top | item 3360006

(no title)

philikon | 14 years ago

A lot of questions here revolve around how this is different from OpenID and single sign-on solutions like Google Accounts or Facebook Connect. Here's a rough list (may be incomplete or inaccurate by now; while I work for Mozilla, I'm not involved in this project):

* federated (like OpenID)

* open standard (like OpenID)

* no passwords / no typing / no memorizing (e.g. like FB Connect)

* possibility of browsers providing an integrated experience (technically possible with previous solutions, but no browser has done this so far -- in the case of OpenID for a very good reason IMHO)

* anonymity/choice of identities (like OpenID, definitely unlike e.g. FB Connect)

* no exposure to identity provider (this is unlike any existing solutions; if you log into a site, your OpenID provide, Facebook, Google, etc. will know which site it was; not with BrowserID!)

Check out Dan and Ben giving a nice demo of the BrowserID user experience: http://www.youtube.com/watch?v=6x45Nt1fOMM. No passwords, no typing, and anonymity where desired.

If you're interested in the nitty gritty details, Lloyd explains the cryptographic assertions that actually let sites verify your identity: http://lloyd.io/how-browserid-works

(EDIT: format bullet points)

discuss

m_eiman|14 years ago

no exposure to identity provider

That's not quite true, is it? The documentation says I need to verify the user's identity by calling e.g. browserid.org/verify…

sandeepshetty|14 years ago

"NOTE: You may choose to validate assertions on your own server. While a bit more complicated you can reduce your dependencies on others. Refer to the specification and the source for the reference validator."

- https://github.com/mozilla/browserid/wiki/How-to-Use-Browser...

thristian|14 years ago

The documentation also says "NOTE: You may choose to validate assertions on your own server. While a bit more complicated you can reduce your dependencies on others. Refer to the specification and the source for the reference validator."

MatthewPhillips|14 years ago

> no passwords / no typing / no memorizing (e.g. like FB Connect)

FB Connect requires you to memorize your Facebook password. It also requires you to have a Facebook account. BrowserID requires neither an "account" or a password.

gwillen|14 years ago

Can you explain briefly what the good reason is for no browser to integrate OpenID?

badida|14 years ago

In earlier identity experiments at Mozilla, we tried. It never felt good as a user experience, in large part because OpenID was designed to not include the browser.

dholbert|14 years ago

> * no passwords / no typing / no memorizing (e.g. like FB Connect)

Technically there's 1 password (your BrowserID login password), not "no passwords". :)

(Though of course you can have multiple identities (email addresses) all associated with the same BrowserID account, so as you increase the number of identities, I suppose your passwords-per-identity approaches zero... ;) )

zobzu|14 years ago

this post should be on browserid.org i find it difficult to find what it does, how its different, etc.. well until your post that is

philikon|14 years ago

Yes, I already spoke to the team and they're going to put up a FAQ. Thanks!

ranit8|14 years ago

> no exposure to identity provider (this is unlike any existing solutions; if you log into a site, your OpenID provide, Facebook, Google, etc. will know which site it was; not with BrowserID!)

Unfortunately that might be what prevents this or http://webid.info/ from getting traction. The big guys wouldn't like losing that data, and OpenID/OAuth already do the job well enough for them.

A comparison WebID/BrowserID can be found here: http://security.stackexchange.com/questions/5406/what-are-th...