Later this year, Mozilla plans to have its browser-based identity infrastructure available to half of the worldwide Internet user population.
Mozilla released Beta 2 of Persona, formerly known as BrowserID, this week, including a new feature called Identity Bridge that integrates Persona with emerging identity protocols OAuth and OpenID. Mozilla did not announce support for the newer OpenID Connect.
As part of Beta 2, Mozilla announced it would support Persona-based authentication using Yahoo.com email addresses. Introduced in July 2011, Persona is a browser-based decentralized authentication system that supports the use of email addresses as an authentication credential. It's designed to replace username and password log-ins along with identity architectures that require third-party ID providers to issue credentials.
The Yahoo integration point is Identity Bridge, an open source server developed by Mozilla that speaks the Persona IdP protocol on one side and OpenID or OAuth on the other.
The server, developed under the code name Big Tent, links Persona and Yahoo.com users, allowing them to log on with their Yahoo email address without having to surrender any access to their account. That is different from social networking logins, such as those through Facebook and Twitter, that can expose portions of the users data to the service even though all the end-user wants is authentication.
Mozilla says other major email providers will be on board in the coming months, exposing Mozilla Persona to half of all worldwide Internet users.
"This means a user who’s never used a site before, and never used Persona before, can log in in seconds," said Lloyd Hilaiel, the technical lead for Mozilla Persona, in a Q&A on the Mozilla Web site.
The Persona infrastructure has suffered thus far from lack of support by email providers, who act as identity providers (IdP) — those who validate email addresses as part of the authentication process.
Mozilla has already solved Persona's other major issue, multi-language, and now supports 30 languages.
But Mozilla has changed its tack with the Identity Bridge, allowing email providers to leverage their support for OpenID and OAuth, two identity protocols in use today by providers such as Yahoo and Google. The previous model required email providers to adopt the Persona IdP protocol.
Eventually, Mozilla plans to extract itself from Persona's authentication flow, which happens under the covers, including cryptographic keys that are passed among the website, the browser and a verification service to validate identity.
"Once we are successful, Mozilla itself will not actually be running a centralized service," said Hilaiel. "Browser vendors will build the client pieces, websites and email providers the server bits, and Mozilla will be almost completely out of the sign-in transaction." Completely, Hilaiel noted, because all flavors of Firefox browsers will have a native implementation of Persona which is the client component of sign-in.
Mozilla also plans to integrate Persona into Firefox OS, the new Mozilla mobile OS set for release this summer. It also will be added to desktop Firefox.
"In the coming months, we’re planning for improved browser support, interaction refinements, and performance improvements that I think are really going to tip the scales," said Hilaiel.