I was incredibly excited to see Dan Mills of the Weave team show off OpenID in the browser thanks to Weave. I have wanted this from long before joining Mozilla and Dan has done a great job and doing something smart to make it happen.
The key to this all is the notion of “logging into the browser.” With the Weave project this is exactly what you do. Although the first service that Weave offered was the ability to sync bookmarks, all along it has been setup for much much more, and this is a perfect example of what the integration of a browser with a service backend can mean. One thing to note is that the Weave team really cares about privacy. The way the Weave system works right now is that the server has encrypted bits that it can never look at and understand. Instead, the client itself has the private keys that it needs to do the real work of holding the data, thus the browser, which is a natural extension to yourself the user, has full control. Think about how that differs from many services up in the cloud that make a lot of money off of your data (not that making money is bad!)
Back to the point at hand. Dan shows us how, once you are logged into Weave (and thus the browser) it will watch out for input’s that match the openid spec (openid_identifier, openid_url) and replaces it with a simple button that tells you that you can just log in! With a click on the button you get logged in automatically via Weave and you are on your way. Now Ben will be able to login to the Web 2.0 Expo site with one click instead of a series of nightmare steps. I think this is a pretty big deal.
In one fell swoop we get:
- A usable login procedure that is trivial!
- We don’t have to give trust to some third party site that we are giving the keys to the treasure too. Imagine if you used OpenID to login to your bank… would you trust your OpenID provider enough for that?
- It is important to note that they also integrated the Firefox password manager into the mix. This means that you can set auto login right from the URL bar widget (with your password, as well as with OpenID!)
Of course, this is early days, as Dan says in his post
Keep in mind that this is just a prototype that we hacked together in a few of days, so there are some very rough edges. But we’re super excited about the possibilities already. When demoing it to people, they said things like “whoa! how did you do that?” and “I want this! How do I get it?”
People and Places
Now we are getting the notion of “people” and Identity in the browser, and we also have “location” too, we are really getting somewhere. A great week!