The Mozilla statement notes that having e-mail providers vouch for a user’s identity, and storing the necessary certificate in the browser for any site to check, “is the key to making BrowserID decentralized.”
No information is being passed to other parties beyond what’s necessary, and the user doesn’t have to rely on a third-party website. Mozilla points out that if users rely on one particular social network to log in to many different sites, switching to another social network becomes problematic.
For BrowserID to take off, websites will have to adopt it. Mozilla has provided code that websites can drop in if they want to use BrowserID. Mozilla also provides a free verification service that checks certificates and handles verification e-mails. Websites could also choose to run their own verification servers.
“I think ID should eventually be baked into the browser,” as Mozilla is doing, says Terrell Russell, cofounder of an online identity-management system called ClaimID. “I think it should come with controls for anonymity, of course, but it is the right place for identity information to be managed.”
Russell expects people to begin moving away from identity providers such as Facebook Connect, especially as they grow more concerned about how Web companies are using their private information.
Mozilla is trying to give people the same benefits, Russell says, but BrowserID is “something people can control and understand a little better.” This is because users can delete information from their own browsers easily, but they cannot necessarily track or delete information held by third-party providers.
Gain the insight you need on security at EmTech Digital.