Many customers have asked a short while ago about the position with the Windows Live® ID local community solutions preview (CTP) OpenID endpoints, so right here is really a swift update.
We gathered loads of terrific feedback for the period of the OpenID CTP period, and we now have fed that into our team's OpenID item strategies. Thank you to every person who offered input—you have immediately impacted the merchandise!
The Manufacturing release of Windows Stay ID's OpenID Provider assist will glance appreciably completely different in the CTP version, so we're while in the system of closing the OpenID CTP endpoints to avoid any confusion.
Currently, we don't have a routine that I can publicly share for when we will release complete Production help of OpenID for Windows Dwell ID end users, but rest assured that we are doing work actively to supply OpenID performance to all of our 500+ million Windows Reside ID end users!
Background: Our Approach during the CTP
A major characteristic of our OpenID Supplier (OP) CTP was the attempt to use an account alias as both a “vanity URL” as well as a defense mechanism to help protect against phishing attacks.
In the CTP, Windows Live ID customers were required to create an OpenID alias (such as “http://openid.dwell.com/john”) attached to their account, and then to use that alias not just at the OpenID relying party site, but also as the way to identify themselves to the Windows Live ID OP. When arriving at the OP sign-in screen, customers were required to enter their OpenID alias (instead of their normal Windows Stay ID user name) plus the password (or one of their other associated credentials, such as an Information Card) from their main Windows Reside ID account.
Why this approach?
One on the main things we were (and still are) trying to do with the Windows Stay ID OP is to supply as much protection as possible to our Windows Dwell ID consumers against phishing attackers who use OpenID. OpenID does not help a network sign-out function as part of its protocol,
microsoft Office 2010 License, which can mean that customers are left in a state that differs from what they might assume. For example,
Office 2010 Professional, Windows Live ID customers who sign out of an OpenID site might expect to be completely signed out of their account, because that is what happens on all other Windows Stay ID-enabled sites.
How did it go?
We had envisaged that using an alias for OpenID sign-in could offer some separation from the two identity networks.
However, the usability model for this approach has turned out to be unfeasible and/or just plain confusing to customers!
Lessons Learned
So the main challenge uncovered for the period of the CTP was around aliasing, and then there was a grab bag of other things that we learned too.
Aliasing: a separate OpenID namespace for end users End users were confused with regards to the need to associate a separate OpenID alias with their main Windows Dwell ID account. Customers didn’t know where to go to create their OpenID alias; more setup pages to click through led to more drop-off. Consumers from distinct Windows Live ID namespaces would be upset if they could not get the same alias as they already had. For example, john@hotmail.com and john@live.com and john@hotmail.co.uk could not all have the alias “http://openid.dwell.com/john”. Acquiring all the “best” aliases quickly becomes overly competitive. Consumers got confused about whether they needed to enter their OpenID alias or the user name of their main Windows Reside ID account to sign in. Various users forgot what their OpenID alias was, so we would have required a separate “alias recovery” practice. At the OpenID alias sign-in page, we would have had to present to end users (and of course specifically test) all combinations of the unique sign-in credential options that we already provide for Windows Reside ID accounts—going beyond user name and password to include smart cards, Information Cards,
Windows 7 Serial, and other types of credentials. This complexity was pretty much a direct multiplier factor on the size for the required test matrix. Multiple entry-point paths Having multiple entry-point paths [for example, standard sign-in page + OpenID sign-in page + 3rd-party WebAuth sign-in + 3rd-party consent sign-in page] complicates all the sign-in interrupt flows that we must assist. Preserving the user experience and familiarity across multiple entry-point paths is challenging if any or all could potentially be updated independently. The cost of always keeping multiple entry-point paths exactly in sync would have been too high. Any form of combined sign-in/authentication + consent/authorization flow would be also complicated if we have multiple entry-point paths to deal with. Explaining things Last, but not least, we had a really hard time creating the right text to explain the choice between global unique alias and anonymous ID values being returned to relying party sites, even to super-geeks who work on identity software every day,
Microsoft Office 2007 Product Key! Conclusion
Basically, then, customers will be able to use their existing Windows Dwell ID account credentials to sign in to OpenID sites right -- just like they at present can do for any sites already using Windows Reside ID Web Authentication. Users won’t be required to pre-create a separate OpenID alias attached to their account in order to use it at OpenID sites.
We plan to optimize our production implementation around OpenID supplier discovery / identity select features (enter live.com with the OpenID sign-in box on a third-party site) as the best way forward for the vast majority in the end users of our OpenID Provider.
We will also aim to reuse and/or consolidate the various sign-in entry-point paths wherever possible -- to simplify the engineering and user experience for most people.
Finally,
Buy Office 2010, we are planning to hide the choice of ID value / type to return to relying parties -- to simplify the overall user experience for our mainstream customers.
If you have any additional feedback on our lessons learned then you can send them to our OpenID Tech Preview Feedback address.
References OpenID Foundation Home Page http://OpenID.net Windows Stay ID Home Page http://dev.dwell.com/liveid Original announcement from the Windows Dwell ID OpenID Provider CTP http://winliveid.spaces.live.com/blog/cns!AEE1BB0D86E23AAC!1745.entry Windows Dwell ID Web Authentication SDK http://msdn.microsoft.com/en-us/library/bb676633.aspx
Microsoft Office 2007 Product Key Windows Live ID
Linear Mode
