[OpenID] FB Connect, OpenID and UX - general Security Services
Martin Atkins
mart at degeneration.co.uk
Tue Dec 16 09:21:04 UTC 2008
Christian Scholz / Tao Takashi (SL) wrote:
> On Tue, Dec 16, 2008 at 9:53 AM, Alexandru Popescu ☀
> <the.mindstorm.mailinglist at gmail.com> wrote:
>> On Mon, Dec 15, 2008 at 11:23 PM, Steven Livingstone-Perez
>> <weblivz at hotmail.com> wrote:
>>> [snip /]
>>>
>>> I mean building AS PART of the browsers would be the logical way to do all
>>> this, but as an alternative, an approach such as that provided by these
>>> existing security companies could also work well. I mean the key issue is
>>> knowing that the "service" doing all of the core identity work is trusted –
>>> whether that be the browser itself or an external trusted application.
>>>
>> While, I do think this might work, lets keep in mind that asking
>> people to install 3rd party tools is not usually showing a high rate
>> of adoption. Secondly, the more 3rd party tools you are depending on
>> means a lot more places to track possible vulnerabilities.
>
> And I think the only way to spread adoption is to actually built it
> directly into the browser, not just as addon. There might also be a
> trust issue involved as you usually trust your browser vendor more
> than third party apps.
>
I believe the plan with the idib ("identity in browser") project was to
build it as a browser extension first to figure out what OpenID support
in the browser might look like and once there's a good working extension
*then* push to get that added as a core browser feature.
That was my understanding, at least.
More information about the general
mailing list