
Shutting down persona.org in November 2016 - buro9
https://mail.mozilla.org/pipermail/persona-notices/2016/000005.html
======
jbclements
I'm very sad to see this announcement. I've been a big fan of persona since I
first learned about it three years ago, and for a few months I tilted at
windmills by writing to services I used, and asking them why they didn't
support persona login.

After writing about four of these, though, I had a small epiphany; this is a
ludicrously uphill battle, because Facebook and Google don't just make it easy
to use their login because they're nice; the information that they gather from
these logins is worth good money to them, and so of course facebook+google
login is the most frictionless and butter-easy way to implement login.

Sigh.

Okay, I know this was totally obvious to everyone but me, but it does make me
sad, and I can start to see the outlines of an internet that I'm somewhat less
excited about than the one we have now.

I'll miss you, persona. Mozilla, keep up the good fight!

~~~
iheartmemcache
I was an early adopter of OpenID and still lament the loss. I'm familiar
enough with Persona and IdP's that I could probably fork I'm flirting with the
idea of offering LTS out-of-pocket as a public service if there is enough
backing [e.g. demand by the geek community. Decentralized authentication is
important and I feel strongly enough to engineer for free and/or offer
corporate support through my corporation for Persona and use it to subsidize
additional development].

I also am working on offering both a FreeDNS service with DNSsec both as an
authoritative server for all end-users (services like GoDaddy mark this, as
well as SSL certificates, as a "premium service" and that is sheer insanity; I
have made it my personal goal to ruin services like this and "SSL watchers"
which charge 20$/mo to ensure your cert doesn't expire). Also don't use
OpenDNS, not only do they inject ads, but they break DNS by stripping DNSsec
which is both unethical and a violation of the spec. I'll have a blog post up
on that later this week.

If you have a web-site, don't have shell access but still want to put a cert
up, [https://www.sslforfree.com/](https://www.sslforfree.com/) use these guys.
They'll authenticate your ownership the same way Google Analytics does, then
you associate the cert with your domain in the same way you would had you
bought it from VeriSign.

[0]
[https://www.surveymonkey.com/r/VLFM7FD](https://www.surveymonkey.com/r/VLFM7FD)
\- please fill this out if you have either interest in Persona or that DNS
service I mentioned (the latter of which is likely to go up this week, the
former depends on demand)

~~~
StavrosK
A few people and I have been talking about Persona and possibly developing a
next version, we're chatting on
[https://gitter.im/letsauth/LetsAuth](https://gitter.im/letsauth/LetsAuth), or
#letsauth on Freenode. Feel free to join either, we'd love to brainstorm
together.

~~~
greggman
Partner with auttomatic (Wordpress). They're open source and apparently 25% of
the web is run on their software. Could be a good jump start ?

~~~
StavrosK
That's a fantastic idea. Definitely something to keep in mind for potential
integration, thank you.

------
buro9
I use Persona heavily, with over 300 sites and 50,000+ users depending on it.

The saving grace here is that what I hold for users is the email address and
that gives me a path to switch to another provider so long as I get an email
address back.

In many ways this is a blessing, at least I now know where I stand. No doubt
my spare time is going to be used up over the next month or two.

~~~
callahad
Sorry about that. :( Can I buy you a pint when I'm in London next June?

We tried our best to ensure that there was never any lock-in with Persona,
which makes a transition away possible, but not painless.

Now that we have a formal announcement, I'm hopeful that folks on the
sidelines will take this as a cue to stop pining and start building. :)

EDIT: To curtail the "I'm in SF/BOS/etc." posts: I'm in Minneapolis. Maybe we
should set up a Hangout or similar early next week? If you'd like in on that,
subscribe to [https://lists.mozilla.org/listinfo/dev-
identity](https://lists.mozilla.org/listinfo/dev-identity) and I'll post
details there.

~~~
buro9
If you're in SF I'm here until Friday at the CloudFlare office around the
corner from one of the Mozilla offices (are there many?!) - down near 2nd and
Townsend.

