Mozilla has released the second beta of Persona, its web login technology designed to eliminate the need for site-specific passwords on the web.
Mozilla has been working on its experimental login system for over a year, and Persona is taking shape as a completely decentralized authentication system based on the open BrowserID protocol.
The initial beta meant that a user could register an email address with a server called a Persona Identity Provider (IdP). Once registered the user could log into Persona-enabled websites without having to enter a password. Security was taken care of by Persona’s authentication system based on public-key cryptography.
The highlight of the second beta is a feature called Identity Bridging so that users will be able to log in to Persona-enabled websites even if they haven’t explicitly registered their passwords with a Persona IdP. The technique works so long as the email address being used is one from one of the leading email providers who support OpenID or OAuth for authentication on multiple websites.
The initial beta is limited to working with Yahoo.com email addresses, but support will be added for other providers in the next few months, and according to a blog post on Mozilla Hacks, the system will be available to over half the worldwide internet population.
The post explains that Mozilla has built a server that acts as a bridge between OpenID, OAuth and Persona. The project's codename is "BigTent", and the codebase is open source.
Persona is also interesting by virtue of being Mozilla’s first serious node.js-based service.
Yahoo email account holders can access websites that are Persona-enabled by entering their email address into the site’s login field. There’s no need to re-enter the password. For the moment, there are only a few websites that support Persona; according to Mozilla the list includes the Eclipse Foundation’s Orion Hub and the Born this Way Foundation.
Persona is an attractive option - open source, easy to use and not affiliated with anyone trying to track or otherwise control users. Given how easy it is to install there seems to be little to stop it growing - apart from a lack of registered users. Alternatives such as Facebook login have the advantage that there are a lot of users that already have their credentials registered with the system and so can log on without doing anything extra. The bridging technology might help with this as it acts as a sort of temporary "import" your credentials to Persona option. However when faced with the choice of a Persona or a Facebook log in it is easy to see which one most users will select. The long term success of Persona probably doesn't depend on its technical quality but on some large community of users adopting and promoting it.
A recent security flaw in iOS is down to an error involving a spurious goto statement - but when you look a little more closely there is a bigger lesson to learn from the incident - and not just "goto [ ... ]