Identity in the Browser (Firefox)
Identity will be one of the defining themes in the next five years of the Web. Nearly every site has a concept of a user account, registration, and identity. Searching for “sign in” on Google yields over 1.8 billion hits. And yet, the browser does nothing to make this experience better save for some basic auto form filling. The browser leaves websites to re-implement identity management, and forces users to learn a new scheme for every site.
Most current solutions involve lots of redirects or iframes, which leads to a confusing and phishable experience.
Besides the poor user experience, we are seeing market-moving effects of the identity/log in problem. Facebook Connect and Google’s Friend Connect both let you use your pre-existing identity and social graph to super-power other websites. The problem?
Your identity is too important to be owned by any one company.
Your friends are too important to be owned by any one company.
The browser is your personal and trusted agent to the web. It’s the only actor on the Internet stage which both knows everything you do on the web, and never has to let that data leave the privacy of your desktop. Your browser knows you (or, at least, should).
At Mozilla Labs, we’ve been working on some potential integrations of identity directly into the browser. Note, this is an extremely rough draft. Some key points:
- Identity is part of where you are, and what you are looking at (Amazon looks different depending on if you are signed in or not). That’s why we put it in the URL Bar.
- For most sites, you’ll probably only have one identity, so login will be a single click or automatic.
- Putting verbs into the navigation bar isn’t new. See Taskfox.
- For webpages that want to own the login-process, the account creation simply acts as the ultimate form-fill.
For those interested in the evolution of the idea, you can see an early mockup with comments as well as Alex Faaborg’s similiar mockups.
Chris Messina and others has been advocating for a model which follows the Facebook Connect lead: a single verb, to connect. Once connected, you decide exactly what information to share in an asynchronous manner. Unfortunately this bleeds information — your name is known to all websites which which you connect. We’d like to explore what a connect metaphor in combination with the ability to remain anonymous but connected means.
Get involved here.
What are your thoughts? How would you expose identity in the browser?