1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mozilla Identity

Discussion in 'Off Topic' started by ragtek, Jul 15, 2011.

  1. ragtek

    ragtek Guest

    Do you know about this?
    I like the idea:)

    But it's IMHO just like openid and all other "failed" implementions:D
    And bye bye privacy. Then every browser is unique and somebody will be able to track everything:D
    bantatai likes this.
  2. Forsaken

    Forsaken Well-Known Member

    They're just adding to the fragmentation that already exists.

    OpenID was one of the firsts, and both Yahoo and Google forked it rather than using the base system (Understandable in their case, but it has added to the fragmentation already existent with the system).
  3. Floris

    Floris Guest

    Yay, ANOTHER method ..

    Why isn't everybody just leaning towards one solution so we are done with this nonsense.
    I thought all these big companies were about unifying the experience, etc ..
  4. bantatai

    bantatai New Member

  5. Carlos

    Carlos Well-Known Member

    I think its a lil' confusing for me. I mean - an identity system for browsers? And it requires an e-mail address? o_O
  6. Jason

    Jason Well-Known Member

    Yep, it's yet another identity system. The assumption is that an email address == a unique identity. This is a flawed assumption, imo, but it really is the closes thing we have to a universal identifier on the Internet (and a lot of sites already rely on this). Basically, when both your browser and email provider support BrowserID, you (for example):
    1. log into Gmail
    2. your browser generates a key pair and sends the public key to Gmail
    3. Gmail then signs your public key and sends your browser a cert saying this key is owned by you@gmail.com
    4. When you sign into a site that supports BrowserID, your browser sends the site a message saying "my user is you@gmail.com", which is signed with the private key we generated in step 2
    5. The site looks at the "gmail.com" part and grabs Gmail's public key (the one that signed your public key in step 3) and verifies the signatures.
    6. Now the site knows you control you@gmail.com
    So, in essence, it's public key authentication for websites (which already exists, though the UX is horrible), except all sites share one public key and your browser holds the private key (replacing ssh-agent). OpenID is far from ideal, and BrowserID is yet another attempt to solve the same issues. The problem with this is, BrowserID only fixes those issues if it ends up as the only game in town; otherwise, it's just going to be tacked onto the end of a daunting list of other OpenID / BrowserID providers that users will have to choose from.

    If you want to read up more on it, http://lloyd.io/how-browserid-works explains all this in more detail and provides some nifty diagrams to illustrate how it works.
    ragtek likes this.
  7. Sador

    Sador Well-Known Member

    Well, that will be fun if you want to login on another computer for whatever reason. Or when your computer breaks down. Or you change browsers...
  8. Jason

    Jason Well-Known Member

    Not sure I get what you're trying to say. Why would using a different computer or browser be a problem? You'd just have an extra step, i.e., re-entering your email address and BrowserID password. Though, then you'd want to make sure you delete the BrowserID cookies if you're not using something like incognito browsing, so others aren't presented with your credentials when trying to use BrowserID themselves.

    Personally, I'm not convinced on BrowserID. There's still a few implementation issues they need to figure out, imo.
  9. Floris

    Floris Guest

    He's trying to say he doesn't understand this principle, nor the pros/cons ..

Share This Page