Hi all (again ;-)), I have implemented OpenID with quite a lot RP's now. Each time I struggle with the UX. Yes it is becoming more and more effective but it's not there yet.
What I would like to offer to my user is automatic discovery of OpenID sessions at the OP. I am already logged in at Google, Hyves (large dutch Social Network), Yahoo and others. But each time I have to select on of those out of a set of OP's which I don't use. When I enter a RP, the RP could do a redirect to a OP (in an iframe for example) and ask if the OP has a logged in user. This could be a simple anonymous request which returns a true or false. If true the UX can be different, you know there is a session so you could automatically start a OpenID transaction for the user. The end user only needs to confirm usages of their data (normal first step OpenID). The RP can decide for it self which OP's to check automatically. Of course we need to make sure that the end user still has a choice in using his own OP. But know the RP knows that this (anonymous) user has an OpenID or not, and if so, where. Yes, this means an extra load on the OP's, but I hope they don't mind. If you supply this service as an Op it means that your users will be using their indentity a bit more on other websites, hopefully. Which is a big +. (Maybe Allen Tom can react on this one? ;-)) I think there a no real privacy issues with this idea? Ok, you know from this anonymous user that he or she has an OpenID with XXX, but is that a bad thing? Hope to get some comments on my thoughts! Cheers, Chris OpenID Holland _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
