+1
If OpenID is intended to cover needs other than near zero security
social networks, it is essential - also from a branding perspective -
that we take a holistic perspective on the authentication use cases,
covering various initial login scenarios as well as stepping up from a
lower to a higher authentication level.
Currently many potential RP organizations are basing their evaluation of
OpenID on a few peoples personal use of the larger existing providers,
which makes it an uphill battle to convince these organizations that
OpenID may also aim at applications with higher security requirements.
Maybe Robert Ott's presentation "OpenID in conjunction with Strong
Authentication (OTP, YubiKey, Biometrics, iPhone, Certificates,
SuisseID)" at the upcoming OpenID Summit in London next week can
stimulate this discussion. https://wiki.openid.net/2010-OpenID-Summit-EU
=henrik
Mike Jones skrev:
Hi Chris,
Thanks for getting this out.
In my view, you should leave support for active clients in scope for
consideration by the working group since having an active client
definitely should impact the RP user experience. For instance, if you
have identity in the browser, you probably want the RP to be aware of
it and delegate some or all of the identity UX to the active client,
rather than handling it itself by putting up a NASCAR screen, etc.
Thanks,
-- Mike
*From:* [email protected]
[mailto:[email protected]] *On Behalf Of *Chris
Messina
*Sent:* Monday, May 31, 2010 4:40 PM
*To:* Dick Hardt
*Cc:* [email protected]; [email protected];
[email protected]
*Subject:* Re: [Specs-ui] [OIDFSC] Draft OpenID 2.x User Experience
working group charter
No, there hasn't been any consensus about renaming it. I'm putting it
out there as a draft for discussion.
I'll take that as one vote for keeping that line in the charter.
Looking forward to other feedback!
Chris
On Mon, May 31, 2010 at 4:28 PM, Dick Hardt <[email protected]
<mailto:[email protected]>> wrote:
Chris,
I have not seen any consensus to renaming v.Next to 2.x. Having said
that, I don't think this WG needs to have a version does it?
I think this work would be really useful to the full spectrum of clients.
-- Dick
On 2010-05-31, at 3:27 PM, Chris Messina wrote:
Mike Jones prepared the initial version of this charter, and I took
the liberty of renaming v.Next to 2.x, and made compatibility with 2.x
an explicit goal of this work.
I'm reluctant of the applicability of this work to active clients and
have subsequently removed this line:
· produce user experience guidelines for supporting for a
spectrum of clients, including passive clients per current usage, thin
active clients, and active clients with OP functionality,
Feedback welcome.
Chris
*(a) /_Charter_/.*
*(i)* *WG name:* OpenID 2.x User Experience.
*(ii)* *Purpose:* Produce a user experience specification or
family of specifications for OpenID 2.x that address the limitations
and drawbacks present in the OpenID 2.0 that limit OpenID's
applicability, adoption, usability, privacy, and security. Specific
goals are:
· produce user experience guidelines for less intrusive
authentication user experiences than full-page browser redirect,
· produce user experience guidelines for controlled and
uncontrolled release of attributes,
· produce user experience guidelines for use of identities and
attributes by non-browser applications,
· produce user experience guidelines for optimized protocol
flows combining authentication, attribute release, and resource
authorization,
· produce user experience guidelines for use of OpenID on
mobile devices,
· seamlessly integrate with and complement the other OpenID 2.x
specifications.
Compatibility with OpenID 2.x is an explicit goal for this work.
*(iii)* *Scope:* Produce a current generation OpenID user
experience specification or specifications, consistent with the
purpose statement.
*(iv)* *Proposed List of Specifications*: OpenID 2.x User
Experience and possibly related specifications.
*(v)* *Anticipated audience or users of the work:* Implementers
of OpenID Providers, Relying Parties, Active Clients, and non-browser
applications utilizing OpenID.
*(vi)* *Language in which the WG will conduct business*: English.
*(vii)* *Method of work: *E-mail discussions on the working group
mailing list, working group conference calls, and face-to-face
meetings at the Internet Identity Workshop and OpenID summits.
*(viii)* *Basis for determining when the work of the WG is
completed:* Work will not be deemed to be complete until there is a
consensus that the resulting protocol specification or family of
specifications fulfills the working group goals. Additional proposed
changes beyond that initial consensus will be evaluated on the basis
of whether they increase or decrease consensus within the working
group. The work will be completed once it is apparent that maximal
consensus on the draft has been achieved, consistent with the purpose
and scope.
*(b) /_Background Information_/.*
*(i)* *Related work being done in other WGs or organizations*:
Draft User Interface (UI) Extension
<http://wiki.openid.net/OpenID-User-Interface-Work-Group-Proposal>.
Kantara Universal Login Experience (ULX)
<http://kantarainitiative.org/confluence/display/ulx/>working group.
RPX product design <http://rpxnow.com/>. Facebook Authentication
Guidelines <http://developers.facebook.com/docs/authentication/>.
Google user authentication research
<http://sites.google.com/site/oauthgoog/UXFedLogin>.
*(ii)* *Proposers:*
Chris Messina, [email protected]
<mailto:[email protected]> (chair)
Dick Hardt, [email protected] <mailto:[email protected]>
/Additional proposers to be added here/
*(iii)* *Anticipated Contributions*: None.
--
Chris Messina
Open Web Advocate, Google
Personal: http://factoryjoe.com <http://factoryjoe.com/>
Follow me on Buzz: http://buzz.google.com/chrismessina
...or Twitter: http://twitter.com/chrismessina
This email is: [ ] shareable [X] ask first [ ] private
--
Chris Messina
Open Web Advocate, Google
Personal: http://factoryjoe.com
Follow me on Buzz: http://buzz.google.com/chrismessina
...or Twitter: http://twitter.com/chrismessina
This email is: [ ] shareable [X] ask first [ ] private
------------------------------------------------------------------------
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
