpenID. Today, Eric Sachs, Google’s lead on this effort, has another post responding to some of this early criticism:
That registration requirement also led to some confusion because users wanted to be able to use existing websites that accept OpenID 2.0 compliant logins by simply entering gmail.com (or in some cases their E-mail address) into the login boxes on those websites. … Once the XRDS file is live, end-users should be able to use the service by typing gmail.com in the OpenID field of any login box that supports OpenID 2.0, similar to how Yahoo users can type yahoo.com or their Yahoo E-mail address (In the meantime, if you feel really geeky, you can type https://www.google.com/accounts/o8/id into an OpenID 2.0 login box).
Although these are both considered “preview releases” by both companies, the fact that they have put code out there that developers can start to work with is absolutely fantastic. Both Google and Microsoft have stated that these are testing implementations and as such, their may be certain limitations while they work on localization, scaling and general UI.
Mike Jonestalks about some of the details of the Microsoft LiveID testing:
One feature of the OpenID 2.0 implementation that I’d like to call your attention to is that they give users a choice, on a per-relying party basis, whether to use a site-specific OpenID URL at the site for privacy reasons, or whether to use a public identifier for yourself – explicitly enabling correlation of your identity interactions on different sites.
This entry was posted
on Thursday, October 30th, 2008 at 7:27 pm and is filed under News.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 5:45 pm on October 1, 2008 by Brian Kissel
A couple of weeks ago the BBC hosted twenty-six people from seventeen organizations including eight OpenID Providers and eight OpenID Relying Parties (sites which accept OpenID logins) in New York City to kick off an OpenID Content Provider Advisory Committee. The goal of the session was to answer specific questions by the Content Provider community (media companies and national affinity groups) as well as to provide feedback to the OpenID Foundation, its member companies, and the wider community on the future direction of OpenID.
While OpenID has seen rapid adoption in the “user generated content” segment (blogs, discussion groups, wikis, etc.), we were very excited to see increased interest from mainstream media companies and affinity organizations. Participants at this event included AARP, AOL, BBC, Google, Hearst Magazines, JanRain, Meredith, MySpace, National 4-H, National Public Radio (NPR), The New York Times, Reed Business Information, Six Apart, Time Inc., Vidoop, and Yahoo!.
Throughout the day we covered a wide range of topics including:
Business case for OpenID — use cases and economic impact
Best practices for OpenID Providers and Relying Parties in the areas of user experience, data support, security, and product features
Optimal Content Provider user experience
Data Management — sources, integration, industry specific data, accuracy, security & trust
Coming Enhancements — Provider Authentication Policy Extension (PAPE), OAuth, Portable Contacts API, MySpace Data Availability, and integration of OpenID into browsers.
Yahoo!, Google, and MySpace all presented information about their OpenID Provider services, thoughts on user experience and lessons learned, and some future plans. National 4-H presented a summary of an OpenID-based integrated National, State, and Local web platform that they will be deploying in the coming months. We shared a case study on Japan Airlines (JAL) federated partner commerce using OpenID with the proposed Trusted Data Exchange (TX) extension that Nomura Research Institute (NRI) has been developing. There was extensive discussion between existing and potential Relying Parties and the OpenID Providers about what would facilitate faster and broader adoption of OpenID in the Content Provider community. The session was moderated and feedback captured by Market Focus, a strategic marketing consulting firm who will be performing additional customer and market research on behalf of the OpenID Foundation.
If other content providers would like to join this advisory committee, please contact Johannes Ernst or Brian Kisselof the OpenID Foundation Customer Research Committee for further information.
Additionally, many members of the OpenID community will be attending the upcoming Internet Identity Workshop (IIW) on November 10-12 at the Computer History Museum in Mt. View, CA. This will provide a great venue for face to face discussions and additional opportunities to provide input and feedback on the future direction of OpenID.
This entry was posted
on Wednesday, October 1st, 2008 at 5:45 pm and is filed under News.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 8:37 am on December 3, 2007 by David Recordon
As a great way to lead into the Internet Identity Workshop this week in Mountain View CA, both Microsoft and Google shipped OpenID features in beta products this past Friday. Microsoft Research announced an experimental Provider while Google announced the ability to comment on Blogger blogs using OpenID.
As some backstory, this past February at the RSA Conference Bill Gates and Craig Mundie announced Microsoft’s support of OpenID 2.0. (See Read/WriteWeb’s coverage…they’re the first result on Google) Since that time there has been a lot of great progress made which culminates with a posting by Kim Cameron’s (Microsoft’s Lead Identity Architect). In addition to being able to authenticate to MyOpenID.com and VeriSign’s PIP using CardSpace, the promise to develop a specification which conveys stronger authentication was used has seen its second (quite stable) draft. We’re very quickly getting to a world where OpenID can be used to move around the web, CardSpace (or other technologies such as tokens) can be used to authenticate to your OpenID Provider, and the Relying Party can find out that you didn’t use a password at all. In addition to this technological work, Microsoft has been incredibly involved in helping the OpenID Community develop an IPR Policy and Process that can be used moving forward to ensure that future specifications are not patent encumbered. You can learn more about the IPR work underway at http://openid.net/foundation/intellectual-property/.
Up until Friday little had been heard from Google in regards to OpenID support. The Blogger Beta has a very clear interface for both enabling and commenting with OpenID. Additionally as the Blogger team is using the OpenID4Java library mainly developed by Sxip Identity, they should have support for OpenID 2.0 as well. Google has also announced that work is underway to have Blogger operate as an OpenID Provider as well. Many others have written about the Blogger announcement too.
All in all, an extremely great way to finish the week before IIW!
This entry was posted
on Monday, December 3rd, 2007 at 8:37 am and is filed under News.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
