
Transitioning Persona to Community Ownership - 6a68
http://identity.mozilla.com/post/78873831485/transitioning-persona-to-community-ownership
======
natrius
Persona is one of the Mozilla projects that best exemplifies why we need
Mozilla. They're the only ones purely dedicated to the future of the open web.
The only foreseeable future for the web today is one where two or three
gatekeepers control user information with no way out. Persona seemed like the
best way to prevent that future.

The services that they're switching their focus to are also crucial for the
open web. Firefox needs them to be competitive, and the open web needs a
competitive Firefox. But it feels like putting Persona on the
backburner—especially when it comes to UI integration in the browser—is
letting a pivotal moment pass us by, and I don't think identity on the open
web will recover.

If you held a donation drive for Persona browser integration, the donations
from Hacker News alone would fund it.

~~~
danielsiders
Mozilla does a great job promoting open web standards and Firefox is the one
of the best footholds the community and industry have against hegemony and
stagnation online.

However other organizations can and do work towards the same goals. I'm one of
the creators of Tent[1] which shares a lot in common with Persona (including
some community members) but is more ambitious in many ways.

In the Persona AAR Mozilla identified several reasons for Persona's failure to
gain adoption[2] including that Persona " can't offer the same [as Facebook
Connect] incentives (access to user data)". Tent's primary purpose is as a
user data store and also supports features like address changes automatically
(which Persona never did).

We were fans of and friendly with the Persona team, but I believe the best
solutions to these problems will come from teams that aren't afraid to think
bigger than Mozilla's strategy at the time allowed.

The work of federated identity solutions will continue on Tent and other
projects, many of which are probably better suited for a wide variety of users
and products than Persona would have been. Of course none of us have (or are
likely to gain) the level of institutional (or financial) support that Persona
had.

[1] [https://tent.io](https://tent.io)

[2]
[https://wiki.mozilla.org/Identity/Persona_AAR](https://wiki.mozilla.org/Identity/Persona_AAR)

~~~
username223
Okay, spammer...

> Persona " can't offer the same [as Facebook Connect] incentives (access to
> user data)"

That sounds like a feature. Gathering ever-creepier amounts of personal
information to serve marginally-more-effective ads is a losing game.

~~~
wutbrodo
> Okay, spammer...

Oh please, it's not as if Tent wasn't entirely germane to the topic of
conversation. People plug their stuff all the time on HN, and as long as
there's disclosure and it's relevant, I don't see the problem.

Also, you're missing the fact that users aren't the ones building services. A
service that doesn't attract any services is useless to users. I'm not saying
that Persona fits that description, but it's a fair point to bring up in terms
of the spectrum between compromise and ideological pureness.

------
Tomte
I never understood why Mozilla always talked about how great the future was
going to be, when Persona would be part of web browsers.

But then never implemented it in Firefox, even as a default-off optional
feature.

It looked very half-hearted, and that was a really bad signal to the world.

~~~
Zikes
Without it being an established W3C standard I think it would be disingenuous
to integrate it into the browser. Despite its obvious benefits, it would feel
like they're using their browser as a platform to push other products. Until
it saw widespread adoption I think implementing it as a browser extension/add-
on would be more appropriate.

~~~
pekk
The implementation of Firefox contains countless things which are not W3C
standards.

------
6a68
One thing I want to add right off the bat: we're going to build new features,
where "we" is some of the people who used to get paid to work on Persona +
some people in the community.

We'd love help! There are some get involved links at the bottom of our MDN
page: [https://developer.mozilla.org/en-
US/Persona](https://developer.mozilla.org/en-US/Persona)

------
ryanseys
As a former Mozilla intern whom worked directly with Identity team on a daily
basis last summer, I can say that this indeed hits close to home, though not
unexpectedly so. I could see this coming. The Identity team has so many weird
and wonderful things on the way for the broader Firefox audience that
transitioning it to the community only makes sense.

I for one can't wait to see what the open source and HN community does with
Persona and also can't wait to see what comes out of the Identity team as a
result of this transition of focus.

------
primitivesuave
Personally I think it's great that something like Persona exists. When Youtube
switched over to require Google login, my comments started posting under my
GMail username without any warning. When I sign into something with my
Facebook account, the app will most likely ask me to invite all my friends to
try out the app or post about it to my wall.

An SSO that provides no information other than a confirmed email would be
ideal for user privacy, but app developers implementing SSO stand to benefit
from the existing social network data of their users, and subsequently exclude
Persona from their SSO options.

~~~
schmichael
Does it really exist if no one uses it?

~~~
eruditely
Yes, aka UNREALIZED demand.

~~~
Pacabel
Persona was launched in July 2011. It has gotten a fair amount of publicity in
that time. Yet the adoption rates among websites and users are still very,
very low.

I just don't think that there's any significant demand for this product,
realized or unrealized. People know about it, and people could choose to use
it, but doing so would likely not make them sufficiently better off.

Maybe that's not ideal, from an ideological standpoint or when it comes to
"openness". But I think it is the, perhaps unfortunate, reality. It really
doesn't make sense to endlessly waste resources on a product that has been
proven to be unwanted, or at least not valuable enough to use.

~~~
mook
Persona was launched in July 2011. It's been two and a half years, and they
still haven't declared it safe to actually verify anything locally; you're
still supposed to load a random Javascript file from their domain that will
spawn a window with their contents.

I'd have thought the whole point was to target people who didn't want a
centralized system.

------
jorgev
This sounds like a bit of cop-out, but, maybe it has a brighter future than it
seems.

I hope the Google and Yahoo bridges are reconsidered. On paper they're a good
idea but in a practice, they add further complication and confusion to a
concept that's already alien to most users.

