I'm trying to think through a problem, which I think Persona might be able to help solve. Or it may be the Persona is designed to prevent the solution of this problem.
Suppose that a user uses the same email address to login (via Persona) to two sites, X and Y. Normally, these sites have no knowledge of each other or of the fact that they share a user. This is as it should be.
What if the user *wants* to share the fact that these accounts belong the same person? For example, they want to associate their profile on Site X with their profile on the Site Y, in a way where a viewer can be confident that those profiles represent the "same" login identity (without revealing the actual email address to the viewer).
This sounds a lot like OAuth and not Persona. I think one of the main goals
of the Persona project is to isolate each site from all the others for user
privacy.
On Fri, Nov 2, 2012 at 2:49 PM, Janet Swisher <jswis...@mozilla.com> wrote:
> Hi!
> I'm trying to think through a problem, which I think Persona might be able
> to help solve. Or it may be the Persona is designed to prevent the solution
> of this problem.
> Suppose that a user uses the same email address to login (via Persona) to
> two sites, X and Y. Normally, these sites have no knowledge of each other
> or of the fact that they share a user. This is as it should be.
> What if the user *wants* to share the fact that these accounts belong the
> same person? For example, they want to associate their profile on Site X
> with their profile on the Site Y, in a way where a viewer can be confident
> that those profiles represent the "same" login identity (without revealing
> the actual email address to the viewer).
> I'm trying to think through a problem, which I think Persona might be > able to help solve. Or it may be the Persona is designed to prevent > the solution of this problem.
> Suppose that a user uses the same email address to login (via Persona) > to two sites, X and Y. Normally, these sites have no knowledge of each > other or of the fact that they share a user. This is as it should be.
> What if the user *wants* to share the fact that these accounts belong > the same person? For example, they want to associate their profile on > Site X with their profile on the Site Y, in a way where a viewer can > be confident that those profiles represent the "same" login identity > (without revealing the actual email address to the viewer).
> Is this possible?
I don't think it is to my knowledge of the current API.
Is it just the identity that you want to share between X and Y, no other information? For instance, are you asking for a feature where a user would be willing to accept X to send data about the user into Y or just an e-mail address comparison?
> I'm trying to think through a problem, which I think Persona might be able
> to help solve. Or it may be the Persona is designed to prevent the solution
> of this problem.
> Suppose that a user uses the same email address to login (via Persona) to
> two sites, X and Y. Normally, these sites have no knowledge of each other
> or of the fact that they share a user. This is as it should be.
> What if the user *wants* to share the fact that these accounts belong the
> same person? For example, they want to associate their profile on Site X
> with their profile on the Site Y, in a way where a viewer can be confident
> that those profiles represent the "same" login identity (without revealing
> the actual email address to the viewer).
> Is this possible?
Yes, It's possible, but it's a design decision.
This is the linkability vs unlinkablity debate in identity.
Sometimes you want to allow complete linkability (everyone knows who you
are), sometimes partial linkability (only the email provider knows), and
sometimes no linkability.
Also there's a problem with linking email addresses in relation to spam.
It would be better to link some other identifier such as a unique URL or
your Name, rather than email.
Personally I'm a fan of the linkability concept, and think it will be one
of the next waves, e.g. that you have a reputation footprint across the
web, but I think Persona is not oriented toward that paradigm at present.
On Friday, November 2, 2012 at 2:49 PM, Janet Swisher wrote: > What if the user *wants* to share the fact that these accounts belong
> the same person? For example, they want to associate their profile on > Site X with their profile on the Site Y, in a way where a viewer can be > confident that those profiles represent the "same" login identity > (without revealing the actual email address to the viewer).
Lots of good feedback already, but I have a couple more basic questions.
Can you give a precise use case? Is this so that Site X can access content stored at Site Y, so the user can be "single-signed on" to X and Y, or for some other reason?
> On Friday, November 2, 2012 at 2:49 PM, Janet Swisher wrote:
>> What if the user *wants* to share the fact that these accounts belong
>> the same person? For example, they want to associate their profile on
>> Site X with their profile on the Site Y, in a way where a viewer can be
>> confident that those profiles represent the "same" login identity
>> (without revealing the actual email address to the viewer).
> Lots of good feedback already, but I have a couple more basic questions.
> Can you give a precise use case? Is this so that Site X can access > content stored at Site Y, so the user can be "single-signed on" to X > and Y, or for some other reason?
Consider this purely hypothetical scenario:
Site X and Site Y are wikis that cover a similar range of content. Because of differences in their contributor and licensing terms, it's not trivial to reuse content from Site X on Site Y. However, if a user of Site X has created an account on Site Y, they consent for content they create to be used under Site Y's terms. The purpose of linking from a Site X profile/account to a Site Y profile/account is to show that the user agrees to reusing their Site X content on Site Y. (There is a separate issue that does not concern us here, of tracking whether all contributors to a given page have done this.) There's no need for a "single sign-on", but there should be more than simply a social convention that the profile being linked to belongs to the same person as the one being linked from.
(As an example of social convention, I can put my Twitter handle on my LinkedIn profile, but only social convention requires that the Twitter handle I link to really belongs to me.)
Does Persona help here, or do Site X and Site Y need some deeper integration?
On Tue, Nov 6, 2012 at 8:52 PM, Janet Swisher <jswis...@mozilla.com> wrote:
> Site X and Site Y are wikis that cover a similar range of content. Because
> of differences in their contributor and licensing terms, it's not trivial to
> reuse content from Site X on Site Y. However, if a user of Site X has
> created an account on Site Y, they consent for content they create to be
> used under Site Y's terms. The purpose of linking from a Site X
> profile/account to a Site Y profile/account is to show that the user agrees
> to reusing their Site X content on Site Y. (There is a separate issue that
> does not concern us here, of tracking whether all contributors to a given
> page have done this.) There's no need for a "single sign-on", but there
> should be more than simply a social convention that the profile being linked
> to belongs to the same person as the one being linked from.
It seems to me that, since Persona uses an email address to identify
users, two sites that have user accounts for the same user, using
Persona, can trivially identify their common user base by checking the
user's email addresses.
On Tuesday, November 6, 2012 at 12:00 PM, Dirkjan Ochtman wrote: > It seems to me that, since Persona uses an email address to identify
> users, two sites that have user accounts for the same user, using
> Persona, can trivially identify their common user base by checking the
> user's email addresses.
I was going to push in exactly that direction: Janet, could you tell users to "please use the same email address at both wikis, and we will auto-link your accounts?"
> On Tuesday, November 6, 2012 at 12:00 PM, Dirkjan Ochtman wrote:
>> It seems to me that, since Persona uses an email address to identify
>> users, two sites that have user accounts for the same user, using
>> Persona, can trivially identify their common user base by checking the
>> user's email addresses.
> I was going to push in exactly that direction: Janet, could you tell > users to "please use the same email address at both wikis, and we will > auto-link your accounts?"
Yes, probably. I do want a user opt-in step in there. In case, for example, a user creates an account on Site Y, but then decides they don't like it and don't want their content used there after all. But this answer does help a lot. Thanks! :-)
For an example that already exists: builder.addons.mozilla.org uses
Persona, and requests that you select the same email address as one
registered with addons.mozilla.org, so that when you want to publish your
addon, we know which account to publish it under. We use messaging to that
effect when signing in.
On Tue, Nov 6, 2012 at 12:12 PM, Janet Swisher <jswis...@mozilla.com> wrote:
> On 11/6/12 2:03 PM, Ben Adida wrote:
>> On Tuesday, November 6, 2012 at 12:00 PM, Dirkjan Ochtman wrote:
>>> It seems to me that, since Persona uses an email address to identify
>>> users, two sites that have user accounts for the same user, using
>>> Persona, can trivially identify their common user base by checking the
>>> user's email addresses.
>> I was going to push in exactly that direction: Janet, could you tell
>> users to "please use the same email address at both wikis, and we will
>> auto-link your accounts?"
> Yes, probably. I do want a user opt-in step in there. In case, for
> example, a user creates an account on Site Y, but then decides they don't
> like it and don't want their content used there after all. But this answer
> does help a lot. Thanks! :-)
