account management best practices openid for mobile webfinger n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Account Management Best Practices OpenID for Mobile Webfinger PowerPoint Presentation
Download Presentation
Account Management Best Practices OpenID for Mobile Webfinger

Loading in 2 Seconds...

play fullscreen
1 / 23

Account Management Best Practices OpenID for Mobile Webfinger - PowerPoint PPT Presentation


  • 102 Views
  • Uploaded on

Account Management Best Practices OpenID for Mobile Webfinger. Allen Tom Yahoo! Membership Architect atom@yahoo-inc.com @atom. The NASCAR is just the beginning…. After logging in…. Now what?. “Soft Registration”. First time visitors should be presented with a soft registration form

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Account Management Best Practices OpenID for Mobile Webfinger' - amalia


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
account management best practices openid for mobile webfinger

Account Management Best PracticesOpenID for MobileWebfinger

Allen Tom

Yahoo! Membership Architect

atom@yahoo-inc.com

@atom

soft registration
“Soft Registration”
  • First time visitors should be presented with a soft registration form
  • Collect additional data if necessary
    • Terms of Service
    • Data that was not provided via OpenID
      • Birthday (for COPPA)
      • Location
      • Display Name
  • Don’t Ask for:
      • Username, Password, account recovery info
multiple accounts
Multiple accounts
  • Preferable to have the user link their OpenID with an existing account if they already have one
  • Existing account probably has data that the user wants to use
    • Purchase history
    • Ratings and reviews
    • Profile
    • Reputation
does the user already have an account
Does the user already have an account?
  • Ask the user
    • Cons: Can be confusing and lower success rates
  • Check the email address
    • Most sites already have the user’s email address
    • Suggest that the user link their OpenID with their existing account of the user’s email address is already on file
account linking
Account Linking
  • Verify the user’s password to link accounts
  • Account linking should be optional
    • User might not want to link
    • User might have forgotten the password
  • After the account has been linked, the user can log in using either their username/password or their OpenID
account unlinking
Account Unlinking
  • Users should be able to add and remove OpenIDs to their accounts
  • Same thing as adding/removing email addresses to an account
    • But with a much better UX!
openid login is like email account recovery
OpenID Login is like Email account recovery
  • Many websites allow users to reset their password via email
  • User needs to prove that they can access their email to reset their password
  • Password reset is the same thing as logging in
account recovery
Account Recovery
  • Many websites allow Account Recovery via email
  • Outsourced Account Recovery to the user’s Email provider
email account recovery is like logging in
Email account recovery is like Logging In
  • Sites that allow password reset via email have already outsourced their authentication to the user’s email provider
openid on mobile
OpenID on Mobile
  • Account registration has high friction on the desktop, and is virtually impossible on Mobile
  • Use OpenID!
  • User is very likely to be already be logged into the their OP’s mobile site
    • Can sign in to via a few clicks
webfinger
Webfinger
  • Find a profile page for a user given an email address
  • Example:

allentomdude@yahoo.com

http://profiles.yahoo.com/allentomdude

well known discovery document
“Well Known” discovery document
  • $ curl http://yahoo.com/.well-known/host-meta

<?xml version='1.0' encoding='UTF-8'?><XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'><Host xmlns='http://host-meta.net/xrd/1.0'>yahoo.com

</Host>

<Link> <Title>WebFinger</Title><Rel>http://webfinger.info/rel/service</Rel> <Rel>describedby</Rel> <URITemplate> http://webfinger.yahooapis.com/?id={%id} </URITemplate></Link></XRD>

webfinger1
Webfinger
  • $ curl http://webfinger.yahooapis.com/?id=allentomdude@yahoo.com

<XRD>

<Subject>acct:allentomdude@yahoo.com</Subject>

<Alias>http://profiles.yahoo.com/allentomdude</Alias>

</XRD>

w ebfinger
Webfinger

<XRD>

<Subject>acct:allentomdude@yahoo.com</Subject>

<Alias>http://profiles.yahoo.com/allentomdude</Alias>

</XRD>

  • Other services can be published via Webfinger
    • Calendar/Photos
    • IMAP/SMTP settings
    • Other public info
    • OpenID service discovery? (NASCAR replacement)