RelyingParty Design Recommendations
From Yadis
Some ideas for the technical side:
- if the user enters a hostname like "username.livejournal.com", this is automatically converted to http://username.livejournal.com/
- if the user enters something with a first character that is usual for XRIs (like "=username"), this is automatically converted to xri://=username
- in other cases the full URL must be entered (e.g. https://identityprovider/users/name/)
- other URI schemes should be rejected unless there is a well-known resolving mechanism (e.g. for mailto: this has been discussed multiple times on the mailing list)
Some ideas for design:
- The login area should NOT be designed in a way that local users may enter their username and password whereas external users enter their OpenID in the same username field while leaving the password blank (this might confuse).
- The login area should always contain some name that users may recognize (see Yadis Naming: myD, IRL, URU ...) plus a small Yadis Logo, plus logos or names for all signon services (OpenID, LID, ...).
- For now there should be a link "What is this?" pointing to a page where the Yadis concept is briefly explained to users. Some links to identity providers should be included.