Post-IIW2005 Client-side Identity Management

After getting home from Internet Identity Workshop 2005 there are a number of thoughts on my mind. Probably the best conversation that I had was with the group around Mike Shaver from Mozilla.org. He suggested a conversation about what client solutions could be developed to enhance digital identity ... and I love client solutions.

The value of a client solution, and the core of this conversation, is that client solutions can often be created without having to touch the server! Mike wanted to hear what might be done in the browser - Firefox - that could enhance digital identity, without any server integration. My suggestion was - enhance the form filling!

Today we are all familiar with the "form fill" capabilities in the browsers. They keep track of previous entries in text fields, and also in username/password fields, on the various web pages and web forms that we use. The browser is in a unique position to truly add value to everything that I do ... this is greasemonkey++ for digital identity. The browser could begin to keep a local or remote (e.g. LID, LDAP, etc.) store - that I can edit and alter - of all of the bits of my identity that are asked for by web sites. It could allow me to alter the values - on a per site basis - to custom tailor what I give out to anyone. It would keep track of what I gave to who. It could even incorporate functionality to automatically post to web sites when I change my local information ... like when I move to a new home, or job. Mike suggested that a repository of web forms could emerge as users develop and document the multitude of sites and their forms and how to interact with them. That is a grass-roots digital identity solution.

It seems to me that Firefox and Internet Explorer are best positioned to take on this challenge, and to begin to incorporate truly useful functionality that would remove much of the tedium of entering personal information. In addition, they could allow me to stay "in control" of what I am giving to web sites and automating much of what I do today when filling out forms. What is cool is that if Firefox did it, it would have a huge leg up even if IE failed to adopt and implement the capabilities. It could really become a killer app for Firefox.

The current implimentations are far too limited. Some of the issues that I have thought of so far are:

1. There is no easy way to view the information that was stored, to edit these values, and to manage how they are used. I want to delete a mis-typed autofill value, or change a password.
   
2. I am not prompted, on a per site basis, if I might want to use a previously entered value - even if the form uses a different field name. I want to associate a field named "phone" with the values that I have entered for "phone number"
3. When filling in a value, I want to enter a "lie" for that particular site. Hey ... I'm just being honest that I lie to some sites!
4. I want a full audit of where I have given out my information, when, what information, etc. This allows me to review what I have provided to which sites and when.
   
5. I want to specify where the browser gets and stores the information used in form filling. I want to use LID! I want to use a LDAP directory!
6. I want assistance in accumulating my digital identity over time. Bit by bit as I am asked for my identity I want it kept so that I don't have to keep typing the same info over and over again.
   

In my opinion, this type of enhancement could truly alter how we interact with web forms, and share our personal identity information. What is really cool is that this can be done today ... on the client ... without requiring any server changes, and without requiring sites to adopt new servers or technologies. Users benefit regardless of what the web sites and servers do ... imagine that!