Feedback requested: New OpenID RP login UX prototype

I won't sugar coat this. If I encountered this interface in the wild I would be furious. I hope you are able to take this criticism constructively and improve the user experience.

FireFox on OSX receives multiple plugin download requests. Obviously these are related to InfoCard but "explainable" from a technical perspective doesn't translate to "acceptable" from a user perspective. There was also no indication as to what the plugins were for and when I attempted to install them it failed. That latter criticism may be an issue with FireFox or OSX.

Almost every popup window was irritating and appeared broken. A standard user would most likely think they were tricked into clicking an advertisement. This somewhat extends into my general criticism towards the entire popup standard being promoted (which I won't get into) but even with the popup approach there is room for improvement here. If you know the OpenID provider you are sending me to, and they do not offer a simple UI for popups, at least size the window to avoid horizontal scrollbars.

http://s978.photobucket.com/albums/ae262/rabbyte/?action=view&current=Picture3.png
http://s978.photobucket.com/albums/ae262/rabbyte/?action=view&current=Picture4.png
http://s978.photobucket.com/albums/ae262/rabbyte/?action=view&current=Picture5.png

You'll also notice that the MyOpenID popup is slightly hiding its security feature on the top right. There's just no excuse for that.

The automatic redirecting is absolutely atrocious! Even just trying to test this out for feedback was excruciating. It is impossible to change my choice once I have made a choice. Page load tries to redirect. Clicking login tries to redirect. My history gets mangled and I can't hit the back button. Between the popups and the redirects, a standard user might (and should) think they have a virus.

It also wouldn't hurt to provide a little information about OpenID since it is an option. Even linking to a tutorial site to provide more information would be helpful (hey! and you could use another popup!). Ok, maybe that last remark was a little mean. I appreciate the effort. I really need to put together a demo. I really hope you found my feedback useful.

=Rabbit

Andrew Arnott wrote:

Live demo location: http://openidux.dotnetopenauth.net/

I've got the same UX problems as Rabbit with Firefox (on Linux, FWIW).

Additionally, NoScript tells me you're relying on JS from google.com, googleapis.com, and yahooapis.com (and this is before I've attempted to resolve the missing plugins problem**). That simply wouldn't fly on the sites I help run... we don't embed 3rd party scripts on our pages for security, privacy, and reliability reasons.

BTW, last month our main site (I work for a mid-sized US city) added our first foray into OpenID for public (vs. extranet) features -- a web commenting feature that supports local logins or OpenID (special buttons for Yahoo and Google, standard box for other claimed IDs). Among the first public users are some who chose to use the Google or Yahoo buttons rather than create accounts that only work on our site. I owe you, Andrew, special thanks for that, as we're using DotNetOpenID to make that possible.

-Peter

** The missing plugins problem is significant on Linux: clicking "Install Missing Plugins" and then "Next" yields the message "No suitable plugins were found".

Inline comments.

Peace.

=Rabbit

On Oct 22, 2009, at 10:27 PM, Andrew Arnott wrote:

Thanks, Rabbit.

Responses inline.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre

On Thu, Oct 22, 2009 at 7:01 PM, Rabbit <rabbit@...> wrote:

I won't sugar coat this. If I encountered this interface in the wild I would be furious. I hope you are able to take this criticism constructively and improve the user experience.

Sure, I don't want you to sugar coat it.  Although your tone throughout this email suggests that you thought I thought this was all finished and polished.  It's a "prototype", dude.   

I know it's a prototype. Apologies for my tone.

FireFox on OSX receives multiple plugin download requests. Obviously these are related to InfoCard but "explainable" from a technical perspective doesn't translate to "acceptable" from a user perspective. There was also no indication as to what the plugins were for and when I attempted to install them it failed. That latter criticism may be an issue with FireFox or OSX.

I totally agree.  This doesn't happen on Windows, so I didn't see these problems.  But another mac user reported seeing the same thing.  I have an idea of how to fix this so please try again in a couple days and tell me if the problem hasn't gone away.  Yes, it's InfoCard related, but it was not my intention to throw up all kinds of unpleasantness for those who don't have InfoCard support.  It's supposed to be a very quiet "light-up" scenario if you have it, and completely and quietly missing if you don't.

Realistically, it's not a big deal. In FireFox it appears as a slide down bar the same that happens when asked to remember a password. I don't know enough about integrating with InfoCard, the reason I pointed it out is that there may be some Mozilla-oriented headers that will point its plugin searcher in the right direction.

