Personal Discovery Service
Background
End users have gotten very used to walking up to any computer with a browser, logging in, and immediately getting a personalized experience. However, some browser settings (like language or default search provider) are stored on the computer and the average user is not aware of how to use them, nor do those settings follow them across computers. There are browser extensions that attempt to synchronize those settings across computers, however that does not solve the problem of getting users to set them in the first place, and those extensions do not help if the user goes to a browser that does not have them.
We suggest that what is needed is a standard way for more of these browser settings to be moved outside of the browser's configuration interface, and into web-pages that are more flexible. In addition, those web-pages should provide the option for a user to login and save those preferences so that they can follow the user across computers.
Below is the description of an approach that could meet these goals, and would work with any traditional browser with NO modification to the browser itself. This approach would also allow the standard to evolve to include additional global browser settings, still without needing to modify the browser. Those additional settings could include information such as:
The user's federated login identity provider (based on the OpenID/SAML standards)
Common attributes: language, country, timezone, zipcode
Browser attributes: home page, default search provider, etc.
PortableContacts service provider (based on the OpenSocial standard) as well as a list of any other services/websites the user is a member of
Privacy settings for cookies, IP logging, ads, etc. (which can be based on evolving standards as user privacy needs change)
Approximate age (in particular for user's <18, parents would probably like to be able to have this set automatically, and it would allow children friendly sites to better modify their defaults. For example, a search engine could more aggressively filter adult content from search results. If the age is more specific, such as born 6 years ago, then a site like Disney could immediately modify its homepage to be optimized for user's with that level of computer/language skills)
Another advantage of moving the user interface for these settings to the browser is that it could be much simpler for the user to manage per-site preferences (especially for privacy settings). For example, in the past some users tried to disable cookies by default and manually maintain the list of "exceptions" for the websites which they allowed to use cookies in the browser. However that process was very cumbersome, and the user had to reconfigure those preferences across machines. By moving that process to the web, a higher percentage of users should be able to use those per-site controls.
For discussions of this proposal, please join the step2 discussion group that covers multiple topics relating to OAuth/OpenID
Key Terminology
The suggested approach involves two new systems that we refer to as the CDS (Central Discovery Service) & PDS (Personal Discovery Service). The only job of the CDS is to indicate the location of the user's PDS. The PDS would then contain the user's actual preferences. The CDS would need to run on a single master domain that all web-sites trust to identify the location of a user's PDS, similar to the DNS root authority. Both the CDS & PDS would support existing browser standards that would allow other websites to poll the CDS/PDS for public preferences (either the user's PDS preference, or the detailed preferences stored by the PDS). For more details, refer to:
Example Use Cases
Next Steps
Gather early feedback from potentially interested groups:
Identity in the browser efforts that involve browser extensions
OpenID community (large IDPs, RP software/service providers)
Major service providers who want to make it easy to discover their members (Facebook, MySpace, Flickr, Photbucket, etc.)
Privacy advocates
Advertising networks