Happy September everyone! Last week we threw around some ideas on which OpenID providers to accept and more importantly which not to accept.

There was a ton of feedback (thank you!) and in the end we decided that instead of a “whitelist”, the Sign In page will display icons of OpenID providers which work well with Passpack, and we’d work something out so that no one would be excluded – icon or not.

The icon list may grow with time, as does everything at Passpack. But I wanted to take a moment and explain the way we’re implementing OpenID integration before we release it.

What Does It All Mean To You, the User?

If you have an OpenID account, signing into Passpack with it will look something like this: you type in your OpenID name (or type in your nickname and click your provider icon) and you should then be prompted to complete your OpenID login process into Passpack. Easy as pie.

Now what if there is not an icon for your provider? What if you are using your very own OpenID from your very own server? Or worst case scenario – what if your provider is a registered phishing site?

Here is a quick chart which gives you more or less an idea of what the user sees when signing in under any of the circumstances mentioned above.

Still Curious? Here’s a Look Under the Hood

The following is a chart of the full process, including the backend, when logging into Passpack with OpenID. You may not see all of this happening, but we sure do.

If you can make heads or tails of that diagram… then you’re a genius! [wink]

Looking forward to your feedback. Please do chime in.