 

Almost every popup window was irritating and appeared broken. A standard user would most likely think they were tricked into clicking an advertisement. This somewhat extends into my general criticism towards the entire popup standard being promoted (which I won't get into) but even with the popup approach there is room for improvement here. If you know the OpenID provider you are sending me to, and they do not offer a simple UI for popups, at least size the window to avoid horizontal scrollbars.

http://s978.photobucket.com/albums/ae262/rabbyte/?action=view&current=Picture3.png
http://s978.photobucket.com/albums/ae262/rabbyte/?action=view&current=Picture4.png
http://s978.photobucket.com/albums/ae262/rabbyte/?action=view&current=Picture5.png

Working within the popup UI is still being developed for the OPs, and each of them are responsible for making it look good.  Google supports it fully, as I'm sure you noticed.  Yahoo claims to support it but don't get the window size right according to the UI extension draft spec and I hope they fix that or the spec (I don't care which).  myopenid and verisign don't support it at all, and the larger popup window size I give non-supporters isn't apparently big enough for their large window demands.  I'll see if I can fix that by just giving them a bigger window.  Ideally, I hope this encourages these OPs to shrink their UI so it fits in smaller windows.

imho, I would prefer a new tab being opened if there is no known window dimensions. Unfortunately, that creates an even more inconsistent user experience.

Besides that, myopenid and Verisign aren't likely to be displayed in the final UI kit that I'm building until they meet the guidelines I wrote up.  RPs can always add them though.

You'll also notice that the MyOpenID popup is slightly hiding its security feature on the top right. There's just no excuse for that.

I agree.  But see above. 

The automatic redirecting is absolutely atrocious! Even just trying to test this out for feedback was excruciating. It is impossible to change my choice once I have made a choice. Page load tries to redirect. Clicking login tries to redirect. My history gets mangled and I can't hit the back button. Between the popups and the redirects, a standard user might (and should) think they have a virus.

Now here you've lost me.  Can you explain more precisely what's going on?  Maybe it's a Mac thing (which I would of course still want to fix), but why do you say it's impossible to change your choice once you've made one?  If you click one Provider and log in, you absolutely can pick another provider the next time you log in (although we make them appear grayer than the rest to discourage this).  But remember this is targeted at normal users -- it's not targeted for testing multiple OPs.  So a normal user would want to keep clicking the same button in order to avoid splintering their identity.  That's a common complaint about OpenID: "Which button did I click on last time?"  Or more practically: "I logged in [with the wrong button] and now all my stuff is gone!"  Although the other buttons are gray, you can still click them.

I thought that was an intentional feature. I made a provider choice, clicked through to the provider, did not login (maybe that makes the difference?), went back to the original page and each time it would load for a second then instantly redirect me back to the OP I chose.

I had to load your page, hit stop quickly, click Login, hit stop quickly, then choose another provider. (You can understand my frustration! hah)

I wouldn't mind the auto-redirects if there were a visual countdown such as:

"You previously chose X as your provider. Redirecting in 3....2....1..." with a cancel button to make another choice.

I don't really see how this could be an OS-specific issue. If you have trouble duplicating this, contact me directly, I'll try to help pinpoint it.

Now what about this "page load tries to redirect".  What does that mean?  I've seen sites where the Back button takes you to a page that redirects you "forward" again, which is very aggravating.  But on my browsers, this doesn't happen.  The back button works as expected.  Can you elaborate about what's broken?

It also wouldn't hurt to provide a little information about OpenID since it is an option. Even linking to a tutorial site to provide more information would be helpful (hey! and you could use another popup!). Ok, maybe that last remark was a little mean. I appreciate the effort. I really need to put together a demo. I really hope you found my feedback useful.

Here I disagree with you, but your opinion is appreciated nonetheless.  This is not a "promote OpenID" design.  Some of the loudest feedback I hear from users who fail to log into RPs is that they don't know what OpenID is and they leave.  This UI is designed for maximum user conversions to the RP's services, not to OpenID.  RPs want users to log in -- they don't care whether users know what OpenID is, and users don't visit random RPs to learn about what OpenID is.  

I only suggested it as OpenID is an option. It don't think it would hurt since you're already expanding the window with an input field to have a small link saying "What is this?" After all, that could easily be a path of discovery for many people who just haven't heard of OpenID yet but would love if they understood it.

A design requirement is to keep the UI as simple as possible, while providing flexibility where needed for power users.  So links to learn about OpenID will be limited to what the RP's attorneys insist on saying for liability reasons.

Yes, your feedback was helpful -- and can be more so if you can provide some more detail about the issues I asked for more detail about.

=Rabbit

Great work. Couple of comments
- The green flag appearance/disappearance seems a bit shaky.

- Does it make sense to only show the logo of the OP that I chose last time (with the option of switching of course)? Other than the experimentation mode, we don't expect users to keep switching on a frequent basis...do we?

- The mixing of protocol/framework logos (e.g. OpenID, Purple-i) with the OP logos might be a bit confusing.

- You will eventually hit the issue of many OPs with limited screen space. Would it make sense to have the text box accept OP names (e.g Google) with Facebook style auto-completion.

Thanks,
-Ashish

On Fri, Oct 23, 2009 at 4:53 AM, Paul Madsen <paulmadsen@...> wrote:

Andrew, some random feedback

1) I used Google the first time. The next time I saw "If you have logged in previously, click the same button you did last time. "

But what if I want to use a different OP? I know nothing is stopping me but the above feels too much like a directive

Perhaps 'You may use the same ...'

Also, although the Google icon had a little green flag on it, there was no text alerting the user to the significance

2) When I used Yahoo, their page doesnt fit in the pop-up

Yahoo warned me about the bona fides of the RP (yes I know its not under your control but its disconcerting nonetheless)

3) After successfully getting in with Yahoo, I saw the green check on both Yahoo & Google icons. But when I logged out and came back the check had disappeared from Yahoo.

This didnt happen for myOpenID & Verisign, ie their green checks do light up along with Google's to record past successful use

4) I see the install plugins prompt on FF on Vista. The auto install didnt work

5) I get a browser warning about 'unencrypted connection' only with Yahoo - on the redirect from the OP back to RP

6) When I tried to use a blogspot OpenID, (http://connectid.blogspot.com/) the RP validation script refuses to recognize it ('No OP Endpoint found'.

Separately, the above error message could be less cryptic

Regards

Paul

Andrew Arnott wrote:

OpenID RP login UX

Live demo location: http://openidux.dotnetopenauth.net/

Design considerations

The DNOA login UX design document contains the design spec, and some of the reasoning that went into that design.

One high-level goal of all this work is to produce a set of HTML, CSS, and JS files that can work on any web platform, so that ruby, python, php, coldfusion, and (of course) ASP.NET RP web sites can benefit from a better UI for logging users in.

Interesting scenarios to experiment with and/or test

• Login by clicking on Members Only. This invokes the full page redirect login UI.
• Login by clicking Login in the upper-right corner of the page. This invokes the popup dialog UI.
• Visit the account management page and add additional OpenIDs or InfoCards to your account so you can log in with multiple identities yet be recognized as holding just one account.
• Login multiple times, using various OPs. Notice first that we highlight the button you chose the prior time. This helps the user not splinter his identity on a return visit in the event he has accounts with more than one displayed OP.
• Notice that in the login UI some OPs support checkid_immediate, and on a return visit, a green checkmark appears in the lower-right corner of an OP button when an immediate login is available. If a green checkmark is not visible on an OP button, a popup window will be used to guide the user through the initial login process. Some OPs (such as Verisign and Yahoo) do not support checkid_immediate, and will never display green checkmarks.
• When logging in, try using the OpenID button. Notice that as soon as you finish typing that discovery on that identifier begins and a login button appears within the text box. Next time you visit, the UX will remember what identifier you typed in and help you log in again.
• Try using the OpenID button with an identifier that delegates to multiple OPs. Notice how the Login button that appears to help you go through checkid_setup (if no checkid_immediate requests come back positive) is a split button, allowing you to actually pick which OP to log in with, and these OPs are in priority order (adjusted for OPs that are down or misbehaving, which are moved to the bottom).

Special release notes

In this iteration, I've elected to go with the popup dialog approach to displaying the login UI rather than a popup browser window. This is still alterable, and your feedback and/or preferences on this decision is most welcome.

The current set of OP buttons displayed include 4 OPs: Google, Yahoo, Verisign and MyOpenID. The last two of these do not fit the qualifications given in the design document, but they are included here to assist in the feedback process, and because I don't know how to make four buttons (Google, Yahoo, OpenID and InfoCard) look good, so I jumped up from three to six.

In the OpenID text box area, after authentication completes a green checkmark is displayed, but sometimes no login button appears to complete login. This is a UX issue I haven't figured out how to solve yet. But the way to proceed with login is to click the original, large OpenID button again.

The browsers I've tested with are IE8, Chrome 3, FireFox 3.5 and Safari 4. If you test with other/older browsers, please leave feedback about how your experience was. But currently I'm not targeting older browsers, so any bug reports regarding backward compatibility may not be fixed.

How to leave feedback

Just reply to this message.

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre

_______________________________________________
general mailing list
general@...
http://lists.openid.net/mailman/listinfo/openid-general
  

_______________________________________________
general mailing list
general@...
http://lists.openid.net/mailman/listinfo/openid-general

Hi Andrew -

The RP UX looks very promissing, and it'll be really slick with just a little more polish.

Can you make the Yahoo popup a bit wider? Although the UI Draft spec says that the popup is supposed to be 450px wide, Yahoo's popup is 500px wide. (our users prefer larger fonts)

Also, as per your blog post, Yahoo displays a warning for RPs that don't implement RP discovery.
http://blog.nerdbank.net/2008/06/why-yahoo-says-your-openid-site.html

Because the OpenID authentication response exceeds 2KB, the Yahoo OP automatically sends the response via HTTP POST, which results in a degraded user experience. (browser warnings when switching from HTTPS to HTTP) and also a "blank white page" for the autosubmitting form. I'm a very surprised that the response exceeds 2KB on your demo site, because generally speaking, OpenID responses that don't use AX or OAuth Hybrid almost never exceed 2KB. I think your demo has an unusually large return_to URL, which is contributing to the oversized response.

On the Yahoo OP side of things, we're working on ways to shrink the size of our responses to try to stay under the 2KB limit. For instance, we'll be removing the PAPE responses unless they were requested, and we'll try to shrink the size of our association handles.

