Mozilla Foundation puts password killer into first beta

Summary:Persona is an open authentication system that uses email providers to validate that a user is who they say they are.

With an eye toward killing passwords, the Mozilla Foundation has released the first public beta of its year-old open authentication system.

Persona, formerly known as BrowserID, lets users sign-on once and visit any Persona-compliant  website. The software is an alternative to OpenID, an open authentication protocol that is being replaced by a new version called OpenID Connect.

Persona, which works with all major browsers found on smartphones, tablets and desktops, is highlighted by the new name, but, more important, the introduction of the new Observer API that adds more features, including global log-out from any device.

In addition, Observer allows websites to display their name and logo in the log-in box and to streamline log-in for first-time users.

Observer replaces the old JavaScript API, which won’t be deprecated. Going forward, however, Observer will be the recommended API.

What’s still missing, however, is support from email providers, such as enterprises, ISPs, universities or other institutions.

Those entities are the identity providers (IdPs) in the Persona model  since they have already validated their users and given them what amounts to a unique user name - their email address.

Persona works by passing cryptographic keys among the website, the browser and a validation service (IdP) to confirm identity.

Today, the only validation service is run by the Foundation at BrowserID.org. To build an authentic decentralized identity system, the Foundation needs a collection of independent IdPs to start signing up and validating user identities.

Persona is gaining support in other areas, including from LoginRadius, Mahara, Koha and the Eclipse Foundation. OmniAuth offers a Persona module.

Persona is the first of many planned betas that will continue to add features, according to the Foundation.

See also:

Topics: Browser, Networking, Open Source, Security

About

John Fontana is a journalist focusing on access control, identity, privacy and security issues. Currently, he is the Identity Evangelist for strong authentication vendor Yubico, where he writes and edits a blog, as well as, directs several social media channels and represents Yubico at the FIDO Alliance. Prior to Yubico, John spent five y... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.