<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"> John,<br><br>> I think what people are raising is that there is significant execution<br>> risk in your good idea.<br>> <br>> In the past browser venders were uncooperative, currently Mozilla is<br>> developing their own mega IDP based on their idea of browser<br>> extensions. If you can get them and the other vendors to cooperate<br>> you will have earned all our respect.<br>> <br>> Many of us have gone down the browser extension path. From Sxipper,<br>> Seatbelt, Microsofts prototype, Axels several Firefox add ons.<br>> <br>> One thing that slowed people down was the rise of Mobile browsers, and<br>> the new security models. Even someone the size of MS could not<br>> address all the platforms with extensions.<br>> <br>> Having something that only works on a
single platform is a drawback<br>> when working with consumers, I know you fall back to regular openID.<br>> <br>> The other approach is providing account chooser services in the cloud,<br>> so that you are not dependent on anything other than html 5 to start<br>> and then work into browser support.<br>> <br>> Look at https://sites.google.com/site/oidfacwg/cdsdemo for one current<br>> project.<br>> <br>> I wish you luck, however i think you have chosen a difficult path for<br>> yourself.<br><br>Thank you. I agree that the main problem is not technical, it's<br>getting 5+ browser vendors to go along. But that's easier now than it<br>used to be. Harry Halpin of W3C proved that he can get all browser<br>vendors in the same room, at the Identity in the Browser workshop. I<br>was impressed by that. And there is NSTIC itself. If an idea<br>demonstrated by a successful pilot is endorsed by
the future NSTIC<br>Steering Group browser vendors will hopefully pay attention. I know,<br>it's still a long shot.<br><br>The problem with a cloud solution like the GIT is that it's a massive<br>privacy invasion. I like to complain about Facebook finding out what<br>relying parties its users log in to, but if the GIT became a universal<br>login method, Google would be informed of all logins of all Web users.<br>I wonder how the new Google privacy policy applies to the GIT. And I<br>wonder how relying parties that use the GIT disclose the implications<br>in their privacy policies.<br><br>Google's account chooser (without the cloud-based GIT) has two<br>problems: (i) it only works well for email address identities, and<br>many OpenID providers are not webmail providers; and (ii) users will<br>never understand why the experience is different for some email<br>addresses (those hosted by OpenID providers) than others (those hosted<br>by
webmail providers that are not OpenID providers). Regarding (ii),<br>I followed the link that your provided and tried out the demo. I<br>tried it in with my gmail address; that worked. I tried it with my<br>Yahoo address; that produced an error message, presumably due to some<br>bug that can be fixed. I tried it with my Pomcor address; that hung.<br>There was no warning in the demo that it would only work for some<br>email addresses. You can't expect all webmail service providers to be<br>OpenID providers.<br><br>Francisco<br><br></div></body></html>