1 / 22

How is OpenID helping Google?

How is OpenID helping Google?. Steven Bazyl Developer Advocate http://goo.gl/L9oK5. Google users. 50% Google Account users = Gmail users Other 50% = people with Email from Yahoo, Hotmail, AOL, Comcast, etc. Google login is basic. Our goals as an RP are basic.

bjorn
Download Presentation

How is OpenID helping Google?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. How is OpenID helping Google? Steven Bazyl Developer Advocate http://goo.gl/L9oK5

  2. Google users • 50% Google Account users = Gmail users • Other 50% = people with Email from Yahoo, Hotmail, AOL, Comcast, etc.

  3. Google login is basic

  4. Our goals as an RP are basic As copied from the recent OpenID Retail Summit description... • Higher customer registration and login success rates • Login sooner in the online process to allow targeted experiences and communcations • Increased referral traffic, search engine optimization, and brand projection by leveraging social networks • Collecting rich customer profile information • Improved mobile customer experience • Federated login across multiple websites

  5. Two other big goals 1. Use OpenID to improve the experience for our EXISTING users 2. The use of OpenID should NOT increase per-user support costs

  6. Google's Sample OpenID Store Visit openidsamplestore.com Important: Read the FAQ to learn about those two hard problems

  7. How far has Google gotten as an RP? Our end goal is something close to federatedux.appspot.com • That is a prototype, not a live system • OpenID signups supported • OpenID logins supported • OpenID upgrades supported • Research indicates customer support costs won't increase But what is live today?

  8. OpenID for Email Verification Live for Yahoo, AOL, and other email domains

  9. Lessons learned • Increases the # of users who both signup AND verify their email address • Developing OIX Trust framework for this use-case • Search for "OAuth Goog" site and then search for "certification" • Usability tests indicate that more "real users" will start the signup flow if they see an icon for a brand they use

  10. Move OpenID earlier in signup Launching on Google in a few weeks NASCAR UI is same as "second-tab" of two-tab login box

  11. Email pre-filled (users won't need to verify it) • Other attributes can be pulled (name, location, etc.) • Suggest dropping CAPTCHA • Still not using OpenID for login (user is asked to set a password)

  12. Our advice • Using OpenID for signup flows is a great way to "dip your toes in the water" • Allows controlled experiments with measurable results • Try out a NASCAR style signup flow yourself... • but only if you can do OpenID style flows for domains that cover 50%+ of your users

  13. What about OpenID login? SAML RP login has been live for awhile...

  14. OpenID login (v.5) is live • Demonstrated at Fall IIW • Steps to enable it • Need to be logged in to a Google service using a Yahoo or AOL mail address (NOT a Gmail address) • Visit the Google MyAccount settings page • Look for Change Federated Login option and click it

  15. Testing phase • Requires SAML style login, sorry :-( • We need testers • not a lot of Google employees use Yahoo mail for their personal accounts • Other email domains will be supported soon • Longer term we will rely on trust frameworks to support more IDPs

  16. So what about the login box? If you are not a big email provider, use two-tab login box from the sample sites

  17. Whats the problem with it? Which tab is the default? 2nd tab works great if 60%+ of your users won't need to type a password on your site Check your account database to see what % of your users have mail from Google, Yahoo, Microsoft, AOL Unfortunately 50% of Google users are Gmail users, and will have to type a password on our site :-( Google also has an advanced feature called multiple-login Next step beyond two-tab is an Identity Selector

  18. Windows Live Identity Selector

  19. Google Identity Selector research • If user clicks a Gmail identity, they are asked for password • If they click an OpenID/SAML identity, they are redirected • If they need to use another identity, they click + ...

  20. Add Account • Used for EITHER signup OR signin • NASCAR UI is not used for login, so it no longer needs to be consistent • It can vary per machine to show likely IDPs

  21. If you want to try this on your website • openidsamplestore.com has FAQ with details • You can watch Google to see what we do, and we will keep publishing results • There is still a lot of variance across OpenID IDPs.  We suggest using a vendor who hides some of that variance • Janrain, Gigya, Ping, Azure ACS • Google also has a toolkit available • Pros: It exposes the exact same APIs used by Google itself to be an RP • Cons: It only supports Gmail, Yahoo mail, Hotmail, AOLmail, and Google Apps mail • Vendors like Janrain are integrating this approach as an option as well. • Contact me or Janrain if you want to learn more about these offerings

  22. Q&A To find our published research, just search for "OAuth Goog" Steven Bazyl Developer Advocate sbazyl@google.com Eric Sachs Senior Product Manager esachs@google.com

More Related