Hacker News new | past | comments | ask | show | jobs | submit login

A few people and I have been talking about Persona and possibly developing a next version, we're chatting on https://gitter.im/letsauth/LetsAuth, or #letsauth on Freenode. Feel free to join either, we'd love to brainstorm together.



Partner with auttomatic (Wordpress). They're open source and apparently 25% of the web is run on their software. Could be a good jump start ?


That's a fantastic idea. Definitely something to keep in mind for potential integration, thank you.


For interested people, it ended up with https://github.com/letsauth/letsauth.github.io/wiki/Roadmap


I like the idea of maybe pursuing a extension-first plan for the next attempt at BrowserID. Some thoughts:

- There have been Persona extensions before for at least Firefox. It will probably be important to learn from them, even if I'm sure hardly anyone tried to use them.

- Edge's extension support can't come soon enough.

- The issue I could see with extensions is it is harder to trust the verified email addresses in "fallback" situations. The chicken and egg bootstrap problem here still seems to indicate that you still want some sort of trusted notary. Maybe a simpler fallback provider that is just a state-less "passwordless" (passwordless.net) proxy that would be easy to clone and some way to create an actively maintained whitelist of trustworthy clones?

- While we're looking at "extension-first", maybe find ways to make use of the browser's SSL client certificate infrastructure? Obviously, if you could build a good UX for bootstrapping (email-only) client certificates you could finally help people make good use of such an old, underutilized browser feature.


Thanks. Note that I tried to write an accurate roadmap based on the discussion, but it was not the only roadmap I could've written – early stage, goals still to define.

> There have been Persona extensions before for at least Firefox. It will probably be important to learn from them, even if I'm sure hardly anyone tried to use them.

Do you know some? I only found https://addons.mozilla.org/en-US/firefox/addon/browser-sign-..., which is old (but new to me) and it seems defunct. I'm not sure whether the source code is accessible. https://www.youtube.com/watch?v=um0Ym-Yma8Y looks nice though.

Thanks for the hint to passwordless.net. A simpler fallback-provider might be exactly right, maybe even something for stage 1.5.

The BrowserID protocol actually has a user certificate as endpoint. I'm not sure how and whether that is stored.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: