Preferably on the browser so you could tell websites who you are if you wanted.
Instead of logging in on facebook, gmail, youtube, tumblr etc. you would just log into your browser and if you wanted, let the websites know who you are.
Chrome and firefox are working on something like that, but what I’d want are not different solutions, but a universal one, where I could log in on Chrome, Firefox, IE or a mobile or any other device with my credentials and it would know who I am and log me into websites I let it.
The problem is: who would be the authority for this? I can think of 2 solutions:
- A monolithic solution that is the authority that says who you are.
- Shared solution that can be installable on servers or trusted to a 3rd party if you don’t want/don’t own server space.
The first solution would be sometghing like the domains and DNS are governed, if I understand how things work. You would login with your username and password to the browser and it would negotiate with this monolithic authority that would confirm to the websites that you are in fact you and not posing as someone else.
The second one would be something you could install on your server or elsewhere, so when you login with your browser, you also give the name of the authentication provider, something like openID but that only gives your user id to the website if you are authenticated and allow it to know who you are, and without all the name, email and other info.
Is this a too big of an effort to be achieved?