Because the identification is not something that I normally. When I walk around, when I enter a store when I buy something, when i... live person not explicitly stop me for a few minutes asking my identity... with the exception of - wonder! -our self-imposed "solutions".
Exactly like connections.
Think OpenID in the early years was "borrowing ideas" how passports are processed. Who thinks that the current passport system is a fantastic way to manage identities please raise a helping hand. ;)
Back to us.
While I agree on everything else in his comment to me, this statement is in bold, interesting... but bad:
a problem that most people do not really have. -Yishan Wong
Problem * is *. And it is huge. It is huge for all problems, it raises, all the things that it blocks and all the implementation obstacles he hides.
Think about it: you cannot build a service that has need identity if the usefulness of the service is smaller than the cost (mind and time), the login process. We find that an overview of connection click created by Facebook and the like.
The solution?
We need to step back and understand why we are trying to do and it is on the identification, not anything else. And identification between me and someone else, not by a party of mediation (which is necessary to ensure the safety and security, not for the process of identifying itself)!
I've been thought much about it and it is one of the reasons why I would like to join the Mozilla team: the system login must be an API provided by the browser itself, with the possibility to choose personal or work (due to different uses of the same services) and even anonymous profiles if you want to navigate safely. Because the browser is my "API" to interact with the web. 1Password and similar tools are trying to take a status quo approach to this problem, but they aren't the next step (probably just share sheer numbers expire).
Identification - logic logins, OpenID, certificates, etc. - should go to the website of the browser.
With this solution, you be able to just browse and use each service without - almost - even noticing that you have been authenticated. Of course, it must be designed and tested thoroughly, it is not as simple as to say, but that if non-Mozilla can push out a feature like this?
I think this is the game changing.
(see section above in italics for the reason why)
I think that a group with this vision and correct emphasis on technical issues, user experience, privacy and security will appear somewhere. Perhaps for chrome, perhaps in WebKit, dev team maybe in dev Firefox, perhaps within the Microsoft dev team team dev team maybe in Opera Web team. Who knows.
No comments:
Post a Comment