Mountain View, Calif. - Google’s Web guru Tim Bray and the Open Identity Exchange Tuesday released to developers a simple user interface they hope will become a standard log-in screen for Web sites.
Account Chooser is an ambitious project to eliminate the headache of multiple passwords and trigger Web site sign-in experiences that are secure, universal and uniform for end-users.
The Account Chooser interface works on a federated identity model, letting end-users sign-in with their social identities from identity providers (IdP) such as Facebook, Yahoo, Google and Microsoft. The interface presents a list of accounts the user can choose to log-in with.
The Account Chooser would be deployed on Web sites acting as “relying parties” (RP), i.e. they accept the social identities and verify them with the issuer (IdP).
“We put a whole lot of work into getting this UX right,” said Bray, one of the co-authors of the original XML specification who signed on as Google’s developer evangelist in 2010. Bray was speaking at this week’s Internet Identity Workshop (IIW) being held at the Computer History Museum.
While there is definitely a consumer bent to Account Chooser, Bray said it has enterprise appeal.
“I don’t thing there are any claims this is a 100% solution in enterprise corners, but I think it hits in the high 80%,” he said
The Account Chooser announcement came the same day Gartner said there is an ongoing “socialization of identities” and by the end of 2015, 30 percent of all new retail customer IDs will be based on social media. "There are elements in the social media infrastructure that can be leveraged to bring into the enterprise and do more with to conduct business," Gartner said.
Bray admitted there were still a few small tweaks needed in the mobile interface and the API, but he encouraged developers to begin working it into their Web sites.
The Account Chooser interface, which was originally designed by Google, is now a working group within the Open Identity Exchange (OIX). Account Chooser is part of an on-going campaign by the identity and security industry to eliminate passwords in favor of user log-ins that rely on secure tokens that pass only authentication verification.
The nut Google and OIX are trying to crack is attracting relying parties to adopt the interface, which supports a number of emerging identity protocols catching favor for the Web and mobile devices, including OpenID Connect and OAuth 2.0.
Account Chooser also works with the established Security Assertion Markup Language (SAML).
The issue with the relying party role in the authentication flow is that it lacks a compelling business model.
Mozilla and its Persona project, whiich aims to bring identity to the browser, faces a similar hurdle. The Persona model relies on email providers to validate identities they issue to users, but so far no email providers have joined the effort.
The relying party issue also is a sticking point for the National Strategy for Trusted Identities in Cyberspace (NSTIC), which will need an army of relying parties to achieve any measure of wide-spread adoption.
Without those valuable participants the Account Chooser and Persona models are in essence dead in the water.
Bray, however, may be a shot in the arm as he brings enthusiasm, expertise and a heap of respect among developers to an Account Chooser project he has grown passionate about.
The Account Chooser is open source code that is offered under an Apache 2.0 license.