Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Stabilization, standardization, and Firefox Accounts
73 views
Skip to first unread message
Dan Callahan
Nov 7, 2013, 11:33:15 AM11/7/13
to dev-id...@lists.mozilla.org
Hi dev-identity,
After two years of experimentation, it's time for Persona to mature into
a stable platform and specification. Starting this month, our focus will
be on completing the BrowserID specification, and on accelerating
Persona's growth by integrating with Firefox Accounts.
1. THE SPECIFICATION
After interviewing several websites, we believe we've figured out
Persona's sweet spot: a dead simple Web API for email verification. Our
rough plan is to pare down the API to just the sessionless "Goldilocks"
proposal, as well as getting rid of some under-used and problematic
features like displaying links to your site's Terms of Service and
Privacy Policy into the dialog.
We're also hoping to synchronize the data formats with related drafts
from the IETF's JavaScript Object Signing and Encryption (JOSE) Working
Group.
You can follow our progress on the "Finish the Spec" milestone here:
https://github.com/mozilla/browserid-roadmap/issues/milestones
2. PERSONA + FIREFOX ACCOUNTS
The best tool we have for accelerating Persona's growth is Firefox
itself. As you've seen elsewhere on this mailing list, much of the
Identity team is already working on "Firefox Accounts," a unified
account system for Firefox Sync, Firefox OS, etc. Our intention is to
use Persona within Firefox Accounts, and to use Firefox Accounts for
core services like the next generation of Firefox Sync.
If successful, Persona will directly benefit from Firefox's large,
established user base, and we'll be in a significantly stronger position
to influence the future of identity on the Web.
You can learn more about Firefox Accounts on the Mozilla Wiki:
https://wiki.mozilla.org/Identity/Firefox-Accounts
3. HOW YOU CAN HELP
The most important thing you can do is to publicly use Persona and
actively offer feedback: we can't get this right without your involvement.
We also have several dozen "Good First Bug" issues open on Persona
itself. If you're interested in hacking on a large Node.js application
(or just helping Persona!), then these might be a good place to start:
https://github.com/mozilla/browserid/issues?labels=good+first+bug&state=open
With this focus, Persona will soon become a proper, well-specified
platform. I couldn't be more excited.
Cheers,
-Callahad
After two years of experimentation, it's time for Persona to mature into
a stable platform and specification. Starting this month, our focus will
be on completing the BrowserID specification, and on accelerating
Persona's growth by integrating with Firefox Accounts.
1. THE SPECIFICATION
After interviewing several websites, we believe we've figured out
Persona's sweet spot: a dead simple Web API for email verification. Our
rough plan is to pare down the API to just the sessionless "Goldilocks"
proposal, as well as getting rid of some under-used and problematic
features like displaying links to your site's Terms of Service and
Privacy Policy into the dialog.
We're also hoping to synchronize the data formats with related drafts
from the IETF's JavaScript Object Signing and Encryption (JOSE) Working
Group.
You can follow our progress on the "Finish the Spec" milestone here:
https://github.com/mozilla/browserid-roadmap/issues/milestones
2. PERSONA + FIREFOX ACCOUNTS
The best tool we have for accelerating Persona's growth is Firefox
itself. As you've seen elsewhere on this mailing list, much of the
Identity team is already working on "Firefox Accounts," a unified
account system for Firefox Sync, Firefox OS, etc. Our intention is to
use Persona within Firefox Accounts, and to use Firefox Accounts for
core services like the next generation of Firefox Sync.
If successful, Persona will directly benefit from Firefox's large,
established user base, and we'll be in a significantly stronger position
to influence the future of identity on the Web.
You can learn more about Firefox Accounts on the Mozilla Wiki:
https://wiki.mozilla.org/Identity/Firefox-Accounts
3. HOW YOU CAN HELP
The most important thing you can do is to publicly use Persona and
actively offer feedback: we can't get this right without your involvement.
We also have several dozen "Good First Bug" issues open on Persona
itself. If you're interested in hacking on a large Node.js application
(or just helping Persona!), then these might be a good place to start:
https://github.com/mozilla/browserid/issues?labels=good+first+bug&state=open
With this focus, Persona will soon become a proper, well-specified
platform. I couldn't be more excited.
Cheers,
-Callahad
Dirkjan Ochtman
Nov 7, 2013, 3:04:02 PM11/7/13
to Dan Callahan, dev-id...@lists.mozilla.org
On Thu, Nov 7, 2013 at 5:33 PM, Dan Callahan <dcal...@mozilla.com> wrote:
> With this focus, Persona will soon become a proper, well-specified platform.
> I couldn't be more excited.
Me neither! I'd like to hack on/help write/improve/update the spec.
> With this focus, Persona will soon become a proper, well-specified platform.
> I couldn't be more excited.
Let me know if you have specific tasks I could hack on.
Cheers,
Dirkjan
Austin King
Nov 9, 2013, 8:49:02 PM11/9/13
to Dirkjan Ochtman, Dan Callahan, dev-id...@lists.mozilla.org
callahad is traveling for the next week, so don't worry if he hasn't
gotten back to you yet.
