Mozilla Persona - One Password For All Sites |
Written by Lucy Black | |||
Friday, 28 September 2012 | |||
Persona, Mozilla's attempt to eliminate site specific passwords on the Web has now entered Beta. Mozilla has been working on its experimental login system for over a year. The result is a completely decentralized and, hopefully, secure authentication system for the web based on the open BrowserID protocol. Over the course of its evolution, it has changed its name from BrowserID to Persona and changed its JavaScript API. The new Observer API introduces an improved post-verification experience for first-time users, automatic persistent logins, and easier integration with native applications and is the one that the Mozilla Identity team is now committed to as the product enters its Beta phase. An important feature recently added to Observer API is the ability for websites that use Persona to add their name and logo to the login screen.
Persona aims to overcome the problem of users having to create and remember a new password for every site they use. It uses email addresses as identities, together with a specific Persona password of between 8 and 80 characters. In principle the email provider has to become the Identity Provider (IdP) but if this is not the case Persona provides a fallback IdP. It doesn't require users' real names (which is something Facebook and Google+ insist on limiting users to a single account) and so allows users to keep their work, home, school, and other identities separate. Users can uses as many email addresses as they want with a single password. From the developer's point of view the benefits of using email addresses are that it provides a direct means of contacting users, it eliminates the need for additional post-signup forms and, as many login systems already treat email addresses as unique keys, it can be deployed alongside existing login systems. It also provides verified email addresses to each site. Anyone with an email address can sign in to sites using Persona. Also as email can be self-hosted or delegated to other providers, this gives users control of their identity. Persona's approach to protecting user identity is to put the user's browser in the middle of the authentication process: the browser obtains credentials from the user's email provider, and then turns around and presents those credentials to a website. The email provider can't track the user, but websites can still be confident in the user's identity by cryptographically verifying the credentials. Persona works with most popular browsers. For the desktop it supports IE 8.0 and 9.0 (but not IE 6.0 and 7.0); the current and previous stable release of Firefox, plus Aurora, Nightly and Extended Support releases; and the latest stable releases of Chrome, Safari and Opera. For smartphones it supports Mobile Safari for iOS5.x - 6.x and Andriods default browsers for 2.x - 4.x, Android Firefox and Chrome.
Persona is also interesting by virture of being Mozilla’s first serious node.js-based service.
More InformationRelated Articles
Comments
or email your comment to: comments@i-programmer.info
To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin, or sign up for our weekly newsletter.
|
|||
Last Updated ( Friday, 09 August 2013 ) |