...
- The user clicks on a "sign in" button on the NIH site
- The addon reads some data that tells it stuff like:
- That the site is an RP for OpenID, IMI and SAML protocols (unusually it does not support username/password!)
- The list of attributes that the site wishes to receive and for each attribute the list of authorities that the RP trusts. In our case the site is going to request only a non-correlateable identifier (aka an IMI "PPID", aka an OpenID "directed" identity) and that it trusts only Yahoo, AOL, Google, as well as Facebook, Equifax, Citigroup, Silicon Wave, Acxiom to issue this attribute
- The add-on displays a login window. It consists of a dropdown showing two accounts that could be used immediately (because Alice has these accounts and the NIH site accepts these accounts), as well as one account that Alice could potentially use if she signed up with Google to get one (but she doesn't have one at present):
- AOL
- PayPal
- Alice clicks on Google
- Alice authenticates with to Google
- Alice agrees to share Google attributes with NIH
Mockups
Step #1: Alice clicks a Sign-in button (not shown)
Step #2: The add-on displays this window:
Step #3: Alice clicks on Google.
The add-on now displays (hmm...since the add-on knows that Alice already has a Google account, it probably shouldn't show the "Don't have a Google Account?" text):
Step #4: Alice authenticates to Google
Alice types in here username & password and clicks "Sign in" (not shown)
Step #5:
...
Alice agrees to share Google attributes with NIH
