Mozilla Persona

{{Short description|Multibrowser website authentication mechanism prototyped by Mozilla}}

{{Distinguish|Personas (Firefox)}}

{{Infobox software

| name = Mozilla Persona

| logo = Mozilla Persona.png

| logo size = 200px

| screenshot =

| caption =

| developer = Mozilla Foundation

| released = July 2011

| programming language = JavaScript

| operating_system = Cross-platform

| size =

| language = 51 languages

| genre = Authorization

| license = MPL

| website = {{URL|developer.mozilla.org/en-US/Persona}}

}}

Mozilla Persona was a decentralized authentication system for the web, based on the open BrowserID protocol prototyped by Mozilla and standardized by IETF.{{cite web |url=https://datatracker.ietf.org/wg/jose/charter/ |title=Javascript Object Signing and Encryption (jose) |work=IETF concluded WG |date=19 July 2016 |author=}} It was launched in July 2011, but after failing to achieve traction, Mozilla announced in January 2016 plans to decommission the service by the end of the year.[https://techcrunch.com/2014/03/08/mozilla-stops-developing-its-persona-sign-in-system-because-of-low-adoption/ Mozilla Stops Developing Its Persona Sign-In System Due To Low Adoption] - Techcrunch, 12 Jan 2016

History and motivations

Persona was launched in July 2011 and shared some of its goals with some similar authentication systems like OpenID or Facebook Connect, but it was different in several ways:

  1. It used email addresses as identifiers
  2. It was more focused on privacy
  3. It was intended to be fully integrated in the browser (relying heavily on JavaScript).

The privacy goal was motivated by the fact that the identity provider does not know which website the user is identifying on. It was first released in July 2011 and fully deployed by Mozilla on its own websites in January 2012.

In March 2014, Mozilla indicated it was dropping full-time developers from Persona and moving the project to community ownership. Mozilla indicated, however, that it had no plans to decommission Persona and would maintain some level of involvement such as in maintenance and reviewing pull requests.

Persona services are shut down since November 30, 2016.[https://developer.mozilla.org/en-US/docs/Archive/Mozilla/Persona Shutting down persona.org in November 2016]

Principles and implementation

Persona was inspired by the VerifiedEmailProtocol which is now known as the BrowserID protocol. It uses any user email address to identify its owner. This protocol involves the browser, an identity provider, and any compliant website.

=The browser, the provider and the website=

The browser stores a list of user verified email addresses (certificates issued by the identity providers), and demonstrates the user's ownership of the addresses to the website using cryptographic proof.{{Cite web |last=Raghunathan |first=Ananth |title=Proofs in Cryptography |url=https://crypto.stanford.edu/~ananthr/docs/crypto-proofs.pdf |access-date=2023-09-08 |website=crypto.stanford.edu}}

The certificates must be renewed every 24 hours by logging into the identity provider (which will usually mean entering the email and a password in a Web form on the identity provider's site). Once done, they will be usable for authenticating to websites with the same browser for the rest of the day, without entering passwords again (single sign-on).{{Cite web |last=Patel |first=Abhishek |date=2020-05-09 |title=What is Single Sign On (SSO) and How It Works? |url=https://softwareengineer.medium.com/what-why-and-how-of-single-sign-on-sso-7d3bcf44cb75 |access-date=2023-09-21 |website=Medium |language=en}}

The decentralization aspects of the protocol reside in the theoretical support of any identity provider service, while in practice it seems to rely mainly on Mozilla's servers currently (which may in turn delegate email address verification, see identity bridging below). However, even if the protocol heavily relies on a central identity provider, this central actor only knows when browsers renew certificates, and cannot in principle monitor where the certificates will be used.

