Mozilla Persona is an open authentication system that lets you implement sign-in on your site in an afternoon. Today, Persona Beta 2 was released, including a feature called "Identity Bridging" that lets hundreds of millions of users sign into sites supporting Persona with no new username and no new password. The announcement video gives you a good overview of the Beta 2 release:
In addition to "Identity Bridging", a couple important new features have landed, and we've started to see significant adoption of the service. Details about these features and new websites using Persona are provided in the announcement on the Mozilla Identity Blog.
Persona, The Full Story
Beyond the code and features, we've really made an effort to tell the full story behind Persona to help people understand how it works, and why we believe it's an important improvement to how people log into websites. You can read an interview with lead developer Lloyd to get a feel for some of Mozilla's motivations and goals for Persona.
Identity on the web is complex, and the full story can't be captured in a single conversation. To address this, leading up to this beta, we've published several articles on the identity blog which compare Persona to social sign-in, give an overview of Persona on FirefoxOS, and dig into why the distributed nature of Persona matters.
Beyond the philosophy, we've detailed the technology behind Persona. This has resulted in several articles that present tools and learnings we hope are relevant to anyone building massive scale services with Node.JS.
How Identity Bridging Works
Identity Bridging is the most important feature of today's release, so let's take a minute to get beyond the emphatic language of a press release and down to how it actually works.
The motivating idea is that checking your email and clicking a link during the sign-in process is jarring and can cause a drop in the number of people who sign up. A significant portion of our UX refinements have been targeted at this problem. So, what can you do to eliminate this step completely?
Most popular webmail providers nowadays offer either OpenID or OAuth as a means for other websites to build authentication using the provider's existing user base (and hence, let people log in faster). On the Persona side we have support for any domain to become a Persona enabled identity provider and allow address verification without sending email.
So we built a bridge – a server that speaks the Persona IdP protocol on one side and OpenID or OAuth on the other – to use these existing services. The project's codename is "BigTent", and, as with everything we do, the codebase is open source.
To start, we've enabled this bridge for anyone with a yahoo.com email address. In the coming months, we'll turn on support for other major email providers. We expect to cover over half of the worldwide internet population.
Identity bridging is a huge win. It's significantly more convenient for users by eliminating the need to verify emails. Developers get the convenience of social sign-in just by supporting Persona. And finally, it's better for user privacy: Identity Bridging keeps the sites a user visits out of the purview of their identity provider. This is one of those rare and wonderful cases where we can improve both usability and security at the same time!
Try Persona Today!
Implementing Persona on your site should take about an afternoon. To do so, you:
navigator.id.request()when a user clicks your login button
- Implement a server-side handler to verify users and start their session
Each of these steps is described in more detail in our quick setup guide, and if for whatever reason things go awry, we're here to help!
We have a couple clear new features planned, but mostly our roadmap is going to determined by the people who use Persona. If you haven't tried Persona on your website yet, spend an afternoon and give it a whirl. Let us know what you think on our public mailing list, and help us get rid of the password.
About Robert Nyman [Editor emeritus]