User Experience
|
English | 日本語 | 中文(中国大陆) | 한국어 | +/- |
The mailing list on this subject is user-experience@openid.net
Based on in-person discussions at IIW2006b, I have grouped the issues into work packages that we should address in order:
Contents |
Package A
- How do I know I can use OpenID at this site? Proposals: OpenID Login Box, Dual Auth
- What exactly do I need to do to use OpenID at this site (a "common ceremony") Proposals: OpenID Login Box, Dual Auth
- How do I learn what OpenID means and how I can use it if I encounter an OpenID-enabled site? Proposals: OpenID Login Box, Dual Auth
- How do I know that I am currently logged in with OpenID at this site, and if so, with what URL/i-name? Proposals: LID Look and Feel, User Icon
- how can I change the URL/i-name that I'm currently using with this site. Proposal: LID Look and Feel. There are two cases:
- changing the Persona: e.g. using a site with a regular user account vs. an administrator account? Proposal: User Icon
- permanently migrating the account from one identifier to another, e.g. because the user loses control over the old identifier
- how can I log off and become anonymous again? Proposals: LID Look and Feel, User Icon
- how are (protocol) errors communicated to the user, and what can users do about them? (currently unsolved)
Package B
- how can I migrate my existing account at a site from username/password authentication to using OpenID? Proposal: Dual Auth
- how can I determine what OpenID features are available at a site?
- how can I login without having to redirect/bounce around? (very unexpected / weird)
- how should sites with existing user databases link existing users with their OpenID identifiers?
- how should sites with existing user databases merge account assets after a linkage occurs (if at all)
- how can know I used an OpenID at an RP and not get stuck at the RP's lost password page
- how do I know I am at my OpenID OP and not being phished?
Package C
- how can I find out what the site knows about me wrt identity information (currently unsolved)
Approach
We will come up with a document describing guidelines for the OpenID user experience. Potentially, these guidelines could also become "compliance points" for a possible future OpenID compliance testing regimen, if we all decided to have such a thing in the future. We intend not limit the creative freedom of web designers, but we do intend to create a common user experience with recognizably the same elements and behavior across sites. Not only will that allow for easier adoption and use of OpenID, it will also increase security because the user's familiarity with what is supposed to happen.
Sites will be strongly encouraged to support the common OpenID user experience AND, if for whatever reason the then-current user experience document is insufficient or impracticable, propose specific changes to the document instead of just "going off and doing their own thing".