=Identity bridging=

Mozilla announced "identity bridging" support for Persona in July 2013. As they describe on their blog:

"Traditionally ... Mozilla would send you an email and ask you to click on the confirmation link it contained. With Identity Bridging, Persona learned a new trick; instead of sending confirmation emails, Persona can ask you to verify your identity via your email provider’s existing OpenID or OAuth gateway."{{cite web|title=What is an Identity Bridge?|author=callahad|date=July 26, 2013|archive-url=https://web.archive.org/web/20160112025542/http://identity.mozilla.com/post/56526022621/what-is-an-identity-bridge|archive-date=2016-01-12|url=http://identity.mozilla.com/post/56526022621/what-is-an-identity-bridge/embed}}

This announcement included support for existing users of the Yahoo Mail service. In August 2013, Mozilla announced support for Identity Bridging with all Gmail accounts. They wrote in this additional announcement that "combined with our Identity Bridge for Yahoo, Persona now natively supports more than 700,000,000 active email users. That covers roughly 60–80% of people on most North American websites.""[http://identity.mozilla.com/post/57712756801/persona-makes-signing-in-easy-for-gmail-users Mozilla Makes Signing in Easy for Gmail Users] {{webarchive|url=https://web.archive.org/web/20130811153049/http://identity.mozilla.com/post/57712756801/persona-makes-signing-in-easy-for-gmail-users |date=2013-08-11 }}," August 8th, 2013

Deployment

Persona relies heavily on the JavaScript client-side program running in the user's browser, making it widely usable.

Support of authentication to Web applications via Persona can be implemented by CMSs such as Drupal, Serendipity, WordPress,[https://wordpress.org/support/plugin/browserid Mozilla Persona (BrowserID) Support] Tiki,[http://dev.tiki.org/Mozilla+Persona Mozilla Persona] or SPIP. There is also support for Persona in the Phonegap platform (used for compiling HTML5 apps into mobile apps). Mozilla provides its own Persona server at persona.org. It is also possible to set up your own Persona identity provider, providing federated identity.

Notable sites implementing Persona include Ting, The Times Crossword, and [https://web.archive.org/web/20140625063355/https://www.voo.st/ Voost].

See also

  • {{Wikiversity-inline|Java_Tutorial/Trail:_Java_and_Javascript#Example:_Mozilla_Persona_for_Applets|Mozilla Persona}} (JavaScript login)
  • OpenID
  • WebID, a set of proposed standards for identity, identification, and authentication on HTTP based networks.

References

{{Reflist|30em|refs=

{{citation

| title = Ting implements Mozilla Persona

| url = https://ting.com/blog/ting-implements-mozilla-persona/

| publisher = Ting Inc.

| access-date = 2013-03-13}}

{{citation

| title = Log into your PhoneGap apps using Mozilla Persona aka BrowserID

| url = https://github.com/couchbaselabs/cordova-browserid

| publisher = Couchbase, Inc.

| quote = Mozilla Persona (aka BrowserID) and PhoneGap / Cordova, together at last.

| access-date = 2017-10-21}}

{{citation

| title = Mozilla Persona

| url = https://drupal.org/project/persona

| publisher = Drupal

| quote = Enables users to sign into a Drupal website using Mozilla Persona.

| date = 2012-09-28

| access-date = 2014-03-27}}

{{cite web

|title = Transitioning Persona to Community Ownership

|url = http://identity.mozilla.com/post/78873831485/transitioning-persona-to-community-ownership

|date = 2014-03-07

|archive-url = https://archive.today/20140307204633/http://identity.mozilla.com/post/78873831485/transitioning-persona-to-community-ownership

|archive-date = 2014-03-07

|url-status = dead

}}{{cite web |url=http://identity.mozilla.com/post/78873831485/transitioning-persona-to-community-ownership |title=Identity at Mozilla |access-date=2014-04-06 |url-status=dead |archive-url=https://web.archive.org/web/20140310212307/http://identity.mozilla.com/post/78873831485/transitioning-persona-to-community-ownership |archive-date=2014-03-10 }}