I wouldn't mind getting a brain dump of how you'd do it differently were you
to build it now, as well as my sharing what I'm looking for... perhaps a
Persona v2 design could rise from the ashes.

~~~
hlieberman
I'm not local (BOS based), but I'd also be interested in having this
conversation with both of you. Persona's mission is too important not to
continue.

Besides, isn't rising from the ashes what Mozilla does? "And so at last the
beast fell and the unbelievers rejoiced. But all was not lost, for from the
ash rose a great bird..."

------
Flimm
I'm so disappointed in Mozilla.

What gets me is that even in this announcement, they place the blame on the
community "due to low, declining usage", instead of owning up to the fact that
they never implemented BrowserID in Firefox (desktop) as envisioned. With no
carrot, why would they expect sites to jump on board?

~~~
blowski
Given that Firefox itself is declining in usage, I'd be surprised if that
would have been enough.

~~~
majewsky
That always depends on the market. While Chrome leads the US market like IE
used to, Firefox is for example the most-used browser in Germany. Maybe it
would have been a valuable approach for Mozilla to work with a specific market
when introducing Persona, e.g. the big German webmail providers.

~~~
stcredzero
What if there was a way to "spin out" Persona from Mozilla? How many devs and
how many resources would it take for a bare-bones Persona Foundation to get
the job done?

------
OoTheNigerian
Though this may sound harsh, the fact is Mozilla is abandoning projects left,
right and center. From Thunderbird to Firefox OS and now Persona.

So why should anyone in their right senses bet on a Mozilla project in a
serious way?

They have put themselves in a catch 22 situation. Abandoning projects because
"people are not using them" and people will not use them because Mozilla
abandons projects.

Interestingly, most of these abandoned projects were promising but I cannot
recollect Mozilla ever changing course as a result of feedback given when they
launched a project.

This is quite unfortunate.

~~~
davedx
All companies do this. Google does it too. Facebook abandoned their login
system for embedded systems, leaving some of us working in the digital TV
sector up shit creek without a paddle. Look at what happened to the Twitter
ecosystem as it locked its API down.

Bet on any third party service in a serious way and you are taking on risk
that you cannot control. That's a fact of life.

~~~
Chris2048
I can't help feel glad some embedded systems lost the requirement for a FB
account...

But in any case - Does google abandon projects with the same frequency?

~~~
minikites
Wave, Reader, Knol, etc:

[http://www.lemonde.fr/pixels/visuel/2015/03/06/google-
memori...](http://www.lemonde.fr/pixels/visuel/2015/03/06/google-memorial-le-
petit-musee-des-projets-google-abandonnes_4588392_4408996.html)

~~~
Chris2048
frequency would be number of projects (with a certain amount of uptake)
started divided by number abandoned.

That list isn't so simple. Accelerator isn't software/service, refine became
open-refine, and wasn't a service. Wave didn't seem to get a great deal of
uptake (I think), and is somewhat superseded by google+ in-chat. I'm not sure
how checkout differs from wallet. etc.

So in those case, there is a marked difference as compared to, for example,
when google discontinued reader.

I also wonder how many of these projects are abandoned in name, but not in
copebase? Google+ probably rebrands some of those, with a slightly different
mission statement (new feature, rather than standalone product).

That said, I _do_ dislike some of the focus on social-media. The facebook
effect, I guess... We probably need more protection from it...

------
igravious
Persona and Diaspora* are two projects the free-software/open-source community
should have gotten behind in a very serious way. Myself included. These are
two projects I've felt very pulled towards in the sense that I _ought_ to
contribute, I _ought_ to help out because that's the kind of world I want to
build because that's the kind of world I want to live in.

This shit is _important_.

GNU gave us the tool-chain, Linus+co. (and BSD!) gave us the kernel, Mozilla
gave us the web client, Apace gave us the web server and so much more. For a
few years there I thought that FOSS had delivered the software world I could
live in.

But then came the era of the internet and my data and identity in the cloud.
And tracking. And surveillance. And social everything. And why? Because of
shiny pretty interfaces and convenience and humans being human.

