OpenID help text needs some major loving

- OMG! WHY DID THE PAGE JUST TURN INTO LIVEJOURNAL!? THE WORLD IS ENDING! AHHH!!!

OMGZORZ!

After a bit of discussion on IRC, I proposed this as a starting point:

This site supports OpenID, a standard way of verifying your identity and logging in to web sites. If you have an OpenID from another site, you may use it as an alternative to your username when logging in to this site. To add OpenIDs to your account, enter the OpenID URL below.

I showed what Eaton suggested to a couple of non-technical users. Both found "a standard way" confusing. Neither knows what technological standard is; they just of wondered what OpenID is and how it was standard if they'd never heard of it. Also, "from another site" made them think that the site this appeared on must also be an OpenID provider, and "to add OpenIDs..." was similarly confusing. How does the following sound?

This site supports OpenID, a secure way to verify your identity and log in to web sites without having to remember a different password for each, or share your password for one site with another. If you have an OpenID, you may use it as an alternative to your username when logging in to this site. To link your account on this site to one or more OpenIDs, enter the OpenID URL below.

I think a link to the Drupal handbook page would be good. That and also putting a link to more info about OpenID would be a good idea.

@ squidly: Re: "putting a link to more info about OpenID would be a good idea" -- there's already a link to openid.net, but I do think a couple of more links might be helpful as well.

For example, some people may already have an OpenID and not even realize it -- like for users of livejournal, wordpress.com or vox. So a link to a wiki with a list of current OpenID providers might be helpful -- here's one possible listing: http://openid.net/wiki/index.php/OpenIDServers

Another thing that might be good is to give an example syntax of an "OpenID URL." An exmple that's used here is -- For example: happygirl.bloghost.com We could change it to For example: myusername.openidprovider.com

And it might be helpful to also link to that How's it work?" page since it's a little mysterious to most people how such a thing could exist safely. It gives a pretty basic overview and also has links to wonky flowcharts like this one.

So integrating these suggestions, here's what I'd propose building off of HedgeMage's suggestion.

This site supports OpenID, which is a secure way to verify your identity and log into web sites without having to remember a different password for each one. You also don't have to share your password for one site with another. If you have an OpenID account, then you may use it as an alternative to your username when logging in to this site. To link your account on this site to one or more OpenIDs, enter the OpenID URL below. For example: myusername.openidprovider.com

Not sure if that's too long, but there's definitely some more pointers and I think it flows a bit better.

Agreed, what is there does not explain enough. Also worth looking at the existing text at /admin/help/openid though

OpenID is a secure way to use one user ID and password to log in to many web sites without special software, giving the same password to each site, or losing control over which information is shared with each site that you visit.

Users can create accounts using their OpenID, assign one or more OpenIDs to an existing account, and log in using an OpenID. This lowers the barrier to registration, which is good for the site, and offers convenience and security to the users. Logging in via OpenID is far more secure than cross-site logins using drupal.module.

More information on OpenID is available at OpenID.net

The two should reflect each other some.

I will hammer out a patch in the next few hours. Then we have a place to work from .

I'm begining to think that is a little to much info, and I'd also like a help page for users - not admin/help/openid as anonymous users can't access that - that explains a little of the how of openid. Basically some of the text on openid.net/about

That said, I'll work it out by the end of the day.

So, I wanted to give the user some sort of idea what OpenID was, and still keep it as short and simple as possible.

I also ammended thehelp page to give the administer an idea as to what was going on (OMG! Livejournal haxxed my f$*King site!!!).

For your reading pleasure, I've pasted the text of both here, patch attached.

This site supports OpenID, a secure way to log into many websites using the same username and password. An OpenID identity is an account on an OpenID server. By verifying that you are logged into your OpenID server, this site will know that you are who you claim to be.

If you have an OpenID, enter the URL to your OpenID server below. When next you login, you will be able to use the username and login from your trusted site on this site. You can have multiple OpenID servers if you like, just keep adding them here.

