Many consumers have asked not long ago with regards to the status on the Windows Live® ID community technologies preview (CTP) OpenID endpoints, so right here is definitely a brief update.
We gathered many good feedback during the OpenID CTP time period,
Office 2010 Home And Student 64 Bit, and we've got fed that into our team's OpenID product or service plans. Many thanks to absolutely everyone who furnished input—you have instantly impacted the product or service!
The Production release of Windows Stay ID's OpenID Provider support will search noticeably totally different through the CTP edition, so we are inside method of closing the OpenID CTP endpoints in order to avoid any confusion.
Currently, we do not have a timetable that I can publicly share for when we'll release full Creation support of OpenID for Windows Reside ID users, but rest assured that we're functioning actively to supply OpenID features to all of our 500+ million Windows Live ID users!
Background: Our Approach in the CTP
A major characteristic of our OpenID Supplier (OP) CTP was the attempt to use an account alias as both a “vanity URL” as well as a defense mechanism to help protect against phishing attacks.
In the CTP, Windows Stay ID consumers were required to create an OpenID alias (such as “http://openid.dwell.com/john”) attached to their account, and then to use that alias not just at the OpenID relying party site, but also as the way to identify themselves to the Windows Stay ID OP. When arriving at the OP sign-in screen, consumers were required to enter their OpenID alias (instead of their normal Windows Reside ID user name) plus the password (or one of their other associated credentials, such as an Information Card) from their main Windows Dwell ID account.
Why this approach?
One from the main things we were (and still are) trying to do with the Windows Live ID OP is to supply as much protection as possible to our Windows Live ID consumers against phishing attackers who use OpenID. OpenID does not support a network sign-out function as part of its protocol,
Windows 7 32 Bit Key, which can mean that consumers are left in a state that differs from what they might assume. For example, Windows Stay ID users who sign out of an OpenID site might expect to be completely signed out of their account,
Windows 7 64 Bit Key, because that is what happens on all other Windows Reside ID-enabled sites.
How did it go?
We had envisaged that using an alias for OpenID sign-in could deliver some separation of your two identity networks.
However, the usability model for this approach has turned out to be unfeasible and/or just plain confusing to end users!
Lessons Learned
So the main challenge uncovered through the CTP was around aliasing,
Windows 7 Starter X86, and then there was a grab bag of other things that we learned too.
Aliasing: a separate OpenID namespace for users Consumers were confused about the need to associate a separate OpenID alias with their main Windows Live ID account. End users didn’t know where to go to create their OpenID alias; more setup pages to click through led to more drop-off. Consumers from distinctive Windows Dwell ID namespaces would be upset if they could not get the same alias as they already had. For example, john@hotmail.com and john@live.com and john@hotmail.co.uk could not all have the alias “http://openid.dwell.com/john”. Acquiring all the “best” aliases quickly becomes overly competitive. End users got confused about whether they needed to enter their OpenID alias or the user name of their main Windows Reside ID account to sign in. Quite a few end users forgot what their OpenID alias was, so we would have required a separate “alias recovery” method. At the OpenID alias sign-in page, we would have had to present to consumers (and of course specifically test) all combinations for the different sign-in credential options that we already produce for Windows Stay ID accounts—going beyond user name and password to include smart cards, Information Cards,
Office 2007 Keygen, and other types of credentials. This complexity was pretty much a direct multiplier factor on the size on the required test matrix. Multiple entry-point paths Having multiple entry-point paths [for example, standard sign-in page + OpenID sign-in page + 3rd-party WebAuth sign-in + 3rd-party consent sign-in page] complicates all the sign-in interrupt flows that we must assistance. Preserving the user experience and familiarity across multiple entry-point paths is challenging if any or all could potentially be updated independently. The cost of always keeping multiple entry-point paths exactly in sync would have been too high. Any form of combined sign-in/authentication + consent/authorization flow would be also complicated if we have multiple entry-point paths to deal with. Explaining things Last, but not least, we had a really hard time creating the right text to explain the choice between global unique alias and anonymous ID values being returned to relying party sites, even to super-geeks who work on identity software every day! Conclusion
Basically, then, consumers will be able to use their existing Windows Live ID account credentials to sign in to OpenID sites immediately -- just like they currently can do for any sites already using Windows Dwell ID Web Authentication. Consumers won’t be required to pre-create a separate OpenID alias attached to their account in order to use it at OpenID sites.
We plan to optimize our manufacturing implementation around OpenID supplier discovery / identity select performance (enter dwell.com inside OpenID sign-in box on a third-party site) as the best way forward for the vast majority for the users of our OpenID Supplier.
We will also aim to reuse and/or consolidate the various sign-in entry-point paths wherever possible -- to simplify the engineering and user experience for every person.
Finally, we're planning to hide the choice of ID value / type to return to relying parties -- to simplify the overall user experience for our mainstream customers.
If you have any additional feedback on our lessons learned then you can send them to our OpenID Tech Preview Feedback address.
References OpenID Foundation Home Page http://OpenID.net Windows Live ID Home Page http://dev.stay.com/liveid Original announcement for the Windows Dwell ID OpenID Provider CTP http://winliveid.spaces.live.com/blog/cns!AEE1BB0D86E23AAC!1745.entry Windows Dwell ID Web Authentication SDK http://msdn.microsoft.com/en-us/library/bb676633.aspx