Mozilla has announced they are shutting down Persona, the cross-browser login system for the Web. Ryan Kelly, software engineer for Mozilla, said 'Due to low, declining usage, we are reallocating t. Issues for Mozilla Persona. To avoid duplicates, please search before submitting a new issue. Advanced search. 16 open, 47 total. 9 open, 33 total. 2 year graph, updates weekly. No documentation guides.
This article is of interest to the following WikiProjects: | |||||||||||||||||||||
|
Change of name[edit]
BrowserID now appears to be called Mozilla Persona. I would suggest that this page be renamed. Jonathanmjefferies (talk) 14:16, 31 July 2012 (UTC)
- Support - It appear that they have changed their name, so the article should change too. -- Q Chris (talk) 15:05, 31 July 2012 (UTC)
- neutral - in my understanding Mozilla persona is the new 'commercial' name, but browserID remains as the technical name of the protocol. TomT0m (talk) 21:09, 31 July 2012 (UTC)
- Done —Tom Morris (talk) 13:54, 18 August 2012 (UTC)
Not sure that was such a good idea - indeed, BrowserID remains the codename for the protocol and Persona.org is the service ran by Mozilla.org, not the protocol itself. --TheAnarcat (talk) 02:52, 27 June 2013 (UTC)
Secure[edit]
Just because marketing material says something is secure, that doesn't make it secure. 'Secure' is an unachievable perfect state, like 'indestructible'. We can only talk about the threats that have been anticipated, and the defenses against those threats, and the probability that the defenses will be breached.
For example, Mozilla's demonstration site https://login.persona.org/signin says:
- We're sorry, Persona requires that Javascript is enabled.
Since Javascript is essential for successfully exploiting the vast majority of attacks on browser vulnerabilities, along with Cross Site Scripting which is still on the OWASP top ten vulnerabilities after 14 years, the best way to 'secure' (better said, improve the security of) your browser is to disable scripts. (See NoScript.) Therefore if Persona requires one to lower their browser's security defenses, Persona is thereby forcing a reduction in the security of those who are informed and care about it.
Javascript will be 'secure' when browsers are 'secure', which, based on the track record of the last 20 years, will be approximately never. 129.219.155.89 (talk) 17:11, 4 February 2013 (UTC)
- Complete bollocks - a protocol designed to be secure is a secure protocol whether or not implementations are secure. To say it is not would be like saying there is not a road between Leeds and Manchester because they could be closed occasionally. By your argument you could say that there is no such thing as web security. -- Q Chris (talk) 11:22, 11 February 2013 (UTC)
- Can you show me a 'secure' implementation -- one that can be used from a browser that is in 'secure' (i.e. no script) mode? 129.219.155.89 (talk) 18:54, 11 February 2013 (UTC)
Seventh generation consolesthe history of video games. I am once again removing the unsupported (original research?) claim that this is 'secure'.
- Nothing 'is secure'. There are only varying degrees of more secure or less secure.
- The only support for the claim is the vendor's web page, which is not an objective independent encyclopaedic source.
- The burden of proof is on the person making the claim, not the person challenging it.
- I have explained why I consider it inherently insecure, in that the reference implementation forces you to weaken your security, if you have taken appropriate steps to protect your browser and your identity. A road closed is not a good analogy. A better analogy is if you install some software that claims to 'be secure' but it requires you to disable your anti-virus. That's what NoScript is -- anti-virus for your browser. Anyone who said their product only works with anti-virus off, but calls it 'secure', would be laughed out of any gathering of security professionals.
- In reinstating the 'secure' claim, an editor commented 'it would be a bit strange if it wan't secure'. That's reasoning by incredulity. 'It must be true, because I just can't believe it could be false!'
