1. What an “RP” Wants
Joseph Smarr, Plaxo
February 10, 2009

2. Hi, I’m Plaxo

3. and I’m a Relying Party.

4. I’m in an “open relationship”

5. with all of you.

6. Frankly, it hasn’t been easy.

7. Sometimes it’s been confusing.

8. And you’ve never met all of
my needs (for user data).

9. The result has not been good

10. for users

11. our business

12. or yours.

13. (scrape. scrape.)

14. But recently, I’ve been spending
more time with...

15. Google

16. experimenting with a
new technique

17. that leverages more of the
Open Stack

19. Results of the Open Stack
“Two-Click Signup”
Experiment
Joseph Smarr, Plaxo
February 10, 2009

20. Goal of the Experiment
Prove that Open Stack onramping could
be strictly better for all parties
• Better for the user
• Better for the Provider
• Better for the Relying Party

21. Hypotheses
• A “Hybrid OpenID/OAuth” approach could create
a better user experience, with fewer round trips
and reduced latency
• Signup flows for Gmail invitees could be further
optimized, because Plaxo knows it’s a Google user,
likely in a signed-in state
• Getting consent to access the user’s address book
up front would increase import rates, which would
drive multiple downstream benefits

22. Approach
• Implement a “two-click signup” flow completely
optimized for Gmail invite case
• Keep the technology hidden under the hood
• Change as little of the post-sign-up flow as possible
• Ship fast, monitor, iterate
• Send 50% of English/U.S. Gmail invitees through the
flow; other half are the “control”
• Turn it off after 1,000 people go through (unless the
results are rocking)

23. live demo

24. Results
(drum roll, please)

25. Results
but wait...

26. We’ve all been worried

27. about the round trip

28. from the RP to the OP

29. and back to the RP

30. a.k.a

31. “The Chasm of Death”

32. so...

33. of the folks we sent to Google

34. what percent do you think
came back?

35. 92%

36. That means only
8%

37. 8%
were lost to the chasm.

38. Of those that return
8%

39. 8%
said “no” to consent

40. 8%
and go to regular registration.

41. Which means
92%

42. of those returning
92%

43. 92%
said “yes” to consent

44. 92%
and have 2-click signup

45. 92%
with automated import.

46. Synopsis
So we get:
• Higher conversion rate
• Higher import rate
• More connections per user
• No drop-off in return visits
In other words, our business guys won’t
let us turn it off!

47. Synopsis
We proved that Open Stack onramping
can be strictly better for all parties
• Better for the user: High success rate with no
password anti-pattern
• Better for the Provider: Happy users and no
scraping
• Better for the Relying Party: Higher conversion
rate; greater connection density

48. How big could this be?

49. Today, 17% come from Gmail
Other than Gmail
Google
17%
83%

50. And 73% come from the Top 4!
Other than Top 4
Yahoo, Microsoft, Google, AOL
27%
73%

51. Yahoo, Microsoft, Google, AOL
Other than Top 4
Yahoo, Microsoft, Google, AOL
27%
73%

52. All OpenID Providers!
Other than Top 4
Yahoo, Microsoft, Google, AOL
27%
73%

53. In other words...
Other than Top 4
Yahoo, Microsoft, Google, AOL
27%
73%

54. this could be huge!
Other than Top 4
Yahoo, Microsoft, Google, AOL
27%
73%

55. Let’s go!