If you do not have an OpenID and would like one, look into one of the free public providers. You can find out more about OpenID at their website.

and on the help page:

OpenID is a secure way to have one username and password to log into many web sites. It does not require special software, and it does not share login information to any site with which it is associated.

Users can create accounts using their OpenID, assign one or more OpenIDs to an existing account, and log in using an OpenID. This lowers the barrier to registration, which is good for the site, and offers convenience and security to the users. Logging in via OpenID is far more secure than the previous method using drupal.module.

The basic concept is that a user has a login on an OpenID server. When the user comes to your site, they are presented with the option of entering the URL of their OpenID server. Your site then communicates with the OpenID server, asking it to verify the identity of the user. If the user is logged into their OpenID server, the server communicates back to your site, verifying the user. Otherwise, the user is presented with a login to their OpenID server. At no point does this site record, or need to record the user's OpenID username and password.

More information on OpenID is available at OpenID.net.

gah. I had been playing with the wording 'trusted site' but decided to stick with OenID server to keep the branding and the true terminology. But I left one in above. This patch fixes that.

thats better.

Hm, a few problems (although note that I am not a native English speaker):

- Sometimes there are two spaces in the middle of a sentence, and there are two between sentences, which is not right.
- concatenation at the end of t() calls with the p tag seems to violate coding standards (whitespace required before the dot)
- "When next you login" sounds like broken... Maybe "Next time you log in"
- "you will be able to use the username and login from your OpenID identity" also sounds broken. I only need to pass the URL right, and then provide a proof of ownership of that URL elsewhere, right?
- 'at their website' could be 'at their website', so more words are clickable (easier to click on the link)
- in Drupal core we are trying to use more to the point URL placeholders, instead of boring @url and @url2, so better placeholders would be nicer.
- drupal.module is not going to be included in Drupal 6, so new users will have no idea whatsoever what that note might mean (contrib will host the module under a different name). Maybe this needs to be made a bit generic, eg: "Logging in via OpenID is far more secure than the distributed login solutions which came built-in with Drupal before." instead of "Logging in via OpenID is far more secure than the previous method using drupal.module."

Beginning with Tresler's text I came up with the following. My knowledge of OpenID is limited, so if you like the text please check for accuracy. Sorry, I won't have a patch environment set up for several days.

OpenID is a secure protocol that permits you to register and login to all OpenID enabled web sites with a single username and password. OpenID can reduce the necessity of managing many usernames and passwords for many websites. To use OpenID you must first establish an identity on a public or private OpenID server. For more information about how to establish identities, where to find public servers, or how to set up your own OpenID server, consult the wiki at the OpenID web site.

On this page you may associate your account with one or more OpenID identities by entering a unique URL for each identity you have established on one or more OpenID servers. Each time you login to this web site, you will again enter the unique URL and this website will contact the OpenID server for verification. Login to this website will proceed transparently when this web site receives confirmation that you are currently logged into the OpenID server. If confirmation fails, you will be provided an opportunity to login to the OpenID server. Your OpenID username and password will remain known only by the OpenID server.

I was inconsistent with "website" and "web site". Which is preferred?

This is an amendment to Tresler's patch from comment #9.

re: comment #11:

- white spacing fixed

- Broken language, reworked.

- I've changed 'at their website' to 'this website' because I felt 'their' suggested that OpenID was owned by a company or organisation.

- I've changed the URL placeholders. Have I done this correctly?

- I agree with webchick's comments in comment #12 and have removed the reference to drupal.module.

- I've added the 'myusername.openidprovider.com' example from comment #5.

I've also added a little to the admin/help/openid page pointing out that this isn't a trust system and so we need email verification still. And I have reworked the rest of that text, hopefully to make the examples clearer (but it is late so it is quite possible I've not made it worse ;) ).

Finally this is my first patch ever, so please tell me if I've done anything wrong. :)

Whoops, I was rude and ignored pcwick. This patch draws from his reworking a little and rearranges some of the text into a more logical flow on the user/%/openid page.

Sorry, I put whitespace errors in the last patch. Tiredness.

Thanks for all the hard work folks. I've committed alpritt's version of the patch. If you find more issues, we can tackle those in follow-up patches.