If a site groks OpenID the browser should be able to pass that over without having me intervene at all. It could hide the entire login process if we came up with a microformat to let all sides know what is going on. (OpenID and OAuth in the browser?)
Singularity is going to have OpenID as the only means of logon/registration but OpenID is far from perfect; especially for state-maintaining clients like Flash, Silverlight and Ajax-based RIAs. The change of context from an application to a web site for login is a very jarring user experience.
Thinking about this, I've come to the conclusion that we're trying to solve the problem at the wrong level: this is an issue that should be handled at the browser level. And we can solve it using existing technologies like OpenID.
Imagine, for example, if the browser knew of certain OpenID providers and understood an attempt to access an OpenID provider. The browser could intercept that request and, instead of taking the user to the OpenID provider's web site, it could display a browser login dialog box (branded with the OpenID provider's logo and the OpenID logo) and relay that information back to the application.
This way, a browser that doesn't understand OpenID would just stay out of the way and the user would have the standard OpenID authentication experience of being taken to the OpenID provider's web site. A browser that does understand OpenID, however, could provide a far superior user experience by keeping the user on the same site or application and handling the login via a browser login dialog.
I wonder how difficult it would be to create this as a FireFox plugin?
The Making the browser OpenID-aware article by Aral Balkan, unless otherwise expressly stated, is licensed under a Creative Commons Attribution-Noncommercial 2.0 UK: England License.
OpenID is far from perfect because it is a phisher’s dream come true. The whole point of OpenID is that it is open - ie, you, me and anyone else on the planet with their own website can be an OpenID provider. If the browser only accepts a few providers, then it breaks the open model. If it supports any open provider, then it will make spotting phishing attempts harder. So sorry Aral, but this idea is broken from start to finish.
See this article for an explanation of OpenID’s phishing vulnerability.
The idea you’re describing is very important and should help OpenID uptake a lot. http://en.wikipedia.org/wiki/Windows_CardSpace is an existing potential solution. iirc, there is an implementation for the Mac and an open source equivalent for linux and others. Hopefully a fully usable solution comes out of that space with OpenID support.
Cheers,
ak
Check out OpenID Seatbelt:
https://pip.verisignlabs.com/seatbelt.do
This is the plugin for Firefox that allows you to use OpenID while browsing.