Tired seeing people quote Google search result counts and do it wrong. If an exact phrase, such as "sign in", is being searched, it must be wrapped in quotes! Otherwise numbers hugely will be inflated. So it's not 1.8 billion hits, but rather 322 million.
That's where identity really belongs. Please don't make me make accounts for sites in 2010! (OpenID works well enough as technical plumbing but it's not the correct layer of abstraction).
Google is going to have a lot of incentive to solve this problem. If you have to sign in or worry about phishing every time you want to write a note or save a picture from your camera, Chrome won't be as useful.
"The Chromium OS-based device login mechanism will provide a single sign on (SSO) capability that users can use to streamline access to cloud-based services."
Presumably regular Chrome will get the same feature.
1. Authenticate the user against Google if possible, so that it always uses the user's latest password
2. Enable the user to log in when offline (assuming the user has logged in online at least once)
3. Enable an SSO experience for Google properties
4. Allow the user to opt-in to auto-login that still does SSO, but does not cache the user's password
We also plan to support alternative authentication systems:
1. Give users an SSO experience at OpenID relying parties
2. Give users an SSO experience at sites for which they've already typed in credentials on a Chromium OS device
It's a reminder that Google has bitten off a huge chunk here.
One other huge example is Gears. I imagine that Google Gears is a central art of the ChromeOS world. But Gears is still really an experiment. Very few people really use it at this stage, certainly they don't rely on it. Very few webapps really have a strong offline mode. Even Google webapps don't have brilliant support yet. You can't even create a new document on Google Docs while offline. What's the workaround? Keep a store of blank document ready.
I wonder how much will have come together by the time the first devices launch. The ChromeOS experience at 2012 might be very different to ChromeOS the ChromeOS experience 2010. It seems to me like ChromeOS assumes that problems like SSO, data security, offline webapps, etc. will have been more or less solved pretty soon.
as a guy with a startup focused on this area for 12 months, i am curious to know what the group thinks about having some form of identity be stored in the cloud by a single company (e.g. google) or managed locally at your PC/phone (stored by NO company) and synched across devices?
