twicetwice.net

IDENTITY IN THE BROWSER

One of the problems with web applications is that most of them need some kind of login / identity system in place before users can use them effectively, which usually requires the following (minimum) features:

1. The ability to create a user account on the web app
   
2. The ability to log into the web app with that user account
3. The ability to add / update / delete private information for that user account
4. To have all of the above stored securely
   

This system then has to be implemented on every single web app on the Internet, but because not everyone is the same, every web app will implement this differently and not always in the most secure way.

One of the solutions to this is OpenID, which attempts to offload the identity system onto a third party provider.  This means any web app which supports OpenID doesn't have to write the login / identity system as all of that is taken care of by the (trusted) third party provider.

Though it is a good idea, OpenID does have its problems and it also isn't the easiest system to explain to people, which may also explain its slow adoption. 

Aza Raskin (son of Jef Raskin) has posted an entry recently on his blog about a new feature he's been developing for Firefox, where instead of your identity being managed by a third party provider, it is managed by your local browser. 

From what I've read, it appears that all your user information is stored on your local machine in the browser (and potentially on OpenID servers).  When you first log into a web app, you decide what information to share with the server and Firefox takes care of the rest.

Some of the use cases on the wiki page sounds very interesting, especially the mass password reset, in the case of notebook theft as most people have cookies / saved password stored in their browsers. 

It will be exciting to see what happens to this in the upcoming months and I can see this getting quite popular if they get the implementation right.