Also, as others have reported, the browser plugin warning is a bit distracting. I'm runing WinXP with Firefox. Presumably this should be fairly easy to fix.

Good job!
Allen




Andrew Arnott wrote:

OpenID RP login UX

Live demo location: http://openidux.dotnetopenauth.net/

Design considerations

The DNOA login UX design document contains the design spec, and some of the reasoning that went into that design.

One high-level goal of all this work is to produce a set of HTML, CSS, and JS files that can work on any web platform, so that ruby, python, php, coldfusion, and (of course) ASP.NET RP web sites can benefit from a better UI for logging users in.

Interesting scenarios to experiment with and/or test

• Login by clicking on Members Only. This invokes the full page redirect login UI.
• Login by clicking Login in the upper-right corner of the page. This invokes the popup dialog UI.
• Visit the account management page and add additional OpenIDs or InfoCards to your account so you can log in with multiple identities yet be recognized as holding just one account.
• Login multiple times, using various OPs. Notice first that we highlight the button you chose the prior time. This helps the user not splinter his identity on a return visit in the event he has accounts with more than one displayed OP.
• Notice that in the login UI some OPs support checkid_immediate, and on a return visit, a green checkmark appears in the lower-right corner of an OP button when an immediate login is available. If a green checkmark is not visible on an OP button, a popup window will be used to guide the user through the initial login process. Some OPs (such as Verisign and Yahoo) do not support checkid_immediate, and will never display green checkmarks.
• When logging in, try using the OpenID button. Notice that as soon as you finish typing that discovery on that identifier begins and a login button appears within the text box. Next time you visit, the UX will remember what identifier you typed in and help you log in again.
• Try using the OpenID button with an identifier that delegates to multiple OPs. Notice how the Login button that appears to help you go through checkid_setup (if no checkid_immediate requests come back positive) is a split button, allowing you to actually pick which OP to log in with, and these OPs are in priority order (adjusted for OPs that are down or misbehaving, which are moved to the bottom).

Special release notes

In this iteration, I've elected to go with the popup dialog approach to displaying the login UI rather than a popup browser window. This is still alterable, and your feedback and/or preferences on this decision is most welcome.

The current set of OP buttons displayed include 4 OPs: Google, Yahoo, Verisign and MyOpenID. The last two of these do not fit the qualifications given in the design document, but they are included here to assist in the feedback process, and because I don't know how to make four buttons (Google, Yahoo, OpenID and InfoCard) look good, so I jumped up from three to six.

In the OpenID text box area, after authentication completes a green checkmark is displayed, but sometimes no login button appears to complete login. This is a UX issue I haven't figured out how to solve yet. But the way to proceed with login is to click the original, large OpenID button again.

The browsers I've tested with are IE8, Chrome 3, FireFox 3.5 and Safari 4. If you test with other/older browsers, please leave feedback about how your experience was. But currently I'm not targeting older browsers, so any bug reports regarding backward compatibility may not be fixed.

How to leave feedback

Just reply to this message.

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre

_______________________________________________
general mailing list
general@...
http://lists.openid.net/mailman/listinfo/openid-general
  

Good improvements, Andrew.

Popups look great, plugin prompt did not appear.

As for the redirect issue, I don't know if this helps but looking at the headers it checks each of these in sequence:

- Google?

- MyOpenID?

- Yahoo?

- Verisign?

At which point it redirects me to login at PIP.

Perhaps your prototype thinks I am signed into Versign.

=Rabbit

On Oct 23, 2009, at 2:23 PM, Andrew Arnott wrote:

Hey Rabbit,

So I fixed the popup window size and the plugin prompt (please verify!).  Also, I happened to run into the same Back->auto-redirect behavior you just described.  It was in IE8 for me, and I have no idea why it's doing that.  It doesn't usually (for me anyway).  But anyway, that's absolutely not by design, and I'm going to chase that down and fix it.  Thanks for letting me know it wasn't just a fluke on my machine. :)

Thanks for the extra details.

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre

On Thu, Oct 22, 2009 at 10:15 PM, Rabbit <rabbit@...> wrote:

Inline comments.

Peace.

=Rabbit

On Oct 22, 2009, at 10:27 PM, Andrew Arnott wrote:

Thanks, Rabbit.

Responses inline.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre

On Thu, Oct 22, 2009 at 7:01 PM, Rabbit <rabbit@...> wrote:

I won't sugar coat this. If I encountered this interface in the wild I would be furious. I hope you are able to take this criticism constructively and improve the user experience.

Sure, I don't want you to sugar coat it.  Although your tone throughout this email suggests that you thought I thought this was all finished and polished.  It's a "prototype", dude.   

I know it's a prototype. Apologies for my tone.

FireFox on OSX receives multiple plugin download requests. Obviously these are related to InfoCard but "explainable" from a technical perspective doesn't translate to "acceptable" from a user perspective. There was also no indication as to what the plugins were for and when I attempted to install them it failed. That latter criticism may be an issue with FireFox or OSX.

