Posts Tagged ‘user experience’
Posted at 10:51 am on September 25, 2009 by Allen Tom
Google, Yahoo!, and MySpace have launched support for the OpenID OAuth Hybrid Protocol, which combines OpenID authentication (sign in) with OAuth authorization (access control) into a single interface. Websites that accept OpenID can now let the hundreds of millions of users who already have either a MySpace, Google, or Yahoo! account sign in and enable two-way data sharing of their profile, contacts, and activities, without having to register a new site-specific account or to share their password.
Plaxo is one of the earliest adopters of OpenID, allowing their users to sign into Plaxo using an OpenID enabled account with just a couple mouse clicks. Instead of requiring first-time Plaxo users to manually verify their email address by sending a verification email, Plaxo uses OpenID Attribute Exchange to verify Yahoo! and GMail email addresses without forcing users to wait at their mailbox for the verification email to arrive. Building on their successful experience with OpenID, Plaxo is experimenting with the Hybrid Protocol: A portion of new users who sign up for Plaxo using either a GMail or Yahoo account can now sign into Plaxo with their OpenID and authorize two-way data sharing of their Contacts and Activities via the Hybrid Protocol. You can read more about how this works on the Plaxo blog.
“OpenID+OAuth hybrid onboarding is the state-of-the-art for connecting users and sites across the emerging Social Web,” says Joseph Smarr, CTO of Plaxo and Board Member of the OpenID Foundation. “Google, Yahoo!, and MySpace all have massive userbases and expertise in consumer-friendly design, along with a rich set of APIs. So this is a major milestone in making the Social Web more open and interoperable.”
Another trailblazer in the OpenID space is JanRain, whose RPX service powers the l
ogin and registration flows for their customers, including Qype and MySears. Using the OpenID protocol, users can sign into RPX-enabled websites with an account that they already have. Now that RPX supports the Hybrid Protocol, sites integrating with RPX can now let users sign in with one of their existing accounts and share their Profile. In addition, these sites can also receive massive referral traffic by syndicating their user activities back to their OpenID Provider to be viewed by their friends and contacts at Yahoo!, Google, or MySpace.
Not only are we making OpenID more powerful, we’ve been taking steps to make OpenID easier and less confusing to use. The traditional OpenID “redirect” user experience has been criticized for taking a user away from the site during the login process. The OpenID User Interface Working Group has been chartered to make OpenID more user friendly, and we’re glad to announce that Yahoo!, Google, and MySpace now support the Popup UI as defined in the OpenID User Interface Extension. Sites that want to preserve their context and keep the user on their site can open a small popup window to complete the OpenID authentication flow. In order to help prevent phishing, the User Interface extension requires that the popup be displayed in an independent browser window with the address bar clearly displayed.
OpenID gives users control over their data and makes it possible for sites to build a single interface that can reach virtually all potential users. Because OpenID is an interoperable open standard, sites that accept OpenID can reuse the same interface and code to accept identities from a wide variety of OpenID Providers, including Google, AOL, MySpace, and Yahoo!. This makes it possible for virtually anyone to sign in to a site using an account that they already have.
It’s been an exciting month for OpenID, with recent news about our involvement in the Open Government Initiative, and now with support for Hybrid and the Popup UI. Stay tuned for more exciting news as we continue to improve OpenID!
P.S. If you’d like to meet the folks working on OpenID, OAuth, and the Open Stack, please join us at the Internet Identity Workshop in Mountain View, CA this November.
Architect, Yahoo! Membership
OIDF Community Board Member
Tags: oauth, user experience
Posted at 6:07 pm on May 14, 2009 by David Recordon
This morning, Google released an upgrade to their OpenID Provider to support the draft OpenID User Interface Extension along with JanRain who added support for it to their Relying Party service RPX. This means that Google users signing into sites like UserVoice (choose “Google” to see it in action) now have a much better user experience; one much closer to that of Facebook Connect. Google also allows users to choose to share their profile information with Relying Parties via OpenID Attribute Exchange and the Google Data APIs via OAuth.
The OpenID User Interface Extension is one of the main pieces of work that has come from the OpenID Design Summit hosted by Facebook earlier this year. The extension replaces the traditional OpenID sign in flow of being redirected from the Relying Party to the OpenID Provider with a popup window which shows the URL bar on top of the Relying Party itself.
