Why I am excited for the iPhone Tablet? My son. Bespin gives you some Pie and will do more Web Work for you
May 07

Who do I trust with my Identity? Erm, how about me? OpenID Weaves into the browser!

Tech Add comments

my profile

I was incredibly excited to see Dan Mills of the Weave team show off OpenID in the browser thanks to Weave. I have wanted this from long before joining Mozilla and Dan has done a great job and doing something smart to make it happen.

The key to this all is the notion of “logging into the browser.” With the Weave project this is exactly what you do. Although the first service that Weave offered was the ability to sync bookmarks, all along it has been setup for much much more, and this is a perfect example of what the integration of a browser with a service backend can mean. One thing to note is that the Weave team really cares about privacy. The way the Weave system works right now is that the server has encrypted bits that it can never look at and understand. Instead, the client itself has the private keys that it needs to do the real work of holding the data, thus the browser, which is a natural extension to yourself the user, has full control. Think about how that differs from many services up in the cloud that make a lot of money off of your data (not that making money is bad!)

Back to the point at hand. Dan shows us how, once you are logged into Weave (and thus the browser) it will watch out for input’s that match the openid spec (openid_identifier, openid_url) and replaces it with a simple button that tells you that you can just log in! With a click on the button you get logged in automatically via Weave and you are on your way. Now Ben will be able to login to the Web 2.0 Expo site with one click instead of a series of nightmare steps. I think this is a pretty big deal.

Here it is in action:

Weave ID video screencast

In one fell swoop we get:

  • A usable login procedure that is trivial!
  • We don’t have to give trust to some third party site that we are giving the keys to the treasure too. Imagine if you used OpenID to login to your bank… would you trust your OpenID provider enough for that?
  • It is important to note that they also integrated the Firefox password manager into the mix. This means that you can set auto login right from the URL bar widget (with your password, as well as with OpenID!)

Of course, this is early days, as Dan says in his post

Keep in mind that this is just a prototype that we hacked together in a few of days, so there are some very rough edges. But we’re super excited about the possibilities already. When demoing it to people, they said things like “whoa! how did you do that?” and “I want this! How do I get it?”

The answer is, “soon”, or if you’re brave enough you can try it out right now by installing the latest Weave development snapshot. Please let us know what you think by posting on the Weave forum!

People and Places

Now we are getting the notion of “people” and Identity in the browser, and we also have “location” too, we are really getting somewhere. A great week!

One Response to “Who do I trust with my Identity? Erm, how about me? OpenID Weaves into the browser!”

  1. Fabian Lange Says:

    Hi Dion,
    thanks for posting this. I wasn’t aware of Weave, and it really solves the SSO for me which OpenID couldn’t do. I like the nightly auto-login feature so much that i brought all my boxes to 3.5b4 so i could use it. Well done mozilla-labs folks

Leave a Reply

Spam is a pain, I am sorry to have to do this to you, but can you answer the question below?

Q: Type in the word 'ajax'