1 / 23

Account Management Best Practices OpenID for Mobile Webfinger

Account Management Best Practices OpenID for Mobile Webfinger. Allen Tom Yahoo! Membership Architect atom@yahoo-inc.com @atom. The NASCAR is just the beginning…. After logging in…. Now what?. “Soft Registration”. First time visitors should be presented with a soft registration form

amalia
Download Presentation

Account Management Best Practices OpenID for Mobile Webfinger

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Account Management Best PracticesOpenID for MobileWebfinger Allen Tom Yahoo! Membership Architect atom@yahoo-inc.com @atom

  2. The NASCAR is just the beginning….

  3. After logging in…. • Now what?

  4. “Soft Registration” • First time visitors should be presented with a soft registration form • Collect additional data if necessary • Terms of Service • Data that was not provided via OpenID • Birthday (for COPPA) • Location • Display Name • Don’t Ask for: • Username, Password, account recovery info

  5. Multiple accounts • Preferable to have the user link their OpenID with an existing account if they already have one • Existing account probably has data that the user wants to use • Purchase history • Ratings and reviews • Profile • Reputation

  6. Does the user already have an account? • Ask the user • Cons: Can be confusing and lower success rates • Check the email address • Most sites already have the user’s email address • Suggest that the user link their OpenID with their existing account of the user’s email address is already on file

  7. Account Linking • Verify the user’s password to link accounts • Account linking should be optional • User might not want to link • User might have forgotten the password • After the account has been linked, the user can log in using either their username/password or their OpenID

  8. Account Unlinking • Users should be able to add and remove OpenIDs to their accounts • Same thing as adding/removing email addresses to an account • But with a much better UX!

  9. Account Linking call to action

  10. Most users don’t know their Yahoo or Google OpenIDs

  11. OpenID Login is like Email account recovery • Many websites allow users to reset their password via email • User needs to prove that they can access their email to reset their password • Password reset is the same thing as logging in

  12. Account Recovery • Many websites allow Account Recovery via email • Outsourced Account Recovery to the user’s Email provider

  13. Email account recovery is like Logging In • Sites that allow password reset via email have already outsourced their authentication to the user’s email provider

  14. OpenID on Mobile • Account registration has high friction on the desktop, and is virtually impossible on Mobile • Use OpenID! • User is very likely to be already be logged into the their OP’s mobile site • Can sign in to via a few clicks

  15. Registration is challenging on Mobile

  16. Yahoo OpenID Mobile

  17. Google OpenID

  18. Webfinger • Find a profile page for a user given an email address • Example: allentomdude@yahoo.com http://profiles.yahoo.com/allentomdude

  19. “Well Known” discovery document • $ curl http://yahoo.com/.well-known/host-meta <?xml version='1.0' encoding='UTF-8'?><XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'><Host xmlns='http://host-meta.net/xrd/1.0'>yahoo.com </Host> <Link> <Title>WebFinger</Title><Rel>http://webfinger.info/rel/service</Rel> <Rel>describedby</Rel> <URITemplate> http://webfinger.yahooapis.com/?id={%id} </URITemplate></Link></XRD>

  20. Webfinger • $ curl http://webfinger.yahooapis.com/?id=allentomdude@yahoo.com <XRD> <Subject>acct:allentomdude@yahoo.com</Subject> <Alias>http://profiles.yahoo.com/allentomdude</Alias> </XRD>

  21. Webfinger <XRD> <Subject>acct:allentomdude@yahoo.com</Subject> <Alias>http://profiles.yahoo.com/allentomdude</Alias> </XRD> • Other services can be published via Webfinger • Calendar/Photos • IMAP/SMTP settings • Other public info • OpenID service discovery? (NASCAR replacement)

More Related