The race to own your virtual identity is on. In announcements made just days apart at the end of April, Facebook and the Mozilla Foundation launched parallel efforts to extend the way users are identified and connected on the Web.
The two approaches are fundamentally different. Facebook’s Open Graph Protocol uses the oAuth standard, which lets a website identify a user via a third-party site without exchanging sensitive information. Facebook–whose 400 million active users make it the world’s largest social network in the world–stands to benefit as other sites come to rely on the information it holds about users and their social connections.
The approach taken by the Mozilla Foundation, which makes the Firefox browser, comes in the form of a suite of browser extensions. One of the extensions, called Account Manager, can replace all of a user’s online passwords with secure, computer-generated strings that are encrypted and protected with a single master password. Mozilla’s identity extensions can interact with other identity standards, including OpenGraph, oAuth, and OpenID, a standard that allows any website or Web service provider to host a social network-style profile of a user. The goal of the Mozilla Foundation’s efforts is to establish a set of open standards and protocols that could be implemented in any browser or website.
As much as possible, identity would be moved out of the webpage itself and into the “chrome” of the browser–the parts around of the webpage. Logging in and out of sites would be accomplished through buttons at the top of the browser that would activate secure protocols–rendering the process of creating and memorizing usernames and passwords obsolete.
“Every user of the Internet today is expected to describe themselves to every site they go to,” says Mike Hanson, principal engineer at Mozilla Labs. Inevitably, Hanson says, this leads to confusion and security holes, such as passwords that are identical across multiple sites.
The solution, according to Hanson, is to let the browser itself manage user identity. Weave Sync, another Mozilla extension, is designed to enable that vision. It stores encrypted versions of a growing list of data on a Mozilla-hosted server (or any user-specified server), including a person’s history, preferences, bookmarks, and even open tabs, which can be synced across two or more browsers. This allows users to have the same browser workspace on any device that supports Firefox or its mobile equivalent, Fennec. There’s even a prototype for the iPhone, built on top of Apple’s Safari browser.