Surely this is our `Stallman and the printer' moment for our generation. I
know the FSF and EFF and others do a great job. But we're losing these
battles.

I think the hard part about this current iteration is that, say, with GNU C
there's the C language standard, with Linux there's UNIX. There's something
you can strive to be compatible with. Where is the online identity management
standard? There is none, because that's the whole point. Same with social.

These corporations are behemoths. Facebook/Twitter/Google/Microsoft, the list
goes on and on. Before it was really just Microsoft on the desktop and a load
of ageing UNIX vendors -- we've never seen the like of these new businesses.
This is a sector that briefly had the most valuable corporation on the planet.
This is an immense task. But it's doable. FOSS has won the server wars, has a
viable desktop, has transitioned to mobile. But identity and social, you know,
the stuff that makes us human, not so much.

Time to act I reckon.

~~~
onli
I'd be soo happy if that announcement would reign in a new chapter for
persona, one in which a new project is formed that continues to develop it,
and gets ready in time to replace persona.org. Without all those websites,
including mine, having to replace persona with something else.

Browserid was launched right when I was learning about loginsystems, and it
was so nice to use it instead of fighting with hashes or certificates. I still
think that it is the right idea, persona should not die.

------
TazeTSchnitzel
This is so sad to see.

Honestly, I almost want someone to fork Persona and keep it alive. Persona is
at least a real service that people know how to integrate that has a solid
concept. The yet-to-be-invented-hypothetically-better potential successor
doesn't have that.

~~~
williamle8300
Why don't you fork Persona and keep it alive?

~~~
iheartmemcache
[https://persowna.net/](https://persowna.net/) it's still alive, no need to
fork. It's going to suffer the same problem as OpenID though. I.e., with no
big vendor behind it, you have even less of a chance of having hitting that
'critical mass' point where people will integrate it into their applications.

[https://news.ycombinator.com/item?id=10789556](https://news.ycombinator.com/item?id=10789556)
Discussed here further. Like with OpenID, the problem is vendors remove
support for OpenID.

Right now there's a very, VERY good standard made by OASIS (standards body on
par with IEEE/ISO/W3C)- SAML, which with a YubiKey[4] and a cell phone app for
managing permissions gives you a really nice setup. The flow is basically
plug-in your YubiKey off your key-chain, then authenticate once when you log-
in at the start of the day, anything that implements SAML will now give you a
SSO (similar to AD/LDAP) but it's two tokened with a focus of ease of use for
Joe Blow (as simple as a Push notification to your phone (authentication
comparment #3) saying "App Foo is asking for permission for you to log in.
<Slide left/right for approve/deny> while giving you granular control for the
power user. Again, chicken egg adoption problem, but its the most elegant I've
seen.

[https://wiki.oasis-open.org/security/FrontPage](https://wiki.oasis-
open.org/security/FrontPage) [http://docs.oasis-
open.org/security/saml/v2.0/saml-profiles-...](http://docs.oasis-
open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf)
[http://saml.xml.org/wiki/idp-initiated-single-sign-on-
post-b...](http://saml.xml.org/wiki/idp-initiated-single-sign-on-post-binding)
[4] [https://www.yubico.com/2015/10/github-
yubico-u2f/](https://www.yubico.com/2015/10/github-yubico-u2f/)

~~~
djsumdog
I implemented a SAML2 IDP once when I worked at a University using Shibboleth
(as both the IDP and SP).

SAML2 has a lot of heavy usage in academia or between industry systems. That
being said, there were a lot of exceptions and rules that needed to be put
into place for the plethora of broken SAML2 implementations. Some needed an
attribute in two scopes, others had trouble with certain OIDs, etc. The
Shibboleth mailing list is filled with things like, "oh if you're trying to
connect to someone using Oracle SSO, add x y and z because their stuff is
hopelessly broken."

I mean for the most part, it did just work. I see it as great when you want to
build trust relationships, but in the general case, I think OpenID was simpler
and better.

