Chromium Devices and OpenID

New Chromium Logo thumb

A very interesting design document recently went up on the Chromium Projects.  I’ve got three words for you guys- Chromium OS Devices. Okay, okay. While that does sound kind of cool, I guess it’s nothing all that spectacular- After all, we’re less than a week from the launch of Google’s Chromebook- an event I”m very much looking forward to, by the way. And even now, people are musing about the possibility of Chrome phones, Chrome tablets, even Chrome desktops. It’s not much of a stretch to assume that Chromium might expand outward onto devices custom tailored to run it, as well.

So…Chromium OS Devices. Why do they matter? What makes the design document so intriguing? Well, there’s something about the plans for the Chromium devices that makes them rather unique- something which differentiates them.  It involves a functionality known as SSO- Single Sign On.  For those of you who don’t know what that is, I’ll explain.

Google’s SSO/MSO

Single Sign OnOkay, since we’re talking about a Google OS here, we’re going to use Google as an example-bearing in mind that they’re by no means the only company that utilizes SSO. Now, Google has a lot-and I mean a lot- of  independently operating services under its umbrella. You’ve got Google Docs, Google Music (still in beta), Google Calendar, Google Maps, and, of course, Gmail- to name a few. Make an account for one, and you gain access to all of them. Rather convenient, no?

Now, we’re actually ignoring a key feature of Google’s SSO- Multiple Sign On. Let’s say you have two Google email accounts- one for work, and one for personal use. It’d be kind of a pain to sign in and out each time you want to switch emails, wouldn’t it? Google began rolling out a service to its users last year that allows simultaneous sign in. Basically, you can stay signed in to more than one account at a time, and switch between them with nothing more than a click of the mouse. While this service isn’t available for all of Google’s apps, it offers support for all the most important ones.

Anyway, there you have it. That’s Google’s spin on SSO in a nutshell.  Now, at this point, you’re probably wondering what all this has to do with the Chromium OS (that is, unless you cheated and read the document already). Well…let’s have a look, shall we?

Chromium, SSO, and OpenID

openid logo 300x300

Here’s the Abstract from the design document (Basically, a bare-bones summary of the document):

  • The Chromium OS-based device login mechanism will provide a single sign on (SSO) capability that users can use to streamline access to cloud-based services
  • This mechanism will be designed for security, privacy and ease-of-use
  • We want to ensure that people can fully use Chromium OS without needing a Google login
  • While the initial work on the login mechanism has been focused on providing instant access to Google services for users with Google accounts, we are investigating support for OpenID to allow people to fully use the system without needing a Google login.

Now, couple that with this exerpt from the “Objective” section of the document:

We also plan to support alternative authentication systems:

  1. Give users an SSO experience at OpenID relying parties
  2. Give users an SSO experience at sites for which they’ve already typed in credentials on a Chromium OS device

We are also currently investigating the technical issues involved with allowing users to log in to a Chromium OS device using a non-Google OpenID provider. We are investigating how to enable 3rd parties to provide interoperable sync services.

OpenID basically allows you to use an existing account to sign on to a website that doesn’t necessarily have any direct connection to that website- using Facebook to sign in to WordPress, for example. As a result of this implementation in Chromium, users might well be able to access the Operating platforms apps and services with, say, a Hotmail account. I’d imagine they’re probably working on something like this for Chrome, as well. So, the question on everyone’s lips- how will this affect Chromium?

We’ll get to that in a second. First, let’s take a closer look at the proposed design of the Chromium devices.

How The Devices Will Function

3 google chrome 03 300x225In their initial design, the devices will authenticate and log the user in through the use of Chromium’s HTTPS stack, which will “talk to existing Google Accounts HTTPS APIs to authenticate the user and get the appropriate cookies to log the user in to all Google services the instant the browser UI shows up.” So, um. English, please? Basically, what they’re saying is that in order to log in and authenticate the user on the Chromium device, the system will communicate with existing Google applications, obtaining whatever information is required for the user to utilize them.

Each Chromium device will also feature a chip known as the Trusted Platform module. Once a user has authenticated into the system once, the TPM will encrypt the user’s password, ‘wrapping it in a magic string’, in order to both add an additional layer of security and accommodate offline login to and use of certain Google apps- by ‘unwrapping the magic’ string (AKA unencrypting the stored password to see if it matches the entered password)

Currently, they’re looking t o set up a new Application Program Interface which suits their needs better- as the current Google APIS don’t provide the kind of cookies necessary for their service. What this means is that they need to go through a rather roundabout process to gather all the required data. A custom-tooled API designed for Chromium devices would simplify the process, making it a lot more efficient.


Final Thoughts-What’s Next?

There are two things about Chromium devices that excite me- OpenID, and Open Source. I don’t really need to explain why the latter is intriguing to me. Open source software’s always pretty nifty, and the fact that the ladies and gents at The Chromium Projects are considering the possibility of marketing devices designed to run Chromium, well…It gives users a lot more freedom- more than they’d have with Chrome, at least- to tweak and modify their system as they see fit. As for OpenID, well…
Some of you are probably still wondering what the big deal is. So you can log in with a non-Google account to access the Chromium OS. So what? OpenID’s been around since 2005 after all, it’s not like its anything particularly new or revolutionary. Why does it matter to the users, really? Let’s stop and think about this for a second. We already know that it’s going to help improve the distribution of the OS- people without a Google account don’t need to go through the arduous process of setting up one simply to use it. That’ll make things a lot simpler, and make Chromium a lot more accessible.

Assuming this feature comes to Chrome (and let’s face it, it almost certainly will) it’ll make the whole setup process even simpler for enterprise users. Rather than having each student set up a Google account, they can simply use their company or institutional login data. End result? If it catches on, Google’s Chrome OS could become ingrained in schools and businesses across the country. We could well see institutions developing software for the express purpose of working in the Chrome ecosystem.

Enterprise users aren’t the only ones who will benefit from these changes. Two words: social media. Truth be told, there’ going to be a lot of users who are going to be logging in to Chrome/Chromium with their Facebook, Twitter, Tumblr…you get the idea. You see where I’m going with this, right? Integrating social media directly into the Chrome OS would be a very natural next step. Maybe you don’t have to go to Facebook’s sites to receive notifications anymore. Maybe you’ve got a sidebar in Chrome that lets you see the latest Tweets from the folks you’re following.

Fact is, any way you spin it, openID plus Chromium equals benefit for the customers. Granted, a lot of what I’ve said here is just speculation, but it’s not necessarily baseless. After all, Google’s nothing if not innovative.

chrome logo 1301044215 300x300



(Via Chromium OS Design Blog)

Comments are closed.