This is great, Sean!
"A website could ask for credentials from the navigator, and the browser
can show its own trusted UI asking the user if and which ID to share to the
I'm curious about "which ID" specifically. I like Persona a lot (obviously)
but one of the things about it that I think holds it back is that it
requires sites to give up control (and potentially availability) of the
login process. So does OpenID, et al.
It seems to me like the practice of outsourcing logins to a 3rd party
service has mostly gone out of style. The story seems to go: "We're a
startup, lets use Facebook for auth. We're doing well, lets transition to
our own auth but allow signups with Facebook. Ok, lets get rid of
Facebook." The more successful the site, the more they care about owning
the login process because its a critical part of their business. Any
general solution to the login problem needs to respect this. Fortunately,
the user-agent is in a unique position to do this.
Is your vision of `navigator.auth.get` as sort of an API to an enhanced
password manager? - It handles the credentials, picker, etc, and sync
handles distribution. For signups maybe we prefill with your sync profile
data? I think that would be a significant improvement to login page
AutoFill. It doesn't eliminate account / password growth, but it makes it
less painful, and it works with the web we already have.
On Wed, Jul 29, 2015 at 9:26 AM, Sean McArthur <smca...@mozilla.com
> I've been thinking again about how we can stop using so many passwords
> across the web. Now that pretty much every browser can be signed-in-to, we
> could try to standardize a way of getting *that* account.
> navigator.auth.get() -> Promise<JWT>
> Larger article:
> I have a contact on the Microsoft Edge team that largely agrees with the
> idea, and my next steps would be to try to contact people on Chromium and
> WebKit and see if this is something we could pursue.
> Dev-fxacct mailing list