Thursday, March 20th, 2008

OpenID and OAuth in the browser?

Category: Browsers, Gears, Security

Originally posted on my personal tech blog

When I was looking over Brad Neuberg’s Paper Airplane thought experiment I noticed the single sign on feature, where you login to the browser, and then you are done.

I realized that this is what I actually want. Having one signon via OpenID is really nice. It allows me to plug in “http://almaer.com” as my identifier. However, I always have to go around finding the OpenID option (if it exists) and put that in.

What I really want is for the browser to do that work for me. If a site groks OpenID the browser should be able to pass that over without having me intervene at all. It could hide the entire login process if we came up with a microformat to let all sides know what is going on.

It would be a breath of fresh air to be able to jump through sites leaving comments on blogs, and checking out my todo list, all without me once having to actually login.

I wonder if a Gear could be made with a complementary microformat / server side handshake that could then give us single sign-on in all of the browsers.

As Brian McCallister suggests:

  1. <link rel="openid-auth" href="..." />

Does this make any sense? Would you like the browser to handle all of this for you? I would.

Posted by Dion Almaer at 8:59 am
12 Comments

++++-
4.1 rating from 35 votes

12 Comments »

Comments feed TrackBack URI

I would welcome such a feature. It would be nice to have it tied to the profile for the active user (switching profiles switches OpenID logins).

Comment by Cory — March 20, 2008

Neat idea!

Comment by p01 — March 20, 2008

Ooo, definitely a very nice idea. I myself don’t use OpenID, but I imagine this would make life easier for people that do (and it would probably help spread OpenID’s popularity). The problem would be getting browsers to cooperate, but I don’t think that should be too big of a deal (except with IE, as always…but most people that have OpenID use a better browser anyway).

Comment by musicfreak — March 20, 2008

This is part of a larger idea from the Paper Airplane project called The Smart Browser where we move standardized UI more into the browser and out of web sites, such as signing in, joining groups, recent updates, etc. The browser then interacts with the remote web site through a web service/microformat, formatting its chrome UI appropriately. More details here in the Paper Airplane paper I put out a few years ago:

http://codinginparadise.org/paperairplane/#smart_browser

An excerpt:

“Tools for navigation in browsers progressed rapidly in the early days of the web, until they finally froze at their current state in about 1995 and have remained relatively unchanged. This is sad as the brower could standardize and embed many tools for much more sophisticated ways of dealing with web sites, especially around collaboration. It’s time for innovation.

Paper Airplane takes this to the next level with the concept of the Smart Brower, where the browser embeds standard navigation controls across the Two Way Web Sites [Brad: Two Way Web Sites were the name of for a new kind of web-site that embedded Wiki-like collaboration deeply into the web] it creates. This section discusses how the Smart Browser makes end-user’s lives easier.

First, Paper Airplane embeds single signon. When a user first starts Paper Airplane they authenticate themselves against the browser, using a signon dialog to unlock a public/private keypair that is stored on the local machine. This public/private keypair is linked to a handle, similar to an AOL screen name, that is globally unique. It does not establish that they are a specific person but rather that they have a particular handle. Then, as they navigate to each Two Way Web Site, the browser authenticates them in the background using these keypairs against the remote site.

Single signon goes hand in hand with a standard way to join and unjoin Two Way Web Sites. At any site, if the site creator made it open, a user can press the Join button to become a member of this site:

[IMG: View Mode – Edit Toolbar – http://codinginparadise.org/paperairplane/images/viewmode_edit_toolbar.png%5D

When this is pressed, in the background the browser sends the user’s public key to the remote site to be used later for single sign on activities, editing, and site roles.

The next standardized interface in the smart browser is a standard way to track site changes, which is a panel that appears in the left-hand sidebar when selected:

[IMG: New Changes Sidebar – http://codinginparadise.org/paperairplane/images/new_changes.png%5D

This panel is created by using an RSS stream from the remote site, and can track recent site edits using the Paper Airplane Editor, or if the remote site is a blog recent updates to a blog or corporate site, for example. When users go to a new site they won’t have to wonder what has changed; the Recent Changes panel makes it easy for them.

Members of sites can also easily manage roles with the Members sidebar:

[IMG: Members Sidebar – http://codinginparadise.org/paperairplane/images/members.png%5D

Every page also has a control so that users can tag it with a given topic, such as “important”, “todo”, or “linux”, for example:

[IMG: Cookie Trail – http://codinginparadise.org/paperairplane/images/cookietrail.png%5D

Then, by pressing the Navigator section in the sidebar they can view all of the pages in a web site sorted by Tag, by Name, and more. This Navigator makes it possible for users to quickly jump to new adhoc categories created by other users, sorted into bottom-up categories using the tagging control. The Navigator also includes other powerful ways to view a web site: Recently Edited, which shows recently edited pages; and My Recent Pages, which shows your own recently edited or viewed pages so that you can quickly jump back to them. The end result is that structure is brought to collaborative sites in a bottom-up, organic manner rather than through top-down controls that quickly become out of date.

The Navigator also exposes a sorting type called By Index, which takes a bit of explaining but which is very powerful. As pages are created and edited, an automatic index is created in the background. When a user views a site in the Navigator By Index, they will see an automatic index similar to the index in the back of a book or the one in Microsoft Help defining all the words, topics, and relations gleaned from the site itself. Most importantly, if your site members have used Smart Templates to create pages that have simple semantic information in them, then we now have higher-level metadata to hook our index on to. The index can be an extremely powerful way for users to look into “the back of the book” in a sense and jump right to the page and section they need to read or edit. Having an index to view a site is one of the payoffs for using Smart Templates when editing and creating your collaborative site.”

Comment by BradNeuberg — March 20, 2008

+1 All value-added things that makes Gears a must-have are good. I have been thinking about offering a download which bundles Gears with FF. Does this exist already?

Comment by peter svensson — March 21, 2008

A firefox plugin would probably be able to demonstrate that this is a superior solution.

Comment by iampivot — March 21, 2008

That’s a great idea and I’m surprised I didn’t hear it raised at SXSW as there was a lot of talk around this subject.

Comment by davidmead — March 21, 2008

Great idea!
Browsers should integrate it!
Witch is the first?

Comment by nuxodin — March 22, 2008

In fact this can already be achieved without the autodiscovery I think.
By convention the URL input field has the name openid_url:

Example:

See http://wiki.openid.net/OpenID_Login_Box#OpenID_identifier_input_field

I had the idea of writing a Greasemonkey script to do a one-button or even automatic login but never came around it, maybe someone else will pick this up?

Comment by pascalvanhecke — March 22, 2008

The html was stripped out, imagine this between < and > :

input name=”openid_url” value=”http://” size=”40″ type=”text”

Comment by pascalvanhecke — March 22, 2008

Thats a cool idea. But I bounce between about 3 computers on a regular basis – so I love the whole openId thing – but if I could program each browser to do it, that would be cool as well.

Comment by MattEllsworth — April 3, 2008

Good move !

http://jyte.com/cl/openid-wont-get-general-adoption-until-natively-integrated-in-browsers

Comment by ameuret — November 18, 2008

Leave a comment

You must be logged in to post a comment.