I agree that the language you show above could some tweaking, but the core idea seems sound. Another note is that you should examine how the new save password bar at the top is designed and match that look and feel—that will emphasize the “stored/saved authentication system” parallel.

As a technical user, I ‘m not even sure I know what that means. What is my identity? What can intrigo.com do when it has my identity? Why does it want my identity? And if I don’t want to allow this, what do I need to do to still get access to the site?

As a non-technical user, I just want to use intrigo.com and get my work done (or have fun). I’m going to learn pretty quickly that clicking “Allow” takes me to the site, so I’m just always going to click it.

OpenID is a great technology, and integrating with browsers is a good step forward, but it still feels like we’re building a solution for people who understand the technology. Either we need to make safe decisions on behalf of the non-technical users, or figure out a good way to explain what we are asking them to decide about.

I think something like Seatbelt is a key part of the solution. Things I love about seatbelt:
- it gives me in-browser status of whether or not I’m logged in to my provider.
- it makes it easy to setup my provider, assuming I already know who my provider is.

It seems that everyone agrees that there are opportunities to build on top of that. I have a really ambiguous (ambitious?) goal in my head: can a novice user, upon installing firefox, setup their OpenID Provider and complete an OpenID login into a RP with out ever knowing they’ve used OpenID. What would that flow look like?

If there is no answer to that, if it’s just not possible, then I’m not sure how OpenID will get broad adoption. It seems everyone agrees with that and I hope that anyone who doesn’t will contest it and explain, there’s merit in that discussion, too! But assuming it’s possible, what’s next and who (OPs, RP, browser) can contribute what to simplifying the flow? Above is just one idea

https://pip.verisignlabs.com/seatbelt.do

The missing piece for this particular flow (besides the browser stuff) seems to be automating the trust handshake between the user and their OP. I now read that at Vidoop you and Scott have been talking about removing the trust screen completely when there is no sReg data changing hands. That would be a huge gain if it can be done, and may even obviate the need to put the trust screen in the browser. I’m not sure though. I’m thinking about putting together a little Firefox extension to test this login flow. I think the shortcomings of my idea will become a lot more obvious when I actually have to use it. But hey, maybe it will work great! We’ll see what happens.

For example, if I have ClaimID, AOL and Yahoo or MyOpenID accounts, which one should I use? It shouldn’t necessarily matter, but I would effectively be creating new accounts if I later choose to signin with one of my other accounts… So I’m actually skeptical of the ID Selector UI.