Comments on: Identity in the Browser (Firefox)

By: Duncan Sample

Duncan Sample — Fri, 05 Feb 2010 16:35:39 +0000

Nice idea Aza. I discussed a similar issue a while ago with a couple of the Ubiquity guys. My angle was to look at Firefox’s security/password storage system from a ’service’ point of view, where rather than saving a password against a particular domain/URL the password would be saved against a service definition, which could contain multiple endpoints. There would be many different ways to build the ’service database’ both centralised and decentralised.

I put a few more details into a blog post (http://www.sample.org.uk/blog/post/firefox_security_overhaul)

By: buy pro duo 16gb

buy pro duo 16gb — Sat, 23 Jan 2010 06:40:02 +0000

what will happen if the website generates a click event on that button? Will the website be able to log in the user at will? If you didn’t already – please make sure that only trusted events are accepted there. Unfortunately, it doesn’t quite solve the problem – since that button is put into the webpage and can be manipulated by the webpage, the webpage can make it transparent and move it under the mouse pointer, just to make sure that you will click it when you eventually click something on the page. That is somewhat concerning – in case you want to browse a site anonymously, and especially in the case that the website has been XSS’ed and tries to steal your login data.

By: socialamigo

socialamigo — Wed, 20 Jan 2010 23:59:53 +0000

I was just wondering what the status of this project is at Mozilla and what you can tell us about innovations like these for 2010 - I’m currently working on a website that is aggregating social networks for subscribers to circumvent this kind of unsmart login/multiple site issue - but your ideas would be smarter across the range of sites one would visit.

check them at http://www.socialmadesimple.com

By: ben

ben — Wed, 23 Dec 2009 10:23:07 +0000

Good idea!
Even just for computer for the whole family… We don’t change session every time we change users… and changing the identity in one click is a good solution… just in order to check mails, and gets his personal favorite

By: Jan Hopmans

Jan Hopmans — Fri, 18 Dec 2009 19:46:13 +0000

I am a little confused.

I have some things already written down. Although it’s in Dutch, I will translate it to English. Maybe combine them with what I found here.

How do I get involved? The page linked doesn’t give me a lot of guidelines. I am also one of the people that is scared to act at all. Will like to do something, only for me it’s not an easy thing.

Please, if you can, get in contact.

By: Jan Hopmans

Jan Hopmans — Mon, 14 Dec 2009 16:15:10 +0000

Hey,

Thank you for this, I will certainly look in to getting involved with this. Something very much alike of what you are talking about here is something I wanted to explore.

I will get in contact, find out some more information and post what I already have here. Will read this here again tomorrow, I am to tired now, most things will go past my mind. I even almost missed; ‘Get involved here.’

By: DavidM

DavidM — Sat, 12 Dec 2009 13:48:17 +0000

The user interface is brilliant and the concept of letting your computer take care of identity and registration, instead of the website doing that, is really relevant.

But I wonder if the browser is the proper place to manage the identity data, or that is something that the OS itself should do, so Firefox can grab my Twitter account ID from a (very protected) place within the OS, and a Twitter desktop client can sign on getting the same ID from the same place.

By: dl

dl — Sat, 12 Dec 2009 13:07:45 +0000

Have to say I had to go back and look at this today. I think your identity should be separate from the browser but your identity should be in a key just like a car. The browser should be a car in clothing form. Your id should be the a secure piece of separate technology that has to be put into the browser for you to go anywhere. Then you will be recognized by whole package.
So I think what I am saying is individual identity needs to be a new security software separate ..having said that..the browser identity build should try to be designing an “ignition” to fit various keys of identity. may seem complicated…but I think I am just saying that ignition should be flexible to need that ignition if user so chooses. does that make sense?

anyway had to return to this after thinking about it for a few weeks (as we are working on living room transmedia interoperability and this is ringing through my head with it)

By: coco

coco — Fri, 11 Dec 2009 17:50:53 +0000

“Time on site” ?

Have you ever think of a web browser history (CTRL+H) that is showed using charts ?

(I like also the Identifiyng idea, but that’s for tomorrow.)

By: NoneOfYourBusiness

NoneOfYourBusiness — Wed, 09 Dec 2009 23:40:04 +0000

After reading about Google’s “opt out” customized search results, I think that “identitiy management” should also include a way of having multiple identities with fully separate history, cookies etc, directly in the browser.