I totally agree.  This doesn't happen on Windows, so I didn't see these problems.  But another mac user reported seeing the same thing.  I have an idea of how to fix this so please try again in a couple days and tell me if the problem hasn't gone away.  Yes, it's InfoCard related, but it was not my intention to throw up all kinds of unpleasantness for those who don't have InfoCard support.  It's supposed to be a very quiet "light-up" scenario if you have it, and completely and quietly missing if you don't.

Realistically, it's not a big deal. In FireFox it appears as a slide down bar the same that happens when asked to remember a password. I don't know enough about integrating with InfoCard, the reason I pointed it out is that there may be some Mozilla-oriented headers that will point its plugin searcher in the right direction.

 

Almost every popup window was irritating and appeared broken. A standard user would most likely think they were tricked into clicking an advertisement. This somewhat extends into my general criticism towards the entire popup standard being promoted (which I won't get into) but even with the popup approach there is room for improvement here. If you know the OpenID provider you are sending me to, and they do not offer a simple UI for popups, at least size the window to avoid horizontal scrollbars.

http://s978.photobucket.com/albums/ae262/rabbyte/?action=view&current=Picture3.png
http://s978.photobucket.com/albums/ae262/rabbyte/?action=view&current=Picture4.png
http://s978.photobucket.com/albums/ae262/rabbyte/?action=view&current=Picture5.png

Working within the popup UI is still being developed for the OPs, and each of them are responsible for making it look good.  Google supports it fully, as I'm sure you noticed.  Yahoo claims to support it but don't get the window size right according to the UI extension draft spec and I hope they fix that or the spec (I don't care which).  myopenid and verisign don't support it at all, and the larger popup window size I give non-supporters isn't apparently big enough for their large window demands.  I'll see if I can fix that by just giving them a bigger window.  Ideally, I hope this encourages these OPs to shrink their UI so it fits in smaller windows.

imho, I would prefer a new tab being opened if there is no known window dimensions. Unfortunately, that creates an even more inconsistent user experience.

Besides that, myopenid and Verisign aren't likely to be displayed in the final UI kit that I'm building until they meet the guidelines I wrote up.  RPs can always add them though.

You'll also notice that the MyOpenID popup is slightly hiding its security feature on the top right. There's just no excuse for that.

I agree.  But see above. 

The automatic redirecting is absolutely atrocious! Even just trying to test this out for feedback was excruciating. It is impossible to change my choice once I have made a choice. Page load tries to redirect. Clicking login tries to redirect. My history gets mangled and I can't hit the back button. Between the popups and the redirects, a standard user might (and should) think they have a virus.

Now here you've lost me.  Can you explain more precisely what's going on?  Maybe it's a Mac thing (which I would of course still want to fix), but why do you say it's impossible to change your choice once you've made one?  If you click one Provider and log in, you absolutely can pick another provider the next time you log in (although we make them appear grayer than the rest to discourage this).  But remember this is targeted at normal users -- it's not targeted for testing multiple OPs.  So a normal user would want to keep clicking the same button in order to avoid splintering their identity.  That's a common complaint about OpenID: "Which button did I click on last time?"  Or more practically: "I logged in [with the wrong button] and now all my stuff is gone!"  Although the other buttons are gray, you can still click them.

I thought that was an intentional feature. I made a provider choice, clicked through to the provider, did not login (maybe that makes the difference?), went back to the original page and each time it would load for a second then instantly redirect me back to the OP I chose.

I had to load your page, hit stop quickly, click Login, hit stop quickly, then choose another provider. (You can understand my frustration! hah)

I wouldn't mind the auto-redirects if there were a visual countdown such as:

"You previously chose X as your provider. Redirecting in 3....2....1..." with a cancel button to make another choice.

I don't really see how this could be an OS-specific issue. If you have trouble duplicating this, contact me directly, I'll try to help pinpoint it.

Now what about this "page load tries to redirect".  What does that mean?  I've seen sites where the Back button takes you to a page that redirects you "forward" again, which is very aggravating.  But on my browsers, this doesn't happen.  The back button works as expected.  Can you elaborate about what's broken?

It also wouldn't hurt to provide a little information about OpenID since it is an option. Even linking to a tutorial site to provide more information would be helpful (hey! and you could use another popup!). Ok, maybe that last remark was a little mean. I appreciate the effort. I really need to put together a demo. I really hope you found my feedback useful.

Here I disagree with you, but your opinion is appreciated nonetheless.  This is not a "promote OpenID" design.  Some of the loudest feedback I hear from users who fail to log into RPs is that they don't know what OpenID is and they leave.  This UI is designed for maximum user conversions to the RP's services, not to OpenID.  RPs want users to log in -- they don't care whether users know what OpenID is, and users don't visit random RPs to learn about what OpenID is.  

I only suggested it as OpenID is an option. It don't think it would hurt since you're already expanding the window with an input field to have a small link saying "What is this?" After all, that could easily be a path of discovery for many people who just haven't heard of OpenID yet but would love if they understood it.

A design requirement is to keep the UI as simple as possible, while providing flexibility where needed for power users.  So links to learn about OpenID will be limited to what the RP's attorneys insist on saying for liability reasons.

Yes, your feedback was helpful -- and can be more so if you can provide some more detail about the issues I asked for more detail about.

=Rabbit

Thanks, Paul.  The issues you pointed out have or will be fixed.  Except for the connectid.blogspot.com issue, which works for me.  Can you try it again?

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre

On Fri, Oct 23, 2009 at 3:53 AM, Paul Madsen <paulmadsen@...> wrote:

Andrew, some random feedback

1) I used Google the first time. The next time I saw "If you have logged in previously, click the same button you did last time. "

But what if I want to use a different OP? I know nothing is stopping me but the above feels too much like a directive

Perhaps 'You may use the same ...'

Also, although the Google icon had a little green flag on it, there was no text alerting the user to the significance

2) When I used Yahoo, their page doesnt fit in the pop-up

Yahoo warned me about the bona fides of the RP (yes I know its not under your control but its disconcerting nonetheless)

3) After successfully getting in with Yahoo, I saw the green check on both Yahoo & Google icons. But when I logged out and came back the check had disappeared from Yahoo.

This didnt happen for myOpenID & Verisign, ie their green checks do light up along with Google's to record past successful use

4) I see the install plugins prompt on FF on Vista. The auto install didnt work

5) I get a browser warning about 'unencrypted connection' only with Yahoo - on the redirect from the OP back to RP

6) When I tried to use a blogspot OpenID, (http://connectid.blogspot.com/) the RP validation script refuses to recognize it ('No OP Endpoint found'.

Separately, the above error message could be less cryptic

Regards

Paul

Andrew Arnott wrote:

OpenID RP login UX

Live demo location: http://openidux.dotnetopenauth.net/

Design considerations

The DNOA login UX design document contains the design spec, and some of the reasoning that went into that design.

One high-level goal of all this work is to produce a set of HTML, CSS, and JS files that can work on any web platform, so that ruby, python, php, coldfusion, and (of course) ASP.NET RP web sites can benefit from a better UI for logging users in.

Interesting scenarios to experiment with and/or test

• Login by clicking on Members Only. This invokes the full page redirect login UI.
• Login by clicking Login in the upper-right corner of the page. This invokes the popup dialog UI.
• Visit the account management page and add additional OpenIDs or InfoCards to your account so you can log in with multiple identities yet be recognized as holding just one account.
• Login multiple times, using various OPs. Notice first that we highlight the button you chose the prior time. This helps the user not splinter his identity on a return visit in the event he has accounts with more than one displayed OP.
• Notice that in the login UI some OPs support checkid_immediate, and on a return visit, a green checkmark appears in the lower-right corner of an OP button when an immediate login is available. If a green checkmark is not visible on an OP button, a popup window will be used to guide the user through the initial login process. Some OPs (such as Verisign and Yahoo) do not support checkid_immediate, and will never display green checkmarks.
• When logging in, try using the OpenID button. Notice that as soon as you finish typing that discovery on that identifier begins and a login button appears within the text box. Next time you visit, the UX will remember what identifier you typed in and help you log in again.
• Try using the OpenID button with an identifier that delegates to multiple OPs. Notice how the Login button that appears to help you go through checkid_setup (if no checkid_immediate requests come back positive) is a split button, allowing you to actually pick which OP to log in with, and these OPs are in priority order (adjusted for OPs that are down or misbehaving, which are moved to the bottom).

Special release notes

In this iteration, I've elected to go with the popup dialog approach to displaying the login UI rather than a popup browser window. This is still alterable, and your feedback and/or preferences on this decision is most welcome.

The current set of OP buttons displayed include 4 OPs: Google, Yahoo, Verisign and MyOpenID. The last two of these do not fit the qualifications given in the design document, but they are included here to assist in the feedback process, and because I don't know how to make four buttons (Google, Yahoo, OpenID and InfoCard) look good, so I jumped up from three to six.

In the OpenID text box area, after authentication completes a green checkmark is displayed, but sometimes no login button appears to complete login. This is a UX issue I haven't figured out how to solve yet. But the way to proceed with login is to click the original, large OpenID button again.

The browsers I've tested with are IE8, Chrome 3, FireFox 3.5 and Safari 4. If you test with other/older browsers, please leave feedback about how your experience was. But currently I'm not targeting older browsers, so any bug reports regarding backward compatibility may not be fixed.

How to leave feedback

Just reply to this message.

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre

_______________________________________________
general mailing list
general@...
http://lists.openid.net/mailman/listinfo/openid-general
  

Just a small note.

Great effort and real-time improvements.   Feel much more comfortable
using these types of libraries when there is such great support and
follow through.

