Who Controls Identity on the Web?

The race to own your virtual identity is on. In announcements made just days apart at the end of April, Facebook and the Mozilla Foundation launched parallel efforts to extend the way users are identified and connected on the Web.

The two approaches are fundamentally different. Facebook’s Open Graph Protocol uses the oAuth standard, which lets a website identify a user via a third-party site without exchanging sensitive information. Facebook–whose 400 million active users make it the world’s largest social network in the world–stands to benefit as other sites come to rely on the information it holds about users and their social connections.

The approach taken by the Mozilla Foundation, which makes the Firefox browser, comes in the form of a suite of browser extensions. One of the extensions, called Account Manager, can replace all of a user’s online passwords with secure, computer-generated strings that are encrypted and protected with a single master password. Mozilla’s identity extensions can interact with other identity standards, including OpenGraph, oAuth, and OpenID, a standard that allows any website or Web service provider to host a social network-style profile of a user. The goal of the Mozilla Foundation’s efforts is to establish a set of open standards and protocols that could be implemented in any browser or website.

As much as possible, identity would be moved out of the webpage itself and into the “chrome” of the browser–the parts around of the webpage. Logging in and out of sites would be accomplished through buttons at the top of the browser that would activate secure protocols–rendering the process of creating and memorizing usernames and passwords obsolete. Continue reading

Related Posts

Good Artists Copy, Great Artists Steal In 2003, after I unveiled a prototype Linux desktop called Project Looking Glass*, Steve called my office to let me know the graphical effects were “s...
In Networks We Trust European researchers are proposing a paradigm-shifting solution to trusted computing that offers better security and authentication with none of the d...
Why I Am Against Software Patents The surprise to most people isn’t that I do not believe that software should be patentable. Given my long term interest in and coverage of free and op...
The Traceability of an Anonymous Online Comment Yesterday, I described a simple scenario where a plaintiff, who is having difficulty identifying an alleged online defamer, could benefit from subpoen...
Privacy by Design: The 7 Foundational Principles Privacy by Design is a concept I developed back in the 90’s, to address the ever-growing and systemic effects of Information and Communication Technol...
FTC’s exploring privacy roundtable webcast "The Federal Trade Commission will host a series of day-long public roundtable discussions to explore the privacy challenges posed by the vast array o...

We Recommend These Vendors and Free Offers

ContainerizeThis 2016 is a free, 2-day conference for all things containers and big data. Featured, will be presentations and free, hands-on workshops. Learn more at ContainerizeThis.com

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


Leave a Comment

Your email address will not be published. Required fields are marked *

*