[security] browser integration?

[Scott Kveton]

> As far as I know, it's not been decided and I don't know where the
> conversation is, but this sounds more like a short-term hack... it's
> similar to what MyOpenID demands now if you activate Safe Sign-on.

C'mon now!  You callin' us short-term?!  :-)

Seriously though, it isn't the ideal situation.
 
> I think the better approach is to think about a chrome-level interface
> that takes some inspiration from CardSpace and uses the card metaphor
> where users choose from a visual list of identities (served by one or
> more iDPs) that they want to represent them at a given site.

I really like this idea.  I think what we're in need of is someone to hack
it up into an extension.  A couple of features that come to mind:

* Ability to support multiple identity providers
* Open source
* Anti-phishing and (possibly) reporting tools ... For example, "this site
just tried to phish you, click here to report this"
* Something to give a clear indication of your current provider status
(logged in, out, etc)

Is anybody out there interested in working on this?  I'd love to get a
dialog going on the wiki about possible features, screen shots, etc and then
start development on something like this.  I think if we can get something
working Mozilla is more likely to want to integrate _that_ then to have to
figure out how to do it themselves.

> Bookmarklets are easy for those of us who understand that clicking
> something in our bookmark bar can do more than just open links; I'm
> not sure it's reached widespread understanding that this basic piece
> of interface can be used to launch scripts and the like...

Agreed.

- Scott