~~~
jdlshore
Agreed. I recently had someone who refused to sign in (after paying for a
subscription!) because they thought I was asking for their Gmail password. He
ended up changing his account to a different email address specifically so he
wouldn't go through the Google bridge.

Persona is a great idea on paper, but my outsider's perspective is that it has
been very very challenging to implement in practice. The BrowserID protocol
works great. User experience and login state management has been a bumpy ride.

My site (letscodejavascript.com) relies solely on Persona, so I hope it
thrives, but I can't help being worried at this announcement.

~~~
dublinben
I'm a little confused at how the process could be any clearer. Just trying to
register on your site, I'm asked to enter my email address. Upon providing a
gmail address, I'm redirected to a Google OpenID page. It specifically says
that your site will be granted access to my email address, no more. By
clicking yes (without being asked to enter my password anywhere) I'm
authenticated.

I've never used a more simple SSO system before.

~~~
callahad
Thanks for the kind words! For most people, it works exactly like you
described. Unfortunately, there _are_ some rough corner cases for folks with
multiple Gmail addresses, and the experience is less-than-stellar if you're
not logged into Google at all when you start.

(We do have patches ready for those issues. They'll go live as soon as we work
out some deployment kinks and finish upgrading our production servers to Node
0.10.)

~~~
jorgev
Is it documented that there is some rough cases that are still being worked
on? Diving off from [https://developer.mozilla.org/en-
US/Persona](https://developer.mozilla.org/en-US/Persona) I don't seem to see a
summary of the real world state of play.

(Just mentioning this as I think it might help adoption if the project is more
upfront about rough edges.)

~~~
jdlshore
The projects are on GitHub:

The main Persona project:
[https://github.com/mozilla/persona](https://github.com/mozilla/persona)

The Gmail bridge: [https://github.com/mozilla/persona-gmail-
bridge](https://github.com/mozilla/persona-gmail-bridge)

The Yahoo bridge: [https://github.com/mozilla/persona-yahoo-
bridge](https://github.com/mozilla/persona-yahoo-bridge)

(I'm not affiliated with the project, just a long-time user.)

~~~
jorgev
Perhaps I have miscommunicated.

I was asking why there is not (or at least not that I've found) a summary of
the state of play in a prominent place.

I could have read through several hundred issues to determine that I'd run
into some rough edges with these bridges and that perhaps I should come back
later. Instead I find these rough edges when I dive-in, and now I wonder what
other shortcomings are not being mentioned with the same gusto as the projects
wins.

I hope that clarifies my prior post.

------
pekk
I had an idea they were going to kill Persona.

Without Mozilla to really champion it, it's dead

edit: so, anyone have a near alternative, that is open source, to invest time
into that either will get browser uptake, or won't need it?

~~~
mixedbit
I disagree. Persona piggy backs on email system so it doesn't need a critical
mass of users to be useful. Persona as a brand may not become widely
recognizable with limited involvement from Mozilla, but some people argued
from a beginning that it was a mistake that Mozilla tried to create a
recognizable brand. The team succeeded at creating smooth email verification
system. As long as Mozilla keeps servers running, quickly solves security
issues and accepts patches with improvements from community, Persona will be
used. I strongly believe it will organically grow and eventually will become a
crucial part of the open web.

------
sergiotapia
As an early supporter I find this really sad. Persona is as good as dead
without a big name behind it like Mozilla.

------
beefman
We don't deserve a technology as good as Persona.

------
davidgerard
The phrase "transitioning to community ownership" \- which always means "we
are dumping this" \- is too odiously weasely for an otherwise respectable
organisation such as Mozilla, and I do wish they'd stop using it.

------
ENGNR
I think the landing page needs more work.

Show me how to integrate it with a simple code snippet on the front page (and
if it's not simple.. it needs to be). Honestly my eyes glazed over a little
bit looking at the implementation details. Clearly it's not that hard, but the
second thing is motivation which leads to..

Show me a video on the front page of how simple it is for users to login, and
how any server can act is the authentication provider. It's too hard to
understand the need.

I guess these are just personal suggestions but I think UX is the only thing
holding Persona back.

------
zoowar
I find the blog disingenuous. We haven't forgotten this
[https://news.ycombinator.com/item?id=7243021](https://news.ycombinator.com/item?id=7243021)
Why not take another stab based on what you learned.

~~~
jdlshore
That exact link (the Persona AAR) is in the blog entry. It's in the FAQ under
"Why has Mozilla stopped funding new feature development on Persona?"

------
camus2
That's why i cant use Mozilla techs,lot of projects started,few
finished.(XULrunner ? Tamarin ? ...). Nobody is going to use Persona now.

~~~
callahad
I sincerely hope that's not the case. Mozilla Corporation is still using
Persona internally, and still deploying new sites and services that rely on
it. We think it's absolutely great for when you need simple, email-based
authentication, and we're still fully supporting it.

(PS: Because it's email based, there's absolutely _no_ lock in. Want to
migrate away from Persona? Just add a password column to your database. But we
hope it won't come to that.)

~~~
jdlshore
There's no lock in, but migrating away from Persona isn't _quite_ that simple.
You still have to educate users about the switch ("make a new password, and by
the way, don't use your Persona password!"), then implement everything Persona
provides: login form, password change form, email authentication, ...

~~~
rmcguigan
If Mozilla did migrate away from persona, would the staff become less familiar
with the details over time thus making the best effort support being offered
by the community in sumo and being talked about here:
[https://support.mozilla.org/en-
US/forums/contributors/710099](https://support.mozilla.org/en-
US/forums/contributors/710099)

My question for you all is what do you think could be supported once it has
been depreciated?

------
MarkMc
Tldr; Persona is dead

