[OpenID] OpenID & Mozilla ...

Scott Kveton scott at janrain.com
Wed Jan 17 07:13:08 UTC 2007


As some folks have recently seen, Mozilla has listed OpenID as a mandatory
requirement for Firefox 3.0:

http://radar.oreilly.com/archives/2007/01/firefox_30_requ.html

As some people on this list have mentioned, what exactly does that mean?

Well, this afternoon there was a great gathering of OpenID, Mozilla and
security folks to discuss that very question.  I had a previous meeting and
arrived late but was glad that some really good discussion what OpenID
support in Firefox could mean. Thanks so much Alex Faaborg and Chris Messina
for convening the meeting on such short notice!

What was the outcome? Well, we (as in the OpenID community) need to do some
blue sky work. What would we like to see in Firefox that would make OpenID
better?  Bear in mind, its not guaranteed that we¹ll get this implemented in
Firefox 3.0. However, if we can clearly identify what we¹d like to see as a
community, then that might go a long way in helping Mozilla make it happen.

We've had this discussion before but now we have a really great opportunity
to (maybe) shape how it gets implemented in Firefox.

For me personally, I¹d love to see better support for anti-phishing built
into the browser. Something like core integration of the ph-off extension.
ph-off allows the user to define who their identity provider is and then it
modifies the chrome in Firefox any time you¹re entering a password. If the
browser turns green, you¹re in good shape. If the browser turns red,
something bad is happening. This may not be the best paradigm to use, but I
like the idea of some seamless bits of code at the end-user machine that
helps secure it further and fix the phishing problem.

What would you like to see?

- Scott




More information about the general mailing list