Do you trust Schmedley?

Yesterday I ran across a cool little Web application called Schmedley. The best way to describe it is a desktop inside the browser.

Yesterday I ran across a cool little Web application called Schmedley. The best way to describe it is a desktop inside the browser. There are a number of applets included: search, stickie notes, images, stocks, weather, RSS, calendar, and so on. You can drag them around, resize them, and reconfigure them. If you're familiar with Apple's Dashboard, it will look very familiar--maybe too familiar.

The site says its "alpha" so it would be unfair to criticize too much on the selection of applets or the way they work. In fact, I'm impressed by how much like a real desktop it feels. If you've wondered how far HTML, CSS, and Javascript can go, this might might think this raises the ante a little. I'm pretty impressed.

Still, I have a few nagging questions about this and similar sites. The first is "so what?" I've got a great dashboard already. It's quick, extendable, and works when I'm not online. Why would I want to use one in a browser. I expect that part of the answer to that question lies in the "alpha" tag. This demonstrates the capability quite well and once the base infrastructure is in place, putting other, more social applets in place shouldn't be that hard. I suspect we haven't seen the meat yet.

The second concern is more serious, I think. In order to make use of the Gmail applet or the instant messaging applet, I've got to type my username and password into Schemdley. They Schmedley privacy policy says: "As of now, schmedley doesn't collect any sensitive personal information. If and when we do, we will switch to using use a secure server. This secure server software, SSL (Secure Sockets Layer) will encrypt all information you input before it is sent to us." I'm not sure why they don't consider the usernames and passwords half a dozen different services I use "sensitive personal information."

But suppose they were more reassuring, would I trust them with my passwords? Probably not. Will others? Maybe. But this isn't really Schmedley's fault, this is the best they can do with current technology. Yesterday I wrote about the developing identity layer for the Internet and why it's more than just single sign on. This is an excellent example.

Most and more interesting Web applications are going to be mashups of other services. The most interesting services to mashup are ones with authentication. Right now, there's no way to let Schmedley log into GMail on your behalf without giving them your password. And once they have it, you can't revoke that right. You can ask Schmedley to forget your password and delete it, but whether they do or not is up to them.

New identity systems will allow logging into other Web sites (called relying parties in the vernacular) without revealing your password to them. More importantly, they will be able to support delegating rights to other sites so that a mashup can use authenticated services without the user revealing her password.

We're not there yet, but the momentum is building and applications like Schmedley point out the need with great clarity.

[poll id=69]