I'm not sure exactly, sorry I'm not much help.
thanks,
ozten
>
> Cheers,
>
> Dirkjan
> _______________________________________________
> dev-identity mailing list
> dev-id...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-identity
Dirkjan Ochtman
Nov 10, 2013, 4:35:17 AM11/10/13
to Austin King, Dan Callahan, dev-id...@lists.mozilla.org
On Sun, Nov 10, 2013 at 2:49 AM, Austin King <oz...@mozilla.com> wrote:
> callahad is traveling for the next week, so don't worry if he hasn't gotten
> back to you yet.
That's useful information, thanks! I'll just have to get started without him...
> callahad is traveling for the next week, so don't worry if he hasn't gotten
> back to you yet.
Cheers,
Dirkjan
Gervase Markham
Nov 11, 2013, 9:04:19 AM11/11/13
to Dan Callahan
On 07/11/13 16:33, Dan Callahan wrote:
> proposal, as well as getting rid of some under-used and problematic
> features like displaying links to your site's Terms of Service and
> Privacy Policy into the dialog.
I've seen those features used; remind us all why they are problematic?
> proposal, as well as getting rid of some under-used and problematic
> features like displaying links to your site's Terms of Service and
> Privacy Policy into the dialog.
> The best tool we have for accelerating Persona's growth is Firefox
> itself. As you've seen elsewhere on this mailing list, much of the
> Identity team is already working on "Firefox Accounts," a unified
> account system for Firefox Sync, Firefox OS, etc. Our intention is to
> use Persona within Firefox Accounts, and to use Firefox Accounts for
> core services like the next generation of Firefox Sync.
called a "Firefox Account", how will people know they can use that
password with the "Log in with your email" buttons on certain websites?
Gerv
Dan Callahan
Nov 11, 2013, 9:39:29 AM11/11/13
to dev-id...@lists.mozilla.org
On 11/11/13 8:04 AM, Gervase Markham wrote:
> On 07/11/13 16:33, Dan Callahan wrote:
>> proposal, as well as getting rid of some under-used and problematic
>> features like displaying links to your site's Terms of Service and
>> Privacy Policy into the dialog.
>
> I've seen those features used; remind us all why they are problematic?
There have been countless problems, especially with the TrustedUI
> On 07/11/13 16:33, Dan Callahan wrote:
>> proposal, as well as getting rid of some under-used and problematic
>> features like displaying links to your site's Terms of Service and
>> Privacy Policy into the dialog.
>
> I've seen those features used; remind us all why they are problematic?
implementation in Firefox OS. On balance, many of signin's paid
contributors believe that the marginal benefit of having those links in
the dialog doesn't outweigh the marginal cost in code complexity and
fragility.
They're also unnecessary in the two-step sign-up pattern we're seeing on
most successful Persona-enabled sites, whereby a user supplies an
assertion and is then shown a form on the website itself to confirm
account creation.
(And just to be explicit about things: We'll be sure to have this
discussion and a reasonable deprecation period before committing to
removing those features.)
>> The best tool we have for accelerating Persona's growth is Firefox
>> itself. As you've seen elsewhere on this mailing list, much of the
>> Identity team is already working on "Firefox Accounts," a unified
>> account system for Firefox Sync, Firefox OS, etc. Our intention is to
>> use Persona within Firefox Accounts, and to use Firefox Accounts for
>> core services like the next generation of Firefox Sync.
>
> How are we dealing with the branding elephant in the room? If it's
> called a "Firefox Account", how will people know they can use that
> password with the "Log in with your email" buttons on certain websites?
quite sure exactly what the FxA / Persona integration will look like.
There are many possibilities, which include at least:
- FxA being an independent Identity Provider
- FxA being a peer to the Persona fallback
- FxA being a normal RP (potentially contextual)
- FxA using Persona for email verification after normal login
The exact form of the integration is yet to be determined, and that
decision ultimately rests with the FxA team. I can't speak for that
team, but I believe that their current focus is on building out and
proofing core infrastructure under the simplifying assumption of email +
password, with Persona to be added in a second milestone.
Cheers,
-Callahad
Chris Karlof
Nov 11, 2013, 2:18:11 PM11/11/13
to Dan Callahan, dev-id...@lists.mozilla.org
On Nov 11, 2013, at 6:39 AM, Dan Callahan <dcal...@mozilla.com> wrote:
>>
>> How are we dealing with the branding elephant in the room? If it's
>> called a "Firefox Account", how will people know they can use that
>> password with the "Log in with your email" buttons on certain websites?
>
> I think that's a future-elephant. The current elephant is that we're not quite sure exactly what the FxA / Persona integration will look like. There are many possibilities, which include at least:
>
> - FxA being an independent Identity Provider
> - FxA being a peer to the Persona fallback
> - FxA being a normal RP (potentially contextual)
> - FxA using Persona for email verification after normal login
>
> The exact form of the integration is yet to be determined, and that decision ultimately rests with the FxA team. I can't speak for that team, but I believe that their current focus is on building out and proofing core infrastructure under the simplifying assumption of email + password, with Persona to be added in a second milestone.
Thanks, Dan. This is an accurate summary of where we're at.
>
> - FxA being an independent Identity Provider
> - FxA being a peer to the Persona fallback
> - FxA being a normal RP (potentially contextual)
> - FxA using Persona for email verification after normal login
>
> The exact form of the integration is yet to be determined, and that decision ultimately rests with the FxA team. I can't speak for that team, but I believe that their current focus is on building out and proofing core infrastructure under the simplifying assumption of email + password, with Persona to be added in a second milestone.
-chris
0 new messages