Identity is a tricky thing. Who are you? What do you identify yourself with? What do you identify yourself as to others? It’s even more complicated on the Internet.

For a long time you’d sign in to every site with a username and password for that site. In essense you had an identity for every site you were a member of. I don’t think that ever made sense to anyone but there wasn’t a trusted identity provider to use, so developers rolled their own.

Many attempts, one winner
Over time we’ve seen numerous attempts at providing identity as a service. Be that a protocol or a proprietary API. Remember OpenID? Yea, that didn’t work out. Everyone agrees that it was too convoluted and confusing for the average user to understand. There has, however, been a winner. They’ve managed to gain the trust of enough users and provide a simple and elegant solution for both developers and users. They’re Facebook.

Let’s rewind
If we want to shape the future we’ve got to understand the past. The Internet is nothing short of amazing. It became this way because it’s built on top of a series of open standards. Protocols like TCP, HTTP, SMTP and POP have fueled over 2 decades of innovation like we’ve never seen. If these protocols were not open then there’s no telling what we would call the Internet today. By that, I don’t mean it may have been better because I believe the chances of that are near zero.

Competition
The story here isn’t about winning as much as it is about competition. That’s because competition breeds choice which breeds more competition and so on. We all remember the days when Internet Explorer had 90% market share and very little competition. I don’t ever want to go back there. Not with something as fundamentally important as the web browser. But I worry that we’re headed right back with something potentially more important: identity.

It’s not that I think the Internet would be better off without Facebook. The second authentication plugin we built for OpenPhoto was Facebook and it ships with every OpenPhoto instance. Facebook simply needs competition from something open. Just as Firefox pried the Internet out of Internet Explorer’s grasp and how Firefox and Chromium are competing with one another today, we need the same for identity. 

BrowserID

BrowserID is a decentralized identity system that makes it possible for users to prove ownership of email addresses in a secure manner, without requiring per-site passwords. — Lloyd Hilaiel, Mozilla (source, how BrowserID works)

Facebook Connect won on elegance and simplicity and BrowserID shares the same properties. Users already identify with their email address and they are globally unique. As a user signing into a site with BrowserID it is as simple as entering your email address and password and allowing BrowserID to securely grant the site access to your email address.

Having implemented an early version of BrowserID into OpenPhoto I can say that it’s trivial to implement. In fact, it’s easier than Facebook because one doesn’t have to sign up for an application id. Watch Dan Mills and Ben Adida from Mozilla’s Identity team demo BrowserID below.

Why the onus is on developers
As developers I hope we understand the significance of there being only a single proprietary identity provider. BrowserID is the only solution that’s easy for users to understand, easy for developers to integrate and both open and distributed.

Unfortunately, BrowserID is limited in part by the classic chicken and egg problem. Developers don’t want to integrate it till users are on the system and users never get on the system because developers don’t integrate it.

I don’t believe that has to be the case for BrowserID. It provides a win-win situation for both users and developers. Something OpenID could never deliver on. It’s a very small investment from developers today which will reap significant rewards in the future.

Follow this 3 step guide on implementing BrowserID on Github to get started.