I still run my own OpenID. It gets me into ... StackExchange. It no longer
works with Slashdot, gitorious, freecode and many other sites that have either
stopped supporting it or gone under. Oh wait, it works with OpenStreetMaps
too.

~~~
iheartmemcache
Yeah, my experience is precisely the same re: OpenID.

Is that SAML2 IdP code open?

Things have..slowly... improved within the SAML2 ecosystem, but if you've
found a better alternative (SSO for the average Joe - preferably with 2FA a la
YubiKey) let me know.

~~~
thaeli
SimpleSAMLphp is quite straightforward; use the Yubikey auth source and you
get their 2FA very easily. SAML2 will never be quite as easy to configure as
OpenID in practice, but it's the least painful setup I've seen. (Yes, I
include several of the big commercial authentication-as-a-service vendors in
that comparison.)

Having the ability to easily manipulate attributes at a per-SP level makes
integrating with semi-broken vendor implementations much more practical. There
are modules available to add OpenID and OAuth; I use the OpenID module in
production and have been quite happy with it.

------
mixedbit
Core open protocols behind the Internet that we have today took years of
development and refinements. It seems that in the current model, where
projects are expected to be widely adopted within a short period of time, the
development of such protocols is hindered.

With all the dollars pouring into Internet companies, we are unable to develop
open protocols for crucial services, like verifying an email of a user, or
having an encrypted connection to a server without the server owner paying
x$/year for a certificate.

~~~
digi_owl
Thats because the core was laid either in academia or via military funding,
both places that do not expect quarterly earnings to rise by 2% continually
(or at least didn't, dunno about MBA driven academia these days).

Frankly barely anyone cared about the net until the dot-com boom made the web
"shiny".

------
jasonmp85
So I wasn't 100% sure what Persona was (why read the article, right?) and
decided to Google for it…

Turns out neither the Mozilla Persona main page nor the developer docs linked
therefrom mention this timeline. Shouldn't there be a huge banner at the top
warning visitors that maybe starting a new project using this tech is a bad
idea? Or at least some sort of link to this post?

~~~
rfk
Yes indeed; I have bugs open to get those added to all our public-facing
Persona docs.

------
onli
What would a new Persona project need to do? I see three things:

0\. Provide a drop-in replacement for persona.org, making it unnecessary to
migrate to another loginsystem.

1\. Rework the Persona code, so that it becomes possible and easy to selfhost
it, also outside of the new project. All the feature-creep stuff callahad was
mentioning should be purged.

2\. Work on the browser integration. It would already be great if sites could
specify in a meta-tag in the head "login via persona supported" and the
browser would show a login UI, even if in the background nothing changes. Even
if it would just load the JS and UI currently loaded, but from the plugin
instead from the server, this would at least speed things up and be a good
starting point.

3\. Try to keep the gmail integration, extend it to other mail providers (I'm
not sure about the current situation there).

What am I missing? I'm sure there is more, and it would be a big project
already.

------
natrius
If you believe in the mission behind Persona—identities controlled by users,
not social network silos—then come help us rebuild Persona on top of
blockchains. Blockchains never shut down, and you'll be able to keep your
identity even if you change email addresses.

Talk to me: niran@niran.org

~~~
drdaeman
I'm curious¹

Can you please comment here (or set up a webpage anywhere), explaining the
overall ideas and proposals?

If your idea of user-controlled identities is truly about something that users
do _possess_ (not just being _provided_ ), and you have any plan how to bring
it to the world (without for users to need to install any software — that'd
utterly fail — or do anything much besides clicking "log in as myself") — then
I'm all for it.

___

¹) Although I do believe Persona screwed it badly, as identities weren't
controlled by users there, but merely leased to them by third parties - I find
the concept of "identity provider" to be very wrong.

~~~
natrius
Your identity will be a program on the Ethereum blockchain. That program has
an address that will be the unique key for your identity. That program will
indicate which keys can act on its behalf, and will provide a mechanism to
revoke keys and recover the identity if your keys are lost.

Users will have to install something because browsers have no key signing
mechanism. If you manage keys in a web page, that web page can access your
keys. You'll need an extension or an app to manage keys for you.

This approach sounds like a stretch, right? No website is going to use an
authentication mechanism that requires a separate install. If that were the
initial use case for this, I would agree. The real use for these identities is
within decentralized applications. These apps don't run on servers and don't
force you to use middlemen when you interact with other people. Decentralized
apps don't shut down. They don't care where you live. They connect you with
other people on the planet that want to connect with you to trade,
communicate, or interact in any way you want. The two of you choose your own
rules, not those of the companies or governments that stand between you.

~~~
drdaeman
Oh, I see. Sorry, not my thing, then.

This is not a replacement for Persona, OpenID or "Log in with
Google/Facebook/Twitter" buttons, which was what I hoped to see. And I'm not
even sure how this is better than my PGP keypair (which is something way more
widely recognized than Ethereum).

Is there any skilled and powerful necromancer out there that can revive and
reanimate W3C WebID committee?

------
chei0aiV
Debian is using client-side SSL certs for SSO. I wonder why that isn't more
common on the Internet.

[https://wiki.debian.org/DebianSingleSignOn](https://wiki.debian.org/DebianSingleSignOn)

~~~
chei0aiV
I guess not much has changed since 2008:

[https://pilif.github.io/2008/05/why-is-nobody-using-ssl-
clie...](https://pilif.github.io/2008/05/why-is-nobody-using-ssl-client-
certificates/)

~~~
leni536
tl;dr: this is a UI problem

------
metafunctor
Seems like it was just a while ago I first heard of persona, and thought that
it's a great idea.

Then, I did not hear of it again. Now, this. I have a couple of observations.

Branding this as "Mozilla Persona" makes it look like all the other corporate
"one-time" login things out there. Apple ID, Microsoft Live, what have you. I
don't need one more account controlled by a corporation. Mozilla looks like a
corporation to me (maybe it is not, but it looks like one). I do not
automatically trust everything with the Mozilla brand on it.

Adding Persona to a website is not that easy, from the developers' standpoint.
I looked at it for a while, and couldn't be bothered. From the server side,
it's just so simple to authenticate users with passwords (or access tokens
derived thereof). It would be wonderful if the browser could just take care of
everything, if all users really need is a way to securely authenticate.
Currently, it seems to me like password managers are winning this game.

I'm hoping to see something where password managers are extended with
protocols to allow more data and access to be shared to services I really use.

~~~
yc1010
I was using it for years on our sites, IT IS very easy to implement for a
developer, especially easier than dealing with oauth oddities from
google,facebook,microsoft etc

Yes one can program own username/password etc login, but it is actually alot
of work making a proper one with all the edge cases (, password strenght,
email validation, verification, account recovery) and so on and so on. I know
because I have done it dozens of time and each time the project has slightly
different requirements

Mozilla Persona was dead easy to implement on the other hand! Also alot of
people did not like and complained about having to login with Google, Facebook
etc yet the same people had no issues trusting Mozilla due to the goodwill
they built up with firefox and their fight for privacy

~~~
metafunctor
It really doesn't look all that easy. [https://developer.mozilla.org/en-
US/Persona/Quick_Setup](https://developer.mozilla.org/en-
US/Persona/Quick_Setup)

Especially compared with usernames and password, which is basically built in
to anything already.

~~~
WorldMaker
Persona is the easiest one I've worked with, including usernames and
passwords, because getting that correctly working with the best practices of
2015, even with built-in support in most frameworks, is and will always be a
PITA, and heavily dependent on fragile DB schemas specific to a given
framework's whims.

I think that usernames and passwords are "easy" is something of a sunk cost
fallacy, both for developers and users, and we tend to forget how much time
and effort we "waste" on this year over year. My password manager is up to
hundreds of different passwords I use, and I know a lot of users these days
whose "password" starts with the now ubiquitous "Forgot Password" button
(which is its own headache to setup and get right), as they are okay relying
on the relative security of their email address over the fragility of their
own memory.

------
SimeVidas
Passwordless authentication seems like a good alternative:
[https://hacks.mozilla.org/2014/10/passwordless-
authenticatio...](https://hacks.mozilla.org/2014/10/passwordless-
authentication-secure-simple-and-fast-to-deploy/). I’m planning it as a
replacement for Persona. (Currently waiting for my host, Modulus, to add
support for Let’s Encrypt.)

~~~
iheartmemcache
[https://www.sslforfree.com/](https://www.sslforfree.com/) Use this and you
don't need to have any server alteration. (You authenticate via uploading a
FTP file to your site, then SFF.com queries to see if you placed it there, if
it exists, you get a cert and install it like you would had you bought it from
Verisign.)

~~~
dordoka
Sorry if this is off topic, but I have just tried sslforfree. You let it
upload via FTP (or FTPS/SFTP) but the query to check if the file is there is
done via HTTP. Why not just validate that the domain is mine if the FTP upload
is successful? Or maybe even just redownload the file to see if contents
match. I don't get it.

~~~
mahouse
It's not the same, you could tell it to upload the file to a folder that is
not inside your domain.

------
bovermyer
Sadly, I feel this was inevitable. Persona never caught on, and was kept alive
only by a relative handful of devout adherents.

SSO will remain the dominion of big players with a lot of money to burn.

~~~
ec109685
Money to burn and existing users who already have a Facebook / Google account
and like clicking a big shiny button to login.

------
ddasdasddsad
This is another dumb move from Mozilla, putting them further away from being
the alternative to giants such as Facebook and Google on the open web.

With time, more and more users are going to wake up to the privacy issues with
the current web, and a common login solution that is NOT Google or Facebook is
critically important in order to avoid getting tracked online.

Persona should be improved to be a natural fit for Firefox users rather than
to be shut down. The demand for common login is there and people pick Facebook
and Google today because they dont understand the need for privacy. But sooner
or later they will get quite tired of being tracked and want a good
alternative. Mozilla should be there for them when they do.

------
JoshTriplett
The centralized persona.org service seemed like the weakest link in an
otherwise interesting distributed authentication system; persona.org gave
people a "transitional" way to associate logins with email addresses rather
than federated IDs, but as far as I can tell, nobody ever used anything else.
It makes me sad that Mozilla never followed through with the browser
integration component of BrowserID.

Consider this for a browser-integrated login system:

\- Browsers directly provide an API for sites to say they need to say "this
site wants an account".

\- When the browser sees such a request from an origin that the user doesn't
have an account for, it provides browser UI to create an account and log in.
Creating an account creates an origin-specific keypair in the browser and
hands the site the public key; logging in uses a challenge-response protocol
to prove ownership of the private key.

\- When the browser sees such a request from a site the user has an account
for, it provides browser UI to log in via the challenge-response protocol;
that same browser UI can offer options like "keep me logged in".

\- Both Firefox and Chrome have cross-system synchronization systems (e.g.
Firefox Accounts/Sync), including to mobile browsers. Use those systems to
sync the keypair across browsers controlled by the same user. Perhaps offer
options to copy individual keypairs via QR code or similar, for the much
smaller set of people who have systems of varying trust levels that should
each have access to overlapping subsets of accounts.

\- The browser can (at the user's option) provide an email address to a site.
The site can (at the site's option) provide an option to register a new key
for that email address, as the equivalent of a "lost my password" system but
for "lost my computer or browser profile".

This implementation seems quite straightforward. About the only problem I know
of that it _doesn 't_ solve involves throwaway accounts with memorized
passwords used only with private browsing, where people don't want to leave a
trace. If people care enough about that case, perhaps offer the option (such
as when using private browsing) to compute a key from the origin, the user's
email address, and an optional password, and throw it away at the end of the
session. (For that matter, browsers could generate a completely transient key,
for those times when you want to make a throwaway account that you'll never
want access to again unless the site has an email-based recovery option.)

While this system provides some useful properties for highly technical users,
it seems quite feasible to present it in an extremely simple manner for novice
users.

~~~
XMPPwocky
UAF, from the folks behind U2F, does basically this:

[https://www.ietf.org/proceedings/92/slides/slides-92-tokbind...](https://www.ietf.org/proceedings/92/slides/slides-92-tokbind-3.pdf)

As far as usability, at least U2F is amazingly frictionless; enrollment is
'put the dongle in and hit the button', login is 'put the dongle in and hit
the button.'

~~~
zeisss
Is it nowadays supported by more than Chrome?

~~~
XMPPwocky
U2F or UAF? Firefox is working on adding U2F support, and there's a third-
party plugin ( [https://addons.mozilla.org/en-
GB/firefox/addon/u2f-support-a...](https://addons.mozilla.org/en-
GB/firefox/addon/u2f-support-add-on) ). Not sure if anything supports UAF yet;
doesn't seem to have the same momentum as U2F.

------
afandian
Does anyone know of a similar project that I can use as a replacement to
Persona? I was very pleased to be able to stop storing passwords and running
an auth system and outsource it to a trusted third party whose motivations I
trust.

Can anything fill Persona's shoes?

~~~
WorldMaker
For the moment Passwordless
([http://passwordless.net](http://passwordless.net)) seems like the next
closest option in terms of not storing password systems and keep auth work
minimal. It doesn't have the "single sign on" benefits of cross-domain
authorization that Persona could have provided and it does still require you
to run your own SMTP or SMS connections (as opposed to relying on
login.persona.org for that).

It certainly sounds like people are considering alternative providers to
login.persona.org if you wanted to keep using Persona/BrowserID, but I'm not
sure how well received any of them might be without a good branding stance
like Mozilla Persona mostly [1] had.

[1] Arguably it is a failed brand at this point with almost no consumer
recognition, but still better than no brand.

------
akerro
After community asked to provide more support to Persona, they are closing it.

------
WorldMaker
Persona has been great and I do hope that we figure out as a community how to
move forward, whether to some "v2" or to figuring out how to break the
chicken/egg adoption dilemmas.

I've wondered if a mistake with Persona was not trying to push it faster
through W3C, WHATWG, OASIS or similar working group as a browser standard. It
seems interesting to me that this was clearly a goal for the project (what
with using navigator.id and everything) but it doesn't really look like there
was much momentum to push this forward into any of the big "web apps standards
tracks".

Particularly with the successes in things like Cordova and React
Native/NativeScript helping to standardize "app features" like geolocation in
browsers, things seem to be heating up in the web-based "apps" arena and maybe
there is room there for pushing something like BrowserID as a useful "apps
platform feature"...

------
webmaven
Hopefully, Firefox Accounts[1] will have delegated authentication[2] available
in time for users to do an automatic migration from persona.org before the
shutdown.

[1]
[https://wiki.mozilla.org/Identity/Firefox_Accounts](https://wiki.mozilla.org/Identity/Firefox_Accounts)

[2]
[https://wiki.mozilla.org/Identity/Persona_Shutdown_Guideline...](https://wiki.mozilla.org/Identity/Persona_Shutdown_Guidelines_for_Reliers#Delegated_Authentication_Providers)

------
razster
Well this is sad news, didn't really want to hear about this today.
Unfortunately I don't know of another like persona service.

Well good luck to the Persona team.

------
DoubleMalt
This story shows how important a decentralized but federated Identity system
is. Something we will build into CloudFleet
[https://cloudfleet.io](https://cloudfleet.io) [Disclaimer: I am one of the
founders of CloudFleet]

------
StavrosK
Damnit. Is it because I wrote that article?

~~~
Osmose
Not at all.

~~~
StavrosK
I love you Mike, thanks for all your work on Persona! Now let's make v2.

------
fiatjaf
Who's gonna rehost it?

------
fibo
Mozilla misses something like Persona, Chrome is really useful cause support
authentication.

