Weave Identity : in contrast to cardspace

There have been multiple announcements about Mozilla Weave adding an identity angle to its offering. A video detailing the auto login capability is available here. Weave enables automatic login using OpenID enabled sites behind the scenes. They also submit the login forms automatically when user credentials are remembered. As explained in the video, the "Sign in with Weave" button appears when login with OpenId is permitted. Clicking on the button would automatically perform the re-directions and log the user into the site.
This seems to look exactly same the like Windows Cardspace initiative. The similarities are interesting. Here is the workflow laid out side by side.



Weave Identity


User loads the login page with Cardspace enabled.

User loads a login page that accepts OpenId Credentials.


User selects the “Login with cardspace” button on the page.

User selects the “Sign in with Weave”, or the button on the address bar.


Cardspace UI is displayed and the user selects the card that best represents the identity for the site.

There is just one weave identity for now. It gets automatically selected.


A request is made to the identity provider site to get details by Cardspace.

A browser redirect takes the user to the OpenId identity provider page (services.mozilla.com).


If the identity provider requires credentials, a dialog box shows up.

Since the user is already logged in using weave, no credentials are requested for.


Credentials are sent to the Identity provider and if authentication succeeded, positive reply is received.

A redirect by the OpenId provider to the original page with reply.


User is logged in successfully

User is logged in successfully

It is the second part of weave is the way the login manager works. The way it saves usernames/passwords and auto submits forms is interesting.
More about it, and analysis in the next post.