Mozilla Persona Signs Out
Written by Lucy Black   
Wednesday, 13 January 2016

Persona, the single-sign-on solution from Mozilla will shut on November 30, 2016 due to a low level of take up.

 

 

Launched in 2011, Persona's approach to protecting user identity is to put the user's browser in the middle of the authentication process: the browser obtains credentials from the user's email provider, and then turns around and presents those credentials to a website. The email provider can't track the user, but websites can still be confident in the user's identity by cryptographically verifying the credentials.

Initially users had to set up a Persona Id but, taking the browser-based identity idea even further Mozilla introduced Identity Bridging with the Beta 2 release of Persona so that users could sign in to Persona-powered websites with just a few clicks using their existing email account credentials.With dedicated Yahoo and Gmail identiy bridges Persona had a potential of 700 million users.

The trouble is that few sites adopted this solution. So while you are often invited to sign into sites using you Google or Facebook credentials, you'll rarely be prompted to use Persona. 

 

signin

 

The advantage that Persona offered users is that they didn't have to share anything other than their identity - whereas when you use you Google or Facebook credential the receiving site often wants access to your social profile and even your contacts.

Even so this failed to encourage take up of the service and the Mozilla Wiki post that announces the shut down explains that the persona.org service is being shut down because:

Our metrics show that usage of persona.org is low, and has not grown over the last two years.

Hosting a service at the level of security and availability required for an authentication system is no small undertaking, and Mozilla can no longer justify dedicating limited resources to this project.

The service will be supported at a maintenance level until November 30, 2016 and on that date will be taken offline and all user date stored on it will be destroyed.

Mozilla states:

Since the privacy of user data is of utmost importance to Mozilla, we will not transfer it to any third parties.

For the same reason Mozilla will keep control of the persona.org domain rather than selling it or transfer it to a third party. 

The code for Persona is open source, so one option for sites that rely on it would be to self-host an instance of the service dedicated to their own use. However. the wiki entry states:

This approach is not recommended. Persona has a large and complex codebase that has not seen significant development in several years.

This is another example of Mozilla finding that is trying to do more than it can with its resources. Walking away from Persona seems eminently sensible as the amount of damage that will be caused is limited and giving those affected 10 months should be plenty of time to find an alternative. 

personasq

 

 

Banner


W3C Declares WebAuthn Official
08/03/2019

The World Wide Web Consortium (W3C) and the FIDO (Fast IDentity Online) Alliance have announced that the Web Authentication specification is now an official web standard.



Iodide - A New Tool For Scientific Communication And Exploration
14/03/2019

A new experimental tool designed to help scientists prepare interactive documents using web technologies has been released in an alpha version. Iodide is designed to encourage 'communicative workflows [ ... ]


More News

 

Python

 



 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Wednesday, 13 January 2016 )