What an "RP" Wants

What an “RP” Wants

Joseph Smarr, PlaxoFebruary 10, 2009

Hi, I’m Plaxo

and I’m a Relying Party.

I’m in an “open relationship”

with all of you.

Frankly, it hasn’t been easy.

Sometimes it’s been confusing.

And you’ve never met all of my needs (for user data).

The result has not been good

for users

our business

or yours.

(scrape. scrape.)

But recently, I’ve been spending more time with...

Google

experimenting with anew technique

that leverages more of the Open Stack

Results of the Open Stack“Two-Click Signup”

Experiment

Joseph Smarr, PlaxoFebruary 10, 2009

Goal of the Experiment

Prove that Open Stack onramping could be strictly better for all parties

• Better for the user

• Better for the Provider

• Better for the Relying Party

Hypotheses

• A “Hybrid OpenID/OAuth” approach could create a better user experience, with fewer round trips and reduced latency

• Signup flows for Gmail invitees could be further optimized, because Plaxo knows it’s a Google user, likely in a signed-in state

• Getting consent to access the user’s address book up front would increase import rates, which would drive multiple downstream benefits

Approach

• Implement a “two-click signup” flow completely optimized for Gmail invite case

• Keep the technology hidden under the hood

• Change as little of the post-sign-up flow as possible

• Ship fast, monitor, iterate

• Send 50% of English/U.S. Gmail invitees through the flow; other half are the “control”

• Turn it off after 1,000 people go through (unless the results are rocking)

live demo

Results

(drum roll, please)

Results

but wait...

We’ve all been worried

about the round trip

from the RP to the OP

and back to the RP

a.k.a

“The Chasm of Death”

so...

of the folks we sent to Google

what percent do you think came back?

92%

That means only

8%

were lost to the chasm.

8%

Of those that return

8%

8%said “no” to consent

8%and go to regular registration.

Which means

92%

of those returning

92%

92%said “yes” to consent

92%and have 2-click signup

92%with automated import.

Synopsis

So we get:

• Higher conversion rate

• Higher import rate

• More connections per user

• No drop-off in return visits

In other words, our business guys won’t let us turn it off!

Synopsis

We proved that Open Stack onramping can be strictly better for all parties

• Better for the user: High success rate with no password anti-pattern

• Better for the Provider: Happy users and no scraping

• Better for the Relying Party: Higher conversion rate; greater connection density

How big could this be?

Today, 17% come from Gmail

83%

17%

Other than GmailGoogle

And 73% come from the Top 4!

27%

73%

Other than Top 4Yahoo, Microsoft, Google, AOL

Yahoo, Microsoft, Google, AOL

27%

73%


All OpenID Providers!

27%

73%


In other words...

27%

73%


this could be huge!

27%

73%


Let’s go!

Technology

What an "RP" Wants