Versions Compared

Old Version 22

changes.mady.by.user Former user

Saved on

compared with

New Version 23

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
minLevel3
maxLevel3
typeflat
separatorpipe

Edit History

  • PaulT: 10/20/2009: Replaced v1 mockup with Valeska's v3 mockup. Removed V2 mockups.
  • PaulT: 10/16/092009: Changed preconditions so that Alice is pre-configured with Ohio State IdP and Equifax --now we need to update the mockups to align

...

  1. The user clicks on a "sign in" button on the NIH site
    1. The addon reads some data that tells it stuff like:
    2. That the site is an RP for OpenID, IMI and SAML protocols (unusually it does not support username/password!)
    3. The list of attributes that the site wishes to receive and for each attribute the list of authorities that the RP trusts. In our case the site is going to request only a non-correlateable identifier (aka an IMI "PPID", OpenID "directed" identity, SAML "persistent" NameID) and that it trusts only Yahoo, AOL, Google, as well as Facebook, Equifax, Citigroup, Silicon Wave, Acxiom, and InCommon IdPs to issue this attribute
  2. The add-on displays a login window.
    1. It prominently shows the following accounts that could be used immediately (because Alice has these accounts and the NIH site accepts these accounts):
      1. Google
      2. Ohio State
      3. Yahoo
      4. Equifax
      5. AOL
    2. Its also shows accounts that Alice could use if she first registered with these IdPs
      1. Acxiom
      2. Wave Systems
      3. Citigroup
  3. Alice clicks on Google
  4. Alice authenticates to Google
  5. Alice agrees to share Google attributes with NIH

Mockups (V3)

Step #1: Alice clicks a Sign-in button (not shown)

Step #2: The add-on displays this "account selector" window:

Notes:

...

  • The main window contains (all mixed together) (a) Alice's list of configured OpenIDs that are ON the RP's white list and (b) the rest of the RP's white list
  • The "Other options" section lists accounts that Alice does not have but that are in the RP's white list
  • The three dots imply that there are 2 more pages of "other options"

Questions:

  1. Not sure what the purple with the lower case white i represents. It looks like an infocard, but the brand/issuer isn't displayed
  2. We should change Silicon Wave to Wave Systems

Image Removed

  • buttons/accounts that have a blue outline, when clicked, will bring Alice to Step #3 below (i.e. they will start the rest of the process of signing her in).
  • The ones without the outline, when clicked, will bring her to the IdP's "sign up" page (i.e. these are just advertisements of other IdPs that the RP trusts)
  • The << and >> imply that there are yet other (b)-type IdPs
  • Alice's Facebook and Janrain OpenIDs and her PayPal infocards are not shown in the "account selector" because the RP site doesn't include Facebook in its white list

Image Added

Step #3: Alice clicks on Google.

...

Step #5: Alice agrees to share Google attributes with NIH

V2 Mockups

Step #2 (version 2)

Image Removed

Step #3 (version 2):

Image Removed

Step #5 (version 2):

Image Removed