--Mike

On Mon, Oct 26, 2009 at 7:46 PM, Andrew Arnott <andrewarnott@...> wrote:
> It turns out that nasty redirect behavior that pulled you back to Verisign
> was due to a bug in Verisign's handling of checkid_immediate, which they are
> now aware of and investigating.
> So aside from that redirect issue, which only comes up if you click on
> Verisign at least once, it seems, all fixes this forum has suggested have
> been published.  So please feel free, everyone, to revisit
> http://openidux.dotnetopenauth.net/ and give fresh feedback (or remind me of
> something I may have missed in this discussion).
> --
> Andrew Arnott
> "I [may] not agree with what you have to say, but I'll defend to the death
> your right to say it." - S. G. Tallentyre
>
>
> On Fri, Oct 23, 2009 at 2:20 PM, Rabbit <rabbit@...> wrote:
>>
>> Good improvements, Andrew.
>> Popups look great, plugin prompt did not appear.
>> As for the redirect issue, I don't know if this helps but looking at the
>> headers it checks each of these in sequence:
>> - Google?
>> - MyOpenID?
>> - Yahoo?
>> - Verisign?
>> At which point it redirects me to login at PIP.
>> Perhaps your prototype thinks I am signed into Versign.
>> =Rabbit
>> On Oct 23, 2009, at 2:23 PM, Andrew Arnott wrote:
>>
>> Hey Rabbit,
>> So I fixed the popup window size and the plugin prompt (please verify!).
>>  Also, I happened to run into the same Back->auto-redirect behavior you just
>> described.  It was in IE8 for me, and I have no idea why it's doing that.
>>  It doesn't usually (for me anyway).  But anyway, that's absolutely not by
>> design, and I'm going to chase that down and fix it.  Thanks for letting me
>> know it wasn't just a fluke on my machine. :)
>> Thanks for the extra details.
>> --
>> Andrew Arnott
>> "I [may] not agree with what you have to say, but I'll defend to the death
>> your right to say it." - S. G. Tallentyre
>>
>>
>> On Thu, Oct 22, 2009 at 10:15 PM, Rabbit <rabbit@...> wrote:
>>>
>>> Inline comments.
>>> Peace.
>>> =Rabbit
>>> On Oct 22, 2009, at 10:27 PM, Andrew Arnott wrote:
>>>
>>> Thanks, Rabbit.
>>> Responses inline.
>>> --
>>> Andrew Arnott
>>> "I [may] not agree with what you have to say, but I'll defend to the
>>> death your right to say it." - S. G. Tallentyre
>>>
>>>
>>> On Thu, Oct 22, 2009 at 7:01 PM, Rabbit <rabbit@...> wrote:
>>>>
>>>> I won't sugar coat this. If I encountered this interface in the wild I
>>>> would be furious. I hope you are able to take this criticism constructively
>>>> and improve the user experience.
>>>
>>> Sure, I don't want you to sugar coat it.  Although your tone throughout
>>> this email suggests that you thought I thought this was all finished and
>>> polished.  It's a "prototype", dude.
>>>
>>> I know it's a prototype. Apologies for my tone.
>>>>
>>>> FireFox on OSX receives multiple plugin download requests. Obviously
>>>> these are related to InfoCard but "explainable" from a technical perspective
>>>> doesn't translate to "acceptable" from a user perspective. There was also no
>>>> indication as to what the plugins were for and when I attempted to install
>>>> them it failed. That latter criticism may be an issue with FireFox or OSX.
>>>
>>> I totally agree.  This doesn't happen on Windows, so I didn't see these
>>> problems.  But another mac user reported seeing the same thing.  I have an
>>> idea of how to fix this so please try again in a couple days and tell me if
>>> the problem hasn't gone away.  Yes, it's InfoCard related, but it was not my
>>> intention to throw up all kinds of unpleasantness for those who don't have
>>> InfoCard support.  It's supposed to be a very quiet "light-up" scenario if
>>> you have it, and completely and quietly missing if you don't.
>>>
>>> Realistically, it's not a big deal. In FireFox it appears as a slide down
>>> bar the same that happens when asked to remember a password. I don't know
>>> enough about integrating with InfoCard, the reason I pointed it out is that
>>> there may be some Mozilla-oriented headers that will point its plugin
>>> searcher in the right direction.
>>>
>>>
>>>>
>>>> Almost every popup window was irritating and appeared broken. A standard
>>>> user would most likely think they were tricked into clicking an
>>>> advertisement. This somewhat extends into my general criticism towards the
>>>> entire popup standard being promoted (which I won't get into) but even with
>>>> the popup approach there is room for improvement here. If you know the
>>>> OpenID provider you are sending me to, and they do not offer a simple UI for
>>>> popups, at least size the window to avoid horizontal scrollbars.
>>>>
>>>>
>>>> http://s978.photobucket.com/albums/ae262/rabbyte/?action=view&current=Picture3.png
>>>>
>>>> http://s978.photobucket.com/albums/ae262/rabbyte/?action=view&current=Picture4.png
>>>>
>>>> http://s978.photobucket.com/albums/ae262/rabbyte/?action=view&current=Picture5.png
>>>
>>> Working within the popup UI is still being developed for the OPs, and
>>> each of them are responsible for making it look good.  Google supports it
>>> fully, as I'm sure you noticed.  Yahoo claims to support it but don't get
>>> the window size right according to the UI extension draft spec and I hope
