How is OpenID helping Google? Steven Bazyl Developer Advocate .
-
Upload
devin-dean -
Category
Documents
-
view
213 -
download
0
Transcript of How is OpenID helping Google? Steven Bazyl Developer Advocate .
![Page 1: How is OpenID helping Google? Steven Bazyl Developer Advocate .](https://reader036.fdocuments.us/reader036/viewer/2022070305/55146d655503462d4e8b5eb0/html5/thumbnails/1.jpg)
How is OpenID helping Google?
Steven BazylDeveloper Advocatehttp://goo.gl/L9oK5
![Page 2: How is OpenID helping Google? Steven Bazyl Developer Advocate .](https://reader036.fdocuments.us/reader036/viewer/2022070305/55146d655503462d4e8b5eb0/html5/thumbnails/2.jpg)
Google users
• 50% Google Account users = Gmail users• Other 50% = people with Email from Yahoo, Hotmail,
AOL, Comcast, etc.
![Page 3: How is OpenID helping Google? Steven Bazyl Developer Advocate .](https://reader036.fdocuments.us/reader036/viewer/2022070305/55146d655503462d4e8b5eb0/html5/thumbnails/3.jpg)
Google login is basic
![Page 4: How is OpenID helping Google? Steven Bazyl Developer Advocate .](https://reader036.fdocuments.us/reader036/viewer/2022070305/55146d655503462d4e8b5eb0/html5/thumbnails/4.jpg)
Our goals as an RP are basic
As copied from the recent OpenID Retail Summit description...
• Higher customer registration and login success rates• Login sooner in the online process to allow targeted
experiences and communcations• Increased referral traffic, search engine optimization,
and brand projection by leveraging social networks• Collecting rich customer profile information• Improved mobile customer experience• Federated login across multiple websites
![Page 5: How is OpenID helping Google? Steven Bazyl Developer Advocate .](https://reader036.fdocuments.us/reader036/viewer/2022070305/55146d655503462d4e8b5eb0/html5/thumbnails/5.jpg)
Two other big goals
1. Use OpenID to improve the experience for our EXISTING users
2. The use of OpenID should NOT increase per-user support costs
![Page 6: How is OpenID helping Google? Steven Bazyl Developer Advocate .](https://reader036.fdocuments.us/reader036/viewer/2022070305/55146d655503462d4e8b5eb0/html5/thumbnails/6.jpg)
Google's Sample OpenID Store
Visit openidsamplestore.comImportant: Read the FAQ to learn about those two hard problems
![Page 7: How is OpenID helping Google? Steven Bazyl Developer Advocate .](https://reader036.fdocuments.us/reader036/viewer/2022070305/55146d655503462d4e8b5eb0/html5/thumbnails/7.jpg)
How far has Google gotten as an RP?Our end goal is something close to federatedux.appspot.com• That is a prototype, not a live system• OpenID signups supported• OpenID logins supported• OpenID upgrades supported• Research indicates customer support costs won't
increase
But what is live today?
![Page 8: How is OpenID helping Google? Steven Bazyl Developer Advocate .](https://reader036.fdocuments.us/reader036/viewer/2022070305/55146d655503462d4e8b5eb0/html5/thumbnails/8.jpg)
OpenID for Email Verification
Live for Yahoo, AOL, and other email domains
![Page 9: How is OpenID helping Google? Steven Bazyl Developer Advocate .](https://reader036.fdocuments.us/reader036/viewer/2022070305/55146d655503462d4e8b5eb0/html5/thumbnails/9.jpg)
Lessons learned
• Increases the # of users who both signup AND verify their email address
• Developing OIX Trust framework for this use-caseo Search for "OAuth Goog" site and then search for "certification"
• Usability tests indicate that more "real users" will start the signup flow if they see an icon for a brand they use
![Page 10: How is OpenID helping Google? Steven Bazyl Developer Advocate .](https://reader036.fdocuments.us/reader036/viewer/2022070305/55146d655503462d4e8b5eb0/html5/thumbnails/10.jpg)
Move OpenID earlier in signup
NASCAR UI is same as "second-tab" of two-tab login box
Launching on Google in a few weeks
![Page 11: How is OpenID helping Google? Steven Bazyl Developer Advocate .](https://reader036.fdocuments.us/reader036/viewer/2022070305/55146d655503462d4e8b5eb0/html5/thumbnails/11.jpg)
• Email pre-filled (users won't need to verify it)
• Other attributes can be pulled (name, location, etc.)
• Suggest dropping CAPTCHA
• Still not using OpenID for login (user is asked to set a password)
![Page 12: How is OpenID helping Google? Steven Bazyl Developer Advocate .](https://reader036.fdocuments.us/reader036/viewer/2022070305/55146d655503462d4e8b5eb0/html5/thumbnails/12.jpg)
Our advice
• Using OpenID for signup flows is a great way to "dip your toes in the water"
• Allows controlled experiments with measurable results
• Try out a NASCAR style signup flow yourself...o but only if you can do OpenID style flows for
domains that cover 50%+ of your users
![Page 13: How is OpenID helping Google? Steven Bazyl Developer Advocate .](https://reader036.fdocuments.us/reader036/viewer/2022070305/55146d655503462d4e8b5eb0/html5/thumbnails/13.jpg)
What about OpenID login?
SAML RP login has been live for awhile...
![Page 14: How is OpenID helping Google? Steven Bazyl Developer Advocate .](https://reader036.fdocuments.us/reader036/viewer/2022070305/55146d655503462d4e8b5eb0/html5/thumbnails/14.jpg)
OpenID login (v.5) is live• Demonstrated at Fall IIW• Steps to enable it
o Need to be logged in to a Google service using a Yahoo or AOL mail address (NOT a Gmail address)
o Visit the Google MyAccount settings pageo Look for Change Federated Login option and click it
![Page 15: How is OpenID helping Google? Steven Bazyl Developer Advocate .](https://reader036.fdocuments.us/reader036/viewer/2022070305/55146d655503462d4e8b5eb0/html5/thumbnails/15.jpg)
Testing phase
• Requires SAML style login, sorry :-(• We need testers
o not a lot of Google employees use Yahoo mail for their personal accounts
• Other email domains will be supported soono Longer term we will rely on trust frameworks to support more
IDPs
![Page 16: How is OpenID helping Google? Steven Bazyl Developer Advocate .](https://reader036.fdocuments.us/reader036/viewer/2022070305/55146d655503462d4e8b5eb0/html5/thumbnails/16.jpg)
So what about the login box?
If you are not a big email provider, use two-tab login box from the sample sites
![Page 17: How is OpenID helping Google? Steven Bazyl Developer Advocate .](https://reader036.fdocuments.us/reader036/viewer/2022070305/55146d655503462d4e8b5eb0/html5/thumbnails/17.jpg)
Whats the problem with it?
Which tab is the default?
2nd tab works great if 60%+ of your users won't need to type a password on your siteCheck your account database to see what % of your users have mail from Google, Yahoo, Microsoft, AOL
Unfortunately 50% of Google users are Gmail users, and will have to type a password on our site :-(Google also has an advanced feature called multiple-login
Next step beyond two-tab is an Identity Selector
![Page 18: How is OpenID helping Google? Steven Bazyl Developer Advocate .](https://reader036.fdocuments.us/reader036/viewer/2022070305/55146d655503462d4e8b5eb0/html5/thumbnails/18.jpg)
Windows Live Identity Selector
![Page 19: How is OpenID helping Google? Steven Bazyl Developer Advocate .](https://reader036.fdocuments.us/reader036/viewer/2022070305/55146d655503462d4e8b5eb0/html5/thumbnails/19.jpg)
Google Identity Selector research
• If user clicks a Gmail identity, they are asked for password
• If they click an OpenID/SAML identity, they are redirected
• If they need to use another identity, they click + ...
![Page 20: How is OpenID helping Google? Steven Bazyl Developer Advocate .](https://reader036.fdocuments.us/reader036/viewer/2022070305/55146d655503462d4e8b5eb0/html5/thumbnails/20.jpg)
Add Account
• Used for EITHER signup OR signin• NASCAR UI is not used for login, so it no longer
needs to be consistent• It can vary per machine to show likely IDPs
![Page 21: How is OpenID helping Google? Steven Bazyl Developer Advocate .](https://reader036.fdocuments.us/reader036/viewer/2022070305/55146d655503462d4e8b5eb0/html5/thumbnails/21.jpg)
If you want to try this on your website• openidsamplestore.com has FAQ with details
o You can watch Google to see what we do, and we will keep publishing results
• There is still a lot of variance across OpenID IDPs. We suggest using a vendor who hides some of that varianceo Janrain, Gigya, Ping, Azure ACSo Google also has a toolkit available
Pros: It exposes the exact same APIs used by Google itself to be an RP
Cons: It only supports Gmail, Yahoo mail, Hotmail, AOLmail, and Google Apps mail
Vendors like Janrain are integrating this approach as an option as well.
Contact me or Janrain if you want to learn more about these offerings
![Page 22: How is OpenID helping Google? Steven Bazyl Developer Advocate .](https://reader036.fdocuments.us/reader036/viewer/2022070305/55146d655503462d4e8b5eb0/html5/thumbnails/22.jpg)
Q&A
To find our published research, just search for "OAuth Goog"
Steven BazylDeveloper [email protected]
Eric SachsSenior Product [email protected]