MDN 1.9

MDN 1.9

MDN 2.0

  • Set up 'master' and 'next' branches and corresponding stage servers on allizom.org
  • Wiki content migration & work

BrowserID

BrowserID Sign-inA few years ago I pushed hard for OpenID on SourceForge.net. OpenID was and is a noble project. But now I can tell some big advantages of BrowserID over OpenID:

  • It feels like an identity. I cognitively associate my online identity with my email, and BrowserID is a verified-email protocol. When I saw my email in the BrowserID login dialog on MDN, I already understand that I'm logging in - much more-so than an empty 'URL' input box.
  • No NASCAR effect. Because BrowserID is designed to be an open web standard, there's a single sign-in button that invokes a javascript API. It can be polyfilled with Mozilla's BrowserID service until platforms implement it, but even that will automatically be consumed by platform-native UI.
  • The site already knows you. As a site owner, we already have email addresses for our users. So when you sign in with BrowserID, we don't have to say "Now sign in with your existing account to merge your new identity with your existing" the way we did with OpenID. We know you own that email, so we log you into the account with that email address - simple.
  • Changing email is easy. Craig and I fretted for a whole hour or so over how to let users change their email address with BrowserID, but we were over-thinking it. Since BrowserID is effectively a streamlined "verify your email" dance, we simply point our "Change email" links to our sign-in page. If you're already signed in, and you sign in with a new verified email address, we simply update your email. BrowserID has already done the whole verify-your-email-address dance.
  • No lock-in. We get a verified email address from BrowserID, so we can register users in django with set_unusable_password(). But if we ever drop BrowserID (oh noes!), we have a verified email address. So we can initiate an email-based password reset flow for users. In addition, any site can run their own verification service so they don't need to call Mozilla's BrowserID at all.
  • Privacy. Finally, BrowserID is a user-centric identity system. This really hit me when I watched Ben's Deeper Look at BrowserID video. Especially when BrowserID is implemented in other platforms, Mozilla doesn't sit between you and the sites or services you use. A primary authority can issue identity certificates to your agent, and you present those certificates to other parties for authentication. "This triangle is never closed."

BrowserID Triangle

All-in-all, it was much simpler and much more intuitive to implement BrowserID on MDN than it was to implement OpenID on SourceForge. The Mozilla Identity team has built an awesome product, and Les integrated django-browserid with his trademark pace and effectiveness. BrowserID is great for the whole web - it will help us regain control of our online identities. It's worth repeating, "the people I work with are built of brains and heart" - it's another great day for Mozillians and for the web.

/me is so proud

Question or comment about this post? Tell me on GitHub.

MDN 1.9 / groovecoder by groovecoder is licensed under a Creative Commons Attribution-ShareAlike CC BY-SA
MDN 1.9 / groovecoder by groovecoder is licensed under a Creative Commons Attribution-ShareAlike CC BY-SA