Before reinstating the claim please cite an independent reference. 129.219.155.89 (talk) 14:23, 2 April 2013 (UTC)
- The argument that anything using JS is inherently insecure because JS can also be used to do insecure things is an extremely tenuous one. There are many vulnerabilities in Windows, which can be avoided by not installing Windows on your PC; it would however be a rather extreme position to say that no software can be secure if it requires Windows. - IMSoP (talk) 00:29, 20 December 2013 (UTC)
- I'll go one step further and say no software can be secure, period. This is because there is no such state as 'secure' that you can achieve. As previously noted there are only varying degrees of more secure or less secure. 129.219.155.89 (talk) 18:37, 12 June 2014 (UTC)
External links modified (February 2018)[edit]
Hello fellow Wikipedians,
I have just modified 8 external links on Mozilla Persona. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
- Added archive https://web.archive.org/web/20130811153049/http://identity.mozilla.com/post/57712756801/persona-makes-signing-in-easy-for-gmail-users to http://identity.mozilla.com/post/57712756801/persona-makes-signing-in-easy-for-gmail-users
- Corrected formatting/usage for http://identity.mozilla.com/post/78873831485/transitioning-persona-to-community-ownership
- Added archive https://web.archive.org/web/20140310212307/http://identity.mozilla.com/post/78873831485/transitioning-persona-to-community-ownership to http://identity.mozilla.com/post/78873831485/transitioning-persona-to-community-ownership
- Added archive https://web.archive.org/web/20130128201115/http://identity.mozilla.com/post/7616727542/introducing-browserid-a-better-way-to-sign-in to http://identity.mozilla.com/post/7616727542/introducing-browserid-a-better-way-to-sign-in
- Corrected formatting/usage for http://identity.mozilla.com/post/7669886219/how-browserid-differs-from-openid
- Added archive https://web.archive.org/web/20130308064204/https://login.persona.org/about to https://login.persona.org/about
- Added archive https://web.archive.org/web/20130308064151/https://login.persona.org/ to https://login.persona.org/
- Corrected formatting/usage for https://login.persona.org/
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
As of February 2018, 'External links modified' talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these 'External links modified' talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{sourcecheck}}
(last update: 15 July 2018).
- If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
- If you found an error with any archives or the URLs themselves, you can fix them with this tool.
Cheers.—InternetArchiveBot(Report bug) 08:56, 7 February 2018 (UTC)
Using Persona on your site
On November 30th, 2016, Mozilla shut down the persona.org services. Persona.org and related domains will soon be taken offline.
For more information, see this guide to migrating your site away from Persona:
Mozilla Persona is a cross-browser login system for the Web, that's easy to use and easy to deploy. It works on all major browsers, and you can get started today.
Free games10 best written video games. Why should you use Persona on your website? Unit 4: modern middle east macs history.
- Persona completely eliminates site-specific passwords, freeing users and websites from the burden of creating, managing and storing passwords securely.
- Persona is easy to use. With just two clicks a Persona user can sign in to a new site like Voost, bypassing the friction associated with account creation.
- Persona is easy to implement. Developers can add Persona to a site within a single afternoon.
- There's no lock-in. Developers get a verified email address for all of their users, and users can use any email address with Persona.
Plus, Persona is only going to get better: it's built on an open, decentralized protocol, that's designed to allow direct integration into browsers and native support by email providers. Sites that implement Persona today will automatically experience improvements without having to change any code.
Getting started
- Why Persona?
- What's special about Persona compared to other identity and authentication systems.
- Quick setup
- A walkthrough showing how to add Persona to your website.
API reference
- The navigator.id API
- The browser API.
- Verification API reference
- The remote verification API.
Guides
- Security considerations
- Practices and techniques to make sure your Persona deployment is secure.
- Browser compatibility
- Learn exactly which browsers support Persona.
- Internationalization
- Learn how Persona handles different languages.
- The implementor's guide
- Tips from sites that have added support for Persona.
Resources
- Libraries and plugins
- Find a drop-in library for your favorite programming language, web framework, blog, or content management system.
- The Persona cookbook
- Example source code for Persona sites. Includes snippets in C# (MVC3), PHP, Node.JS, and more.
- User interface guidelines
- How to present Persona sign-in to your users.
Becoming an Identity Provider
If you're an email provider or another identity-providing service, check out the links below to learn about becoming a Persona Identity Provider.
- IdP Overview
- A high level view of Persona Identity Providers.
- Implementing an IdP
- A detailed guide to the technical details of becoming an IdP.
- .well-known/browserid
- An overview of the
.well-known/browserid
file, which IdPs use to advertise support for the protocol.
The Persona Project
- Glossary
- BrowserID and Persona terminology defined.
- FAQ
- Answers to common questions.
- Protocol overview
- A mid-level technical overview of the underlying BrowserID protocol.
Personas For Firefox
- Crypto
- A look at the cryptographic concepts behind Persona and BrowserID.
- The Spec
- Deep technical details live here.
- The Persona website
- To get Persona going, we're hosting three services at https://login.persona.org: a fallback Identity Provider, an implementation of the
navigator.id
APIs, and a verification service. - The Persona source code
- The code for Persona is on GitHub. Pull requests welcome!
Join the Identity community
Firefox Personas Gallery
- IRC: #identity(learn more)
- Blog: identity.mozilla.com
- GitHub: report a bug
Mozilla Personal Toolbar
Subnav
Mozilla Persona Themes
- Using Persona on a website
- Becoming an Identity Provider
- The Persona project