Looks like Google has done some usability research on authentication... http://sites.google.com/site/oauthgoog/UXFedLogin
I particularly liked the guiding principles... [1] Design for usability [2] Leverage what users already know [3] Design for widespread adoption [4] Allow for gradual migration Very nice but I'm not so sure that AuthSub perfectly aligns with these principles. On May 22, 11:38 am, GenghisOne <mdkach...@gmail.com> wrote: > I'm trying to make sense of Google's authentication framework and > determine if it introduces any usability risks. > > Here's what I found in an online Google resource and if I'm reading it > right, I think we've got a bit of a usability problem: > > Fromhttp://code.google.com/apis/accounts/docs/AuthSub.html > **** > > [1] When the web application needs to access a user's Google service, > it makes an AuthSub call to Google's Authentication Proxy service. > > [2]The Authentication service responds by serving up an Access Request > page. This Google-managed page prompts the user to grant/deny access > to their Google service. The user may first be asked to log into their > account. > > *** > > Does AuthSub really inject some kind of security warning page into the > user experience? If so, has anyone asked what everyday users think of > this? > > Thx. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---