After the Summit, I spent some time around Montréal and took advantage
of that to give talks [1] in front of about 70 web developers at two
local user groups (JS-Montréal [2] and Montréal.rb [3]).
Given that both JavaScript and Ruby have verification libraries [4]
(thanks Andy!), I was able to avoid mentioning the remote verifier in my
talk, which also reduced the amount of code on the backend slides in a
big way :)
People had a lot of questions but the most interesting one was whether
or not we had thought about adding Persona support to Unity 3D, the game
engine that's used by a lot of mobile games as well as most indie games.
Logging into a game is fairly common nowadays and many games use social
login for that.
# Audience questions
- How can my organisation become an IdP if our accounts are managed by
Google Apps?
- Is Persona compatible with progressive engagement or are users forced
to confirm their email before they get an account on my site?
- Are there any non-Mozilla browsers with native support for Persona?
- Do you provide native SDKs for iOS and Android?
- Can I use Persona in non-browser apps?
- Is Persona a standard?
- Have any large email providers signed up to be Persona IdPs?
- Is there a way to brand the emails sent out by Persona?
- How will the branding "scale" if other big providers (like Google) get
on board?
- How do you prevent the identity provider from impersonating you? How
is this an improvement over OpenID?
- Why didn't you do it in a fully peer-to-peer way (like ssh) instead of
relying on identity providers? Why not use a certificate that's synced
between devices?
- What if your email provider goes away? How can you continue to log
into sites?
- Does the assertion expiry requires user clocks to be synchronized?
- Do the plugins exist for all browsers?
- Is it really responsible to recommend that people add yet another
plugin to Devise instead of just ripping it out?
- What if I don't remember the email I used last on a site?
- What happens during logout? Why does Persona need to know about it?
- Are other industry players planning to add native Persona support or
are they blocking that technology?
- Is there anything that needs to be synced between browsers?
- What if there was a way to login using a fingerprint? Is that
something that could be done with Persona?
- If I have to support IE6 and IE7 users, then I can't use Persona for
these users and have to store passwords for them?
Francois
[1] slides at
https://speakerdeck.com/fmarier/easy-logins-for-javascript-web-applications
and
https://speakerdeck.com/fmarier/easy-logins-for-ruby-web-applications
[2]
http://js-montreal.org/
[3]
http://www.montrealrb.com/
[4]
https://npmjs.org/package/browserid-verify and
https://rubygems.org/gems/browserid-verify