Sunday, November 22, 2009

Identity and the browser

Identity is a big problem on the web. People have to set up endless usernames and passwords for each website, type the same basic information (name, address etc) into each one, remember passwords and change them regularly, and a hundred other tasks.

Recently there have been some improvements. OpenID has emerged as a standard way to assert identity, and oAuth a secure way to share personal data from one website to another. Google Friend Connect and Facebook Connect have emerged as identity hubs to enable users to share basic information.

Despite these breakthroughs, the problems remain. In fact, Google Friend Connect and Facebook Connect raise the spectre of monolithic corporate control over people’s identities.

Instead, I think much of identity should belong in the browser itself. After all, the technical term for a browser is “user agent”. It knows exactly which websites you are logging on to, and how. It should be able to negotiate account details and passwords on the user’s behalf.

Here are some of the aspects of identity I think browsers should handle:

  • Log on to websites automatically for you, managing passwords and automatically changing them regularly
  • Managing basic account data e.g. name, address, bank details, etc, and which websites have access to it
  • Presence & syndicating it to websites chosen by the user
  • Incoming notifications & managing who can trigger them

Mozilla have recently begun work on several of these areas. I think that’s a great move; as a non-profit dedicated to improving the web, they have the right attitude and trust. This could go in two directions; either corporate control over people’s identities, or enabling users to get better control themselves over their online identity. I sincerely hope it’s the latter!

No comments: