True, the fact that URLs identify them confuses some people. However, http:// being usually superfluous, I don't see why roger.example.com is more confusing than roger@example.com.
> Most sites would like at least an email address to be able to contact you, so will almost always require an additional step after logging in for the first time.
And openId provides an email if the site asks for it.
> OpenID is a jarring login process.
The difference is that the provider page is a full page rather than a popup?
> Both OpenID and oAuth allow your identity provider (be it Google, Facebook, Twitter) to track every website you sign in to.
So does mozilla persona as your identity provider is your browser ! I remember an opera unite app that acted as an openId provider. How is Persona different/better than that?
> oAuth is complicated for developers to implement [...] several versions of the protocol, [...]
That is true. And it will also be true of persona in two years when you will have to support firefox15 to 20, chrome 33 to 35, ie11, opera14, opera15, webkit-beta-nameless-browser, webkit-alpha-nameless-browser and others' own versions of persona
> True, the fact that URLs identify them confuses some people. However, http:// being usually superfluous, I don't see why roger.example.com is more confusing than roger@example.com.
Because roger.example.com is not what most people's OpenID is. Google uses the same OpenID url for all accounts. If you have a Gmail account, your OpenID URL is: https://www.google.com/accounts/o8/id
I have been confused about that every, single, damn, time I've ever used Google OpenID, whether it was supporting it or using it. Thanks for opening my eyes.
I knew I liked BrowserID and you've pointed out around reason why.
>> Both OpenID and oAuth allow your identity provider (be it Google, Facebook, Twitter) to track every website you sign in to.
> So does mozilla persona as your identity provider is your browser !
By no means does this need to be the case. All the source is available, and you're free to set up your own identity provider if you wish.
The big advantage is that users won't have to be 'trained' for anything new: they are all familiar with email / password signups. It's pretty obvious that the website will use your email so no privacy surprises. Switching between email identities is a snap. It's actually pretty pragmatic approach given that what most people do is first assess the website risk, choose whether to give their primary or secondary email (but wait which one? i have 5), type it in (what if they mistype / remember the wrong one) and then type one of their 3-4 rememberable passwords. If anything, browserID neatly simplifies the authentication process for the user.
Also, developers only have an assertion to send; that's really really simple and less likely to break in future releases. Easier signups are important especially for small web utilities that just need a unique identifier and not much private information to work.
> True, the fact that URLs identify them confuses some people. However, http:// being usually superfluous, I don't see why roger.example.com is more confusing than roger@example.com.
Because "roger.example.com" is a webpage, whereas "roger@example.com" is an addressbook entry. Very occasionally, "roger.example.com" is a blog or personal webpage and thus probably refers to a single person. Maybe.
additionally, it may be example.com/roger or example.com/openid/roger, the regularity of it is small, and people already know what their email addresses are.
True, the fact that URLs identify them confuses some people. However, http:// being usually superfluous, I don't see why roger.example.com is more confusing than roger@example.com.
> Most sites would like at least an email address to be able to contact you, so will almost always require an additional step after logging in for the first time.
And openId provides an email if the site asks for it.
> OpenID is a jarring login process.
The difference is that the provider page is a full page rather than a popup?
> Both OpenID and oAuth allow your identity provider (be it Google, Facebook, Twitter) to track every website you sign in to.
So does mozilla persona as your identity provider is your browser ! I remember an opera unite app that acted as an openId provider. How is Persona different/better than that?
> oAuth is complicated for developers to implement [...] several versions of the protocol, [...]
That is true. And it will also be true of persona in two years when you will have to support firefox15 to 20, chrome 33 to 35, ie11, opera14, opera15, webkit-beta-nameless-browser, webkit-alpha-nameless-browser and others' own versions of persona