Mozilla Foundation puts password killer into first beta
With an eye toward killing passwords, the Mozilla Foundation has released the first public beta of its year-old open authentication system.
Persona, formerly known as BrowserID, lets users sign-on once and visit any Persona-compliant website. The software is an alternative to OpenID, an open authentication protocol that is being replaced by a new version called OpenID Connect.
Persona, which works with all major browsers found on smartphones, tablets and desktops, is highlighted by the new name, but, more important, the introduction of the new Observer API that adds more features, including global log-out from any device.
In addition, Observer allows websites to display their name and logo in the log-in box and to streamline log-in for first-time users.
Observer replaces the old JavaScript API, which won’t be deprecated. Going forward, however, Observer will be the recommended API.
What’s still missing, however, is support from email providers, such as enterprises, ISPs, universities or other institutions.
Those entities are the identity providers (IdPs) in the Persona model since they have already validated their users and given them what amounts to a unique user name - their email address.
Persona works by passing cryptographic keys among the website, the browser and a validation service (IdP) to confirm identity.
Today, the only validation service is run by the Foundation at BrowserID.org. To build an authentic decentralized identity system, the Foundation needs a collection of independent IdPs to start signing up and validating user identities.
Persona is gaining support in other areas, including from LoginRadius, Mahara, Koha and the Eclipse Foundation. OmniAuth offers a Persona module.
Persona is the first of many planned betas that will continue to add features, according to the Foundation.
See also: