

Tin Can: WebRTC that uses Persona to authenticate the callers to each other - pwnna
http://tincan.im/

======
ryanseys
Hi I'm the Mozilla intern that developed this and would really love some
feedback! It's super-experimental right now, but feel free to try it out! I
plan to release a more formal post later once some more bugs are squashed.

~~~
graue
First of all, project looks great! Haven't had a chance to try it yet, but
I've been impressed with other WebRTC demos, including
[http://vmux.co](http://vmux.co) which is similar but uses Twitter to
authenticate.

My slightly less positive feedback would be, it seems dodgy that it uses
personatest.org instead of persona.org (and there's no website at
www.personatest.org verifying its legitimacy). Kind of makes me anxious that
I'm being phished. Any reason for this? You surely don't want people getting
used to entering their Persona credentials at sites other than persona.org.

~~~
mweibel
+1 about personatest.org. I felt also slightly uncomfortable about this and
would like to know the reason :)

Otherwise it seems great :)

~~~
ryanseys
Persona required some changes to the code that have not yet landed in
production i.e. on login.persona.org so we are using personatest.org for
preliminary testing :)

~~~
mweibel
ah ok, thanks for clarifying :)

------
aroch
Is there a source package for this? I already run my own Persona identity
provider and wouldn't mind rolling this out for my family or for my workplace
on servers I own

~~~
Eiwatah4
Looks like it's here:
[https://github.com/mozilla/tincan](https://github.com/mozilla/tincan)

~~~
aroch
Ah, nice. I always forget Mozilla has an active GH

------
jeena
Hm Persona (or browserid) is advertised as a decentralized solution to replace
passwords with a centralized backup running on mozillas servers. To avoid
exactly what happens to me now when I click on the "Sign in with email"
button:

\----------------------

Error We are very sorry. The server is under extreme load!

Please close this window and try again.

    
    
        Action: Checking if Cookies are Enabled
        Now: Thu, 29 Aug 2013 06:03:47 GMT
        Network Info: GET: /wsapi/session_context
    
        Response Code - 503
    
        Response Text: server is too busy
    
        Error Type: server is too busy

\----------------------

just two days ago I tried to install everything so I could be my own browserid
provider. Turns out that is not really easy (yet). Even if I got quite a bit
and was able to run [https://github.com/mozilla/browserid-
certifier](https://github.com/mozilla/browserid-certifier) on my server, I
never was able to talk to it via curl (the example they have just crashes it)
or from a PHP script (I always got a 400 Bad Request). That is mostly because
I didn't get how "pubkey - Object compatible with JWT public keys." should
look like.

In the end, after a days work I gave up because it was already way after
midnight. I hope in the future there will be single file-php-script which I
could call from the HTML pages I need to provide which would do all the
signing, etc. for one-person browserid providers like I want to become.

~~~
dochtman
If you want to run your own IdP, look at this thing:

[https://bitbucket.org/djc/persona-totp](https://bitbucket.org/djc/persona-
totp)

Also, the reason the server is busy is because Tin Can currently needs a
forked version of Persona, so it's not running on the production
infrastructure.

------
Lexarius
Tried signing in with a gmail account and it wanted me to create a password.
The gmail bridge seems to be functioning normally at persona.org, so what's
the deal?

~~~
pwnna
Tin Can is currently an experimental project. The login is currently using
personatest, which is running an older version. I'm not too sure what the
status is (I'm a friend of the author) right now with integrating this into
persona.

~~~
jedp
(Identity team member here.) Yes, that's right. tincan is against running an
ephemeral instance of Persona that doesn't do the account bridging, and
doesn't share a database with the real persona.org. We do plan to integrate
this with Persona. Also, while I think this is an awesome use case for
Persona, and we do intend to land it in Firefox [1], it's worth noting that
the proposed webrtc idp proxy architecture [2] is designed to work with any
identity provider, not just Persona, and could be incorporated into any
browser.

[1]
[https://bugzilla.mozilla.org/show_bug.cgi?id=878941](https://bugzilla.mozilla.org/show_bug.cgi?id=878941)
[2] [https://tools.ietf.org/html/draft-ietf-rtcweb-security-
arch-...](https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-06)

------
onedognight
> We are sorry, but currently your browser is not supported.[1]

Really? Mozilla Persona doesn't support Firefox 23.0.1?

[1]
[https://webrtc.personatest.org/unsupported_dialog](https://webrtc.personatest.org/unsupported_dialog)

EDIT: BrowserSupport.getNoSupportReason() == LOCALSTORAGE_DISABLED.

------
pwnna
My friend/coworker who made this also made a video explaining how this works
in more details: [https://air.mozilla.org/intern-presentation-
seys/](https://air.mozilla.org/intern-presentation-seys/)

------
6a68
btw, this is why you should apply for an internship on the Identity team next
summer :-)

~~~
jedp
This is also why people should hire Ryan Seys when he's done with university.
Oops - I didn't just say that! Hopefully he'll be coming back to Mozilla :)

~~~
ryanseys
I approve of this :)

------
aeontech
Fails in firefox 23.0.1 for me (I see myself, but not the other person). Fails
in chrome 29.0.1547.57 as well with similar results.

~~~
ryanseys
I am sorry! It is likely due to WebRTC's inability to connect to others when
difficult NATs get in the way. TURN servers can mitigate this but Tin Can is
not set up to use a TURN server (yet).

------
ronreiter
Not working for me.

