Experience a gorgeous ULX-powered login site (and let us know what you think)
For the past year a bunch of us in the ULX working group at Kantara has been working on the UX challenge of cross-protocol login UX. The idea was to design a user interface that mere mortals could use to login irrespective of underlying protocol. The reality is that users don’t care whether it is OpenID, i-cards, SAML (or even Facebook Connect) or anything else under the hood. They just want it to work. So we asked ourselves why can’t there be a common UX that’s easy to use. So…without further ado…
Click the “v4″ link here and experience a ULX-powered website!
We’ve not yet mocked up what happens AFTER you have an active client installed. In other words the mockup assumes an unmodified browser. But before we continue we wanted to show what we’ve got and get some reactions.
4 Comments »
RSS feed for comments on this post. TrackBack URI
Leave a comment
Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Nice job masking the complexity of an identity provider and providing the end user an understandable and actionable path to cross-protocol login.
I know each provider has their own login window, but to make it the most usable, it would be interesting to investigate if something like this would be possible instead of the pop-up:
[Reply]
Mat Hamlin Reply:
August 4th, 2010 at 2:39 pm
The previous comment stripped my HTML.
https://flic.kr/p/8pxTSE
[Reply]
paul Reply:
August 4th, 2010 at 7:23 pm
I see that you added the username/password box to the popup in your mockup. I had originally thought the same thing: we wanted to unify un/pw with OpenID, SAML, etc. and have them all on the same surface of the pop up. But some of our group strongly felt that doing so would lead to phishing attacks. The rationale was that user’s really don’t think much when they see un/pw widgets, they immediately start typing in credentials–and sometimes the wrong credentials. Thus, the thought was that without the additional context of the full site (e.g. the pubmed.gov site in this case) the user may well accidentally input non-pubmed.gov credentials. Personally I was very disappointed with this–in other words I agree with you!
[Reply]
J. Trent Adams Reply:
August 5th, 2010 at 12:52 am
Paul -
Even though you’re disappointed with the security concerns brought up by the group, did you ultimately agree with the outcome?
Curious.
Comment by Mat Hamlin — August 4, 2010 @ 2:37 pm