1) Any chance that Chrome and IE will pick it up? Without support by major browsers, it's DOA.
2) How well has the security been tested? Have the security professionals vetted it yet? Can it be easily fixed if things are broken? The last thing we need is a security fiasco with this.
3) Are websites embracing it? This is vital. Many, many similar solutions have failed because nobody running a website used them.
It's interesting, but I'm afraid my hopes aren't really that high. Single sign-on has been very popular as a theory, but in practice very few websites have been willing to give up their user name & password systems. This isn't the first time it's been tried - and it probably won't be the last, I'm afraid.
Mozilla’s identity team has launched a new decentralized identity system aimed at replacing ad-hoc application-level authentication based on site-specific user-names and passwords.
The open-source experiment, called Browser ID, makes it possible for users to prove ownership of email addresses in a secure manner, without requiring per-site passwords.
A technical explanation is available:
BrowserID uses asymmetric cryptography and digital signatures to allow browsers to create signed assertions about the user’s identity, and by identity providers to vouch (via signing of a key-email pair) for a user’s identity in a disconnected fashion. BrowserID uses cross document messaging to communicate between documents served from different domains, which makes a usable implementation of BrowserID possible right now without modifications to existing browsers.
This video offers more details:
