Many sites already use E-mail as an unofficial form of authentication, but a new browser-based federated identity protocol called BrowserID from Mozilla Labs aims to make it official. The new system is implemented using the Mozilla Verified Email Protocol, which ties authentication to email addresses. Currently the site browserid.org is doing most of the heavy lifting, but the project's goal is to integrate BrowserID into e-mail service providers (called Primary Identity Authorities in the protocol) and web browsers (called Identity Providers). Additional details can be found at lloyd.io, and an example site is up at http://myfavoritebeer.org/. BrowserID is a new entry into a number of existing protocols including OpenID and WebID.

According to Ben Adida, technologist with Mozilla, the main reason Mozilla Labs has introduced a new protocol is that they believe email address should be used as the identifier instead of a more generic URI. However, it appears that BrowserID lacks several features such as cross-browser portability of identities, and stronger privacy and cryptographic controls present in WebID, which may make it less desirable for commercial use.

In fact, as a protocol BrowserID is very similar to WebID, and perhaps could be made to interoperate with a few simple changes. However according to this thread on the W3C mailing list, they may not have the desire to do so. To quote Adida, I'm going to be blunt here: integration with WebID is not a use case. If integration with WebID helps our use cases, we'll happily consider it, of course.

It will be interesting to see if any of these protocols see widespread acceptance, which would benefit us all.