What an “RP” Wants
Joseph Smarr, PlaxoFebruary 10, 2009
and I’m a Relying Party.
I’m in an “open relationship”
Frankly, it hasn’t been easy.
Sometimes it’s been confusing.
And you’ve never met all of my needs (for user data).
The result has not been good
(scrape. scrape.)
But recently, I’ve been spending more time with...
experimenting with anew technique
that leverages more of the Open Stack
Results of the Open Stack“Two-Click Signup”
Experiment
Joseph Smarr, PlaxoFebruary 10, 2009
Goal of the Experiment
Prove that Open Stack onramping could be strictly better for all parties
• Better for the user
• Better for the Provider
• Better for the Relying Party
Hypotheses
• A “Hybrid OpenID/OAuth” approach could create a better user experience, with fewer round trips and reduced latency
• Signup flows for Gmail invitees could be further optimized, because Plaxo knows it’s a Google user, likely in a signed-in state
• Getting consent to access the user’s address book up front would increase import rates, which would drive multiple downstream benefits
Approach
• Implement a “two-click signup” flow completely optimized for Gmail invite case
• Keep the technology hidden under the hood
• Change as little of the post-sign-up flow as possible
• Ship fast, monitor, iterate
• Send 50% of English/U.S. Gmail invitees through the flow; other half are the “control”
• Turn it off after 1,000 people go through (unless the results are rocking)
Results
(drum roll, please)
Results
but wait...
We’ve all been worried
about the round trip
from the RP to the OP
and back to the RP
“The Chasm of Death”
of the folks we sent to Google
what percent do you think came back?
That means only
8%
were lost to the chasm.
8%
Of those that return
8%
8%said “no” to consent
8%and go to regular registration.
of those returning
92%
92%said “yes” to consent
92%and have 2-click signup
92%with automated import.
Synopsis
So we get:
• Higher conversion rate
• Higher import rate
• More connections per user
• No drop-off in return visits
In other words, our business guys won’t let us turn it off!
Synopsis
We proved that Open Stack onramping can be strictly better for all parties
• Better for the user: High success rate with no password anti-pattern
• Better for the Provider: Happy users and no scraping
• Better for the Relying Party: Higher conversion rate; greater connection density
How big could this be?
Today, 17% come from Gmail
83%
17%
Other than GmailGoogle
And 73% come from the Top 4!
27%
73%
Other than Top 4Yahoo, Microsoft, Google, AOL
Yahoo, Microsoft, Google, AOL
27%
73%
Other than Top 4Yahoo, Microsoft, Google, AOL
All OpenID Providers!
27%
73%
Other than Top 4Yahoo, Microsoft, Google, AOL
In other words...
27%
73%
Other than Top 4Yahoo, Microsoft, Google, AOL
this could be huge!
27%
73%
Other than Top 4Yahoo, Microsoft, Google, AOL