The W3C has prepared Web Identity working group and make a draft charter. As following is main track for works.
- Cryptography API
- Commonly-used cryptographic primitives should be made available to web application developers via a standardized API to facilitate common operations such as asymmetric encryption key pair generation, encryption, and generation, as well as symmetric encryption, hashing, and signature verification. This work can be based upon DOMCrypt, which has already been discussed in the W3C WebApps WG, HTML WG, and IETF Web Security WG.
- Web Identity Sync
- This specification should specify how web application developers can synchronize of identity information across multiple devices like browsers. Synchronization should also work in the “Cloud” to support legacy browsers. Anonymous identities (i.e. an “empty” identity) and multiple identities should be supported. When possible, commonly used data-formats should be re-used and the design should take advantage of existing work such as Mozilla Sync.
- Identity API
- This specification should specify how web application developers access session-state information and authentication credentials to enable functionality such as easier sign-on to services. This API will build upon existing work such as the Verified Email and Session Description Protocols (BrowserID), BrowserAuth, and may optionally propose possible changes to HTML to the HTML WG as well as specify transfer of identity-related data.
Each specification must contain a section detailing any known security implications for implementors, Web authors, and end users. The Web Identity WG will actively seek an open security review on all its specifications.
To increase the convenience and security of deployment, these specifications may interact will take into account existing platform and operating system identity managers and so additional informative work in this area may be necessary.
It has processed mailing list for this work for general discussions. Please join us too.