> I think what people are raising is that there is significant execution
> risk in your good idea.
> In the past browser venders were uncooperative, currently Mozilla is
> developing their own mega IDP based on their idea of browser
> extensions. If you can get them and the other vendors to cooperate
> you will have earned all our respect.
> Many of us have gone down the browser extension path. From Sxipper,
> Seatbelt, Microsofts prototype, Axels several Firefox add ons.
> One thing that slowed people down was the rise of Mobile browsers, and
> the new security models. Even someone the size of MS could not
> address all the platforms with extensions.
> Having something that only works on a
single platform is a drawback
> when working with consumers, I know you fall back to regular openID.
> The other approach is providing account chooser services in the cloud,
> so that you are not dependent on anything other than html 5 to start
> and then work into browser support.
> Look at https://sites.google.com/site/oidfacwg/cdsdemo
for one current
> I wish you luck, however i think you have chosen a difficult path for
Thank you. I agree that the main problem is not technical, it's
getting 5+ browser vendors to go along. But that's easier now than it
used to be. Harry Halpin of W3C proved that he can get all browser
vendors in the same room, at the Identity in the Browser workshop. I
was impressed by that. And there is NSTIC itself. If an idea
demonstrated by a successful pilot is endorsed by
the future NSTIC
Steering Group browser vendors will hopefully pay attention. I know,
it's still a long shot.
The problem with a cloud solution like the GIT is that it's a massive
privacy invasion. I like to complain about Facebook finding out what
relying parties its users log in to, but if the GIT became a universal
login method, Google would be informed of all logins of all Web users.
wonder how relying parties that use the GIT disclose the implications
in their privacy policies.
Google's account chooser (without the cloud-based GIT) has two
problems: (i) it only works well for email address identities, and
many OpenID providers are not webmail providers; and (ii) users will
never understand why the experience is different for some email
addresses (those hosted by OpenID providers) than others (those hosted
webmail providers that are not OpenID providers). Regarding (ii),
I followed the link that your provided and tried out the demo. I
tried it in with my gmail address; that worked. I tried it with my
Yahoo address; that produced an error message, presumably due to some
bug that can be fixed. I tried it with my Pomcor address; that hung.
There was no warning in the demo that it would only work for some
email addresses. You can't expect all webmail service providers to be