The Google Code Blog writes about their implementation in more detail:
The new popup style UI, which implements the OpenID User Interface Extension Specification, is designed to streamline the federated login experience for users. Specifically, it’s designed to ensure that the context of the Relying Party website is always available and visible, even in the extreme case where a confused user closes the Google approval window. JanRain, a provider of OpenID solutions, is an early adopter of the new API, and already offers it as part of their RPX product. As demonstrated by UserVoice using JanRain’s RPX, the initial step on the sign-in page of the Relying Party website is identical to that of the “full page” version, and does not require any changes in the Relying Party UI.
Once the user approves the request, the popup page closes, and the user is signed in to the Relying Party website.
User experience continues to be one of our key priorities for the community and foundation this year, and progress like seeing Google and JanRain ship the first implementation of the OpenID popup flow is demonstrating that we’ve been able to seize the momentum coming into this year and make real progress in a short period of time.
We’re looking forward to discussing this and other initiatives at the Internet Identity Workshop this coming Monday.
Tags: google, interface, janrain, popup, usability, user experience
Posted at 7:27 pm on April 14, 2009 by Brian Kissel
The Retail Advisory Committee
Last week representatives from the OpenID Foundation (Google, JanRain, NRI and Yahoo!) led a discussion about third-party authentication and user-centric identity with representatives from several online retailers. Topics included:
- Business case for OpenID and third-party authentication
- Best practices for online retailers leveraging OpenID
- Leveraging rich user data from third party identity providers
- Feedback from online retailers to the OpenID Foundation and member companies.
Tatsuki Sakushima of NRI led a case study presentation on Japan Airlines’ use of OpenID and a custom extension they developed for federated identity with hotel and car rental agency partners. This work has led into the creation of the Contract Exchange Extension working group to develop a standardized extension for this use case.
- Japan Airlines saw a 100% increase in partner registrations as a result of the OpenID deployment.
- Further, Japan Airlines was able to deploy a federated identity solution with its business partners faster, more flexibly, and at lower cost than alternative approaches they had been considering.
Praveen Alavilli of Amazon enthusiastically endorsed the work of the Usability Committee: the User Interface Working Group proposal and first draft of the OpenID User Interface Extension.
Brian Kissel of JanRain reviewed several case studies summarizing the quantitative and qualitative benefits of OpenID and third-party authentication. Some examples include:
- Sulit.com.ph: 15% of new registrations are via OpenID, up from 10% a couple of months ago
- 37 Signals: 15% of logins are via OpenID on their Basecamp productivity application
- Mixx: UI improvement resulted in ten-fold increase in registrations via OpenID and third-party services. 20% increase in registrations from direct and referrer traffic.
- AFI (Rock band, event promotion): “We were blown away with the fan response. In two weeks we received 850 (YouTube video) submissions, had 12,500+ fans register on the website, 10,000+ comments, and over 100,000 votes to select our winners.”
- Get Satisfaction: Deployments for their customers — Twitter and Songbird — are seeing OpenID utilization of 20% or more
- Sourceforge.net: OpenID login has grown to about 10% of total logins
- Stackoverflow: Third-party registrations have grown from 10,000 to 50,000 users in a couple of months
The entire webinar presentation is on Slideshare and embedded below.
Improving the OpenID User Experience
Speaking of the Usability Committee, at the last OpenID Foundation Board meeting, an official committee was formed to help continue spearheading the community efforts. Allen Tom of Yahoo! and Luke Shepard of Facebook agreed to co-chair this important new committee. They’re looking for volunteers, so if you’re interested, make sure to get in touch with them. With Breno de Medeiros of Google, Tom is proposing an OpenID User Interface Extension. This an exciting continuation of the work started at the Content Provider Advisory Committee as well as the past User Experience Summits hosted at Yahoo! and Facebook.
So it’s been an exciting and productive time during the last few weeks. We encourage others to share their experiences, successes and challenges with the OpenID community via the mailing lists and our new UserVoice feedback site.
Tags: retail advisory committee, user experience
Posted at 8:19 pm on April 7, 2009 by Guest Author
About two weeks ago, MySpace released an update to MySpaceID taking advantage of OpenID combined with OAuth to provide a sign in and profile sharing with a user-experience at parity with Facebook Connect. Max Engel is MySpace’s Product Lead for their Open Platform and took the time to write this post, providing some more details about how MySpaceID works.
At MySpace, we recently released several critical new feature enhancements to MySpaceID, a product under the MySpace Open Platform. We delivered OpenID support, an OpenID/OAuth Hybrid experience, and support for syndicating “Friend Updates” via the emerging Activity Streams specification.
These new components to the MySpace Open Platform allow us to not only provide developers with new tools to create distributed applications that are built on top of our social platform, but also to deliver an identity solution that builds on top of the “Open Stack” to provide flexible an extensible options that embrace open standards.
OpenID aligned perfectly with MySpaceID as an authentication technology. As a social portal, we already embraced the notion of representing identity with a URL. An overwhelming number of our users have setup vanity URL’s (i.e. myspace.com/pixelelated) and so we knew that OpenID would align well with our users. In addition, we wanted to make sure that we were working with the flow of the web, and we strongly believe that collaborating on open standards is critical to this mission.
As we worked on our OpenID solution for MySpaceID, we knew that we had to rollout the technology in a way that emphasized a lightweight and simple interface design and user experience. OpenID has wrongly been maligned by a stigma that the technology can’t be easy to use. Our aim was to break that label and demonstrate with our MySpaceID product that OpenID and usability aren’t conflicting terms. Luckily, there was a community ready and willing to help. The progress made at two OpenID Usability Summits helped us refine our implementation and allowed us to leverage the collective knowledge of other OP’s. This is the strength of open standards: the ability to work together to forge ahead and work together to solve a problem.
When working on the MySpaceID design, we embraced a pop-up window for login to help make the user experience even easier, and to help the integrating relying party offer a clean hand-off. We support both directed identity as well as standard URL-based discovery, and ultimately feel that by offering modular options to developers we are creating the most value for our users. In addition, by rolling out the OAuth Hybrid extension with this, we can allow our users to provision web service access to their MySpace profile, friends, content, and activities in the same step.
Beyond our new enhancements around single-sign on with OpenID, and the rollout of the Hybrid protocol, we are supporting the new Activity Streams specification. A core part of the DNA of MySpaceID is empowering the user to take their data with them. By offering API’s for sharing activities, we’re enabling our users to take their own activities and share them through aggregation and lifestreaming services. In addition, developers can provide a user with a window into their life on MySpace by incorporating the API in Dashboard-style widgets, such as our implementation with the new Yahoo! homepage. With activity sharing, we wanted to go beyond just offering the functionality and ensure that we were working with the community to implement something that could be standardized. We embraced this philosophy when collaborating on the Portable Contacts spec and worked to align it with OpenSocial, and so we were quite comfortable with this model of development.
I hope that we have shown that our choice for the technological piping which powers MySpaceID (OpenID, OAuth, Portable Contacts, OpenSocial, and Activity Streams) didn’t negatively impact the experience we could provide. In fact, it was quite the opposite. Our choice to embrace these open standards has given us a more powerful and flexible platform. We’re excited to prove that a MySpace user can visit any site that has integrated MySpaceID and go from a button click to bringing their identity with them, all while doing it in a way that has a clean user experience and puts the user in control of their privacy, security, and data. As an OpenID community, we’ve all worked to make tremendous progress over the past year, and I think we’re only beginning to realize the real potential to empower users through open standards for the social web.
Tags: usability, user experience
Posted at 11:30 pm on February 5, 2009 by David Recordon
Today we’re excited to join Facebook’s Mike Schroepfer in announcing that they have joined the OpenID Foundation’s board as a sustaining corporate member.
Luke Shepard, a key member of Facebook’s Platform and Connect teams and a huge internal advocate for OpenID, has been selected as their representative and joins the current board of seven community elected board members and six sustaining corporate members: Google, IBM, Microsoft, PayPal (joined last week), VeriSign and Yahoo!. Additionally, to maintain the ratio of community and corporate board members, Joseph Smarr will be joining the board as our eighth community member.
As the OpenID community entered 2009 two key topics have become the focal points on the road to mainstream adoption: user experience and security.
Given the popularity and positive user experience of Facebook Connect, we look forward to Facebook working within the community to improve OpenID’s usability and reach. As a first step, Facebook will be hosting a design summit next week at their campus in Palo Alto which follows a similar summit on user experience hosted at Yahoo! last year. The summit will convene some of the top designers from Facebook, the DiSo Project, Google, JanRain, MySpace, Six Apart and Yahoo!, focusing on how existing OpenID implementations could support an experience similar to Facebook Connect.
Facebook’s financial contribution along with its membership on the board signals the company’s enthusiasm to work more closely with the OpenID community, building up momentum towards their adoption of OpenID as a standard. Facebook furthering its commitment to openness couldn’t have come at a better time to make 2009 an amazing year for OpenID and the wider social web.
For press contacts, please call OpenID Foundation board members David Recordon at 503.341.3009 or Chris Messina at 412.225.1051.
Tags: facebook, Foundation, usability, user experience
Posted at 9:14 pm on November 25, 2008 by David Recordon
Last month at the first Content Provider Advisory Committee meeting in New York, several media companies and affinity groups identified two desired areas for improvement around OpenID: the user experience as it reaches mainstream adoption and the increased ability to exchange profile information given user consent. Since then, the OpenID Foundation, its members and the wider community have been working hard to understand what it will take to make OpenID more usable by mainstream users and why the larger OpenID Providers have not been quick to support OpenID Attribute Exchange.
As a quick aside, AOL has just launched My MapQuest which sports a great new OpenID login experience. It’s worth noting that in the process of signing up for a MapQuest account using OpenID, you’re also creating what seems to be an account at AOL too. Additionally, AOL requests profile information from your OpenID Provider meaning that in some cases you’re able to sign up for a new account without having to type your email address, name, nickname, etc. AOL is the first large internet company to support OpenID sign in on a non-blogging product and while they don’t yet let you use your OpenID to sign in on AOL.com, it’s seems clear that is the direction they’re headed.
From the user experience front, Yahoo! hosted the first OpenID User Experience Summit where nearly forty people came together sharing what they’ve learned around usability, user experience, and various interface designs for OpenID and OAuth. In the following weeks, more work has been underway focused on implementations that improve the intuitiveness of OpenID registration and login. At the Internet Identity Workshop in Mountain View the week before last, sessions were held around many different aspects of OpenID; technical, business and user experience, among others.
The general approach to improving user experience over the past year has been the idea of graphically representing various larger OpenID Providers. The main critique is that it will only scale to a fixed number of providers since not every logo can be displayed. That said, it represents the approach taken on an increasing number of OpenID enabled sites, by Facebook Connect, and is being productized by companies such as JanRain with their RPX interface.
As Google continues their usability research around federated login, they’ve built a login widget which allows the user to enter their email address and say that they don’t have a password but need help logging in. This then allows the site to see if they recognize the email address within their own login database or if it belongs to a domain such as @gmail.com or @yahoo.com which also acts as an OpenID Provider. The ability to use an email addresses within OpenID is currently a highly discussed topic that is leading to the formation of a new technical working group to better understand the motivations and challenges, while also proposing a technology solution.
On the data side, Yahoo! has just announced a controlled beta of support for the Simple Registration extension (SREG) which provides full name, nickname, email address, gender, language, and timezone if the user chooses to share it. AOL has also just announced preview support for SREG profile information transfer of email, nickname, country, date of birth, gender, and postal code if the user chooses to share it. Additionally, Google’s OpenID Provider supports the transfer of a validated gmail.com email address via Attribute Exchange if the user chooses to share it. This trend of being able to more easily and securely exchange profile information via OpenID is one that we expect to increase through 2009.
Tags: adoption, attribute exchange, simple registration, usability, user experience
Posted at 10:20 am on October 21, 2008 by David Recordon
As OpenID continues to gain momentum, over the past few weeks both Google and Yahoo! have released the results of usability studies they’ve done around OpenID and digital identity systems in general. Google released their Usability Research on Federated Login looking at how to create user experiences that mainstream users can understand when using one account to login to other websites while Yahoo!’s OpenID Reasearch focused much more on how their own users are able (or not yet able) to understand what OpenID is and how they can use it. While at first glance this might seem troubling, instead it is actually one of the steps in the natural evolution of seeing a technology start to go from intriguing the early adopters to working on crossing the chasm to mainstream usage.
Yesterday at Yahoo!’s campus in California, nearly forty people from the OpenID community came together for a day to discuss the usability and user experience of OpenID and OAuth. Presentations were shared by Facebook about their experience developing Connect, MySpace explained how they’re combining OpenID and OAuth, Yahoo! around how they’re evolving their own OpenID Provider in response to their research, Magnolia shared how they’ve been using OpenID to help reduce spam, Google with their study on federated login user interfaces, and Plaxo wrapping up the day with how they’re looking at OpenID as a piece of a larger “open stack” for the Web. Lots of interesting presentations, analysis, and ways to move forward to help improve the usability of OpenID and OAuth came out of the day.
John McCrea has the play by play if you’re wanting to read more about what happened during the day, but I’m excited to see the sheer number of people and companies from various backgrounds (even those who compete with one another) collectively working to help improve OpenID and build a better Web.
Tags: adoption, design, research, usability, user experience