{{citation

| title = How BrowserID Works

| url = http://lloyd.io/how-browserid-works

| archive-url = https://web.archive.org/web/20140713180852/http://lloyd.io/how-browserid-works/

| date = 2011-07-01

| access-date = 2013-02-10

| archive-date = 2014-07-13}}

{{cite web

| url = https://developer.mozilla.org/en-US/docs/Persona/Implementing_a_Persona_IdP

| title = Implementing a Persona IdP

| access-date = 10 March 2013}}

{{citation

|title = Introducing BrowserID: A better way to sign in

|url = http://identity.mozilla.com/post/7616727542/introducing-browserid-a-better-way-to-sign-in

|publisher = Mozilla

|work = Mozilla Identity team

|date = 2011-07-14

|access-date = 2013-02-10

|url-status = dead

|archive-url = https://web.archive.org/web/20130128201115/http://identity.mozilla.com/post/7616727542/introducing-browserid-a-better-way-to-sign-in

|archive-date = 2013-01-28

}}

{{cite web

| title = Glossary - "Persona" vs. "BrowserID"

| url = https://developer.mozilla.org/en-US/docs/Persona/Glossary

| publisher = [Mozilla]

| work = Mozilla Developer Network

| date = 2012-11-26

| access-date = 2013-02-10}}

{{citation

|author = Ben Adida

|title = How BrowserID differs from OpenID

|url = http://identity.mozilla.com/post/7669886219/how-browserid-differs-from-openid

|publisher = Mozilla

|work = Mozilla Identity team

|date = 2011-07-15

|url-status = dead

|archive-url = https://archive.today/20130129174959/http://identity.mozilla.com/post/7669886219/how-browserid-differs-from-openid

|archive-date = 2013-01-29

}}

{{citation

|title = Mozilla Persona: About

|url = https://login.persona.org/about

|publisher = Mozilla

|access-date = 2013-03-13

|url-status = dead

|archive-url = https://web.archive.org/web/20130308064204/https://login.persona.org/about

|archive-date = 2013-03-08

}}

{{citation

|title = Persona: Connect with Mozilla Persona, the safest & easiest way to sign in.

|url = https://login.persona.org/

|publisher = Mozilla

|access-date = 2013-02-10

|url-status = dead

|archive-url = https://web.archive.org/web/20130308064151/https://login.persona.org/

|archive-date = 2013-03-08

}}

{{citation

| title = Persona

| url = https://developer.mozilla.org/en-US/docs/persona

| publisher = Mozilla

| work = Mozilla Developer Network (MDN)

| access-date = 2013-02-10}}

{{citation

| title = Verified Email Protocol: Overview and Introduction

| url = https://wiki.mozilla.org/Labs/Identity/VerifiedEmailProtocol

| publisher = Mozilla

| work = Mozilla Wiki

| access-date = 2013-02-10}}

{{citation

| first = John

| last = Leyden

| title = Mozilla pushes browser-based alternative to passwords

| url = https://www.theregister.co.uk/2012/01/20/browserid/

| publisher = The Register

| date = 2012-01-20

| access-date = 2013-02-10

| quote = Give us your keys to look after, we're lovely.}}

{{cite web

|title = Mozilla Persona: A Better Way to Sign In

|url = https://login.persona.org/

|date = 2012-12-21

|archive-url = https://archive.today/20121221011450/https://login.persona.org/

|archive-date = 2012-12-21

|url-status = dead

}}

{{cite web

| title = Serendipity: Backend: Usermanagement plugins

| url = http://spartacus.s9y.org/index.php?mode=bygroup_event_BACKEND_USERMANAGEMENT_en

| publisher = Serendipity

| work = Serendipity Weblog System (a PHP based CMS)

| access-date = 2013-02-10}}

}}

{{Mozilla}}

Category:Cloud standards

Category:Password authentication

Category:Federated identity

Category:Identity management initiative

Category:Mozilla