>>> they fix that or the spec (I don't care which).  myopenid and verisign don't
>>> support it at all, and the larger popup window size I give non-supporters
>>> isn't apparently big enough for their large window demands.  I'll see if I
>>> can fix that by just giving them a bigger window.  Ideally, I hope this
>>> encourages these OPs to shrink their UI so it fits in smaller windows.
>>>
>>> imho, I would prefer a new tab being opened if there is no known window
>>> dimensions. Unfortunately, that creates an even more inconsistent user
>>> experience.
>>>
>>> Besides that, myopenid and Verisign aren't likely to be displayed in the
>>> final UI kit that I'm building until they meet the guidelines I wrote up.
>>>  RPs can always add them though.
>>>>
>>>> You'll also notice that the MyOpenID popup is slightly hiding its
>>>> security feature on the top right. There's just no excuse for that.
>>>
>>> I agree.  But see above.
>>>>
>>>> The automatic redirecting is absolutely atrocious! Even just trying to
>>>> test this out for feedback was excruciating. It is impossible to change my
>>>> choice once I have made a choice. Page load tries to redirect. Clicking
>>>> login tries to redirect. My history gets mangled and I can't hit the back
>>>> button. Between the popups and the redirects, a standard user might (and
>>>> should) think they have a virus.
>>>
>>> Now here you've lost me.  Can you explain more precisely what's going on?
>>>  Maybe it's a Mac thing (which I would of course still want to fix), but why
>>> do you say it's impossible to change your choice once you've made one?  If
>>> you click one Provider and log in, you absolutely can pick another provider
>>> the next time you log in (although we make them appear grayer than the rest
>>> to discourage this).  But remember this is targeted at normal users -- it's
>>> not targeted for testing multiple OPs.  So a normal user would want to keep
>>> clicking the same button in order to avoid splintering their identity.
>>>  That's a common complaint about OpenID: "Which button did I click on last
>>> time?"  Or more practically: "I logged in [with the wrong button] and now
>>> all my stuff is gone!"  Although the other buttons are gray, you can still
>>> click them.
>>>
>>> I thought that was an intentional feature. I made a provider choice,
>>> clicked through to the provider, did not login (maybe that makes the
>>> difference?), went back to the original page and each time it would load for
>>> a second then instantly redirect me back to the OP I chose.
>>> I had to load your page, hit stop quickly, click Login, hit stop quickly,
>>> then choose another provider. (You can understand my frustration! hah)
>>> I wouldn't mind the auto-redirects if there were a visual countdown such
>>> as:
>>> "You previously chose X as your provider. Redirecting in 3....2....1..."
>>> with a cancel button to make another choice.
>>> I don't really see how this could be an OS-specific issue. If you have
>>> trouble duplicating this, contact me directly, I'll try to help pinpoint it.
>>>
>>> Now what about this "page load tries to redirect".  What does that mean?
>>>  I've seen sites where the Back button takes you to a page that redirects
>>> you "forward" again, which is very aggravating.  But on my browsers, this
>>> doesn't happen.  The back button works as expected.  Can you elaborate about
>>> what's broken?
>>>>
>>>> It also wouldn't hurt to provide a little information about OpenID since
>>>> it is an option. Even linking to a tutorial site to provide more information
>>>> would be helpful (hey! and you could use another popup!). Ok, maybe that
>>>> last remark was a little mean. I appreciate the effort. I really need to put
>>>> together a demo. I really hope you found my feedback useful.
>>>
>>> Here I disagree with you, but your opinion is appreciated nonetheless.
>>>  This is not a "promote OpenID" design.  Some of the loudest feedback I hear
>>> from users who fail to log into RPs is that they don't know what OpenID is
>>> and they leave.  This UI is designed for maximum user conversions to the
>>> RP's services, not to OpenID.  RPs want users to log in -- they don't care
>>> whether users know what OpenID is, and users don't visit random RPs to learn
>>> about what OpenID is.
>>>
>>> I only suggested it as OpenID is an option. It don't think it would hurt
>>> since you're already expanding the window with an input field to have a
>>> small link saying "What is this?" After all, that could easily be a path of
>>> discovery for many people who just haven't heard of OpenID yet but would
>>> love if they understood it.
>>>
>>> A design requirement is to keep the UI as simple as possible, while
>>> providing flexibility where needed for power users.  So links to learn about
>>> OpenID will be limited to what the RP's attorneys insist on saying for
>>> liability reasons.
>>> Yes, your feedback was helpful -- and can be more so if you can provide
>>> some more detail about the issues I asked for more detail about.
>>>>
>>>> =Rabbit
>>>>
>>>
>>>
>>
>>
>
>

> _______________________________________________
> general mailing list
> general@...
> http://lists.openid.net/mailman/listinfo/openid-general
>
>