Where for do we need Persona?

[treaki]

Hi,

ive read an articel over persona in the german computer magazine c't.
But i dont understand what is new with persona...

Where for do we need persona?

I cant see any sense in persona because:

there is still a possibility do do such things called open id:
https://secure.wikimedia.org/wikipedia/en/wiki/Open_id

open id has many advantages in opposite to persona:

- a still working system that is used by many websites
- it dosnt binds you to one provider as Persona
- it is an open standart
- there is nothing that you cant do with openID that is provided by Persona?

so please tell me and the world what for do we need it!!

greetings

--
|_|0|_|
|_|_|0|
|0|0|0|

http://treaki.tk/
http://treaki.ath.cx/

--
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.

Send again after subscribing the mailinglist...


|_|0|_|
|_|_|0|
|0|0|0|

http://treaki.tk/
http://treaki.ath.cx/

[Mike G]

Its based on a verified email.
No stupid url to remember.

> _______________________________________________
> dev-identity mailing list
> dev-id...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-identity
>

[treaki]

Yes, but a url is needed if you has more then one provider. If there is just Mozilla you of cause dont need to specify it. But that is a big disadvantage ...





Mike G <mike...@gmail.com> schrieb:

[treaki]

No one? How can you speak for everyone in the world?

There are plugins to help you.

https://addons.mozilla.org/de/firefox/addon/openid-for-firefox/?src=search

You can also copy your openid to a text file on an usb storage device or sth like





Mike G <mike...@gmail.com> schrieb:

>No huge advantage. NO ONE REMEMBERED their url.

[Daniel Mills]

Hi treaki,

In Persona, your email provider is your identity provider. The email verification that Mozilla does right now is only done when the email provider doesn't have Persona support, as a fallback. Sites do not need to change when an email provider adds Persona support.

Another difference is that Persona uses client-side crypto to limit disclosure of information. In particular, your email provider does not get to see where you are signing into (even when it has Persona support and is acting as your identity provider).

Lastly, the Persona protocol is designed so that browsers can support it natively, and implement their own identity chooser. In that case, the "Persona pop-up" can be replaced by the browser, with no changes to any sites.

Dan

[Mike G]

If my ex wouldn't have used it, it's a failure. Persona is the future.

On Nov 6, 2012 9:45 AM, "treaki" <tre...@googlemail.com> wrote:

> No one? How can you speak for everyone in the world?
>
> There are plugins to help you.
>
> https://addons.mozilla.org/de/firefox/addon/openid-for-firefox/?src=search
>
> You can also copy your openid to a text file on an usb storage device or
> sth like
>
>
>
>
>
> Mike G <mike...@gmail.com> schrieb:
>
> >No huge advantage. NO ONE REMEMBERED their url.

[Will Bamberg]

Hi treaki

Check out:
https://developer.mozilla.org/en-US/docs/Persona/FAQ#How_does_Persona_compare_to_OpenID.3F
for a comparison with OpenID.

Also:

> it dosnt binds you to one provider as Persona

Persona doesn't bind you to one provider. Anyone who owns a domain can
become a Persona identity provider:
https://developer.mozilla.org/en-US/docs/Persona/Identity_Provider_Overview.


Cheers

Will

[treaki]

Thanks for the information. Is it also possible to add/use another persona master server if the browser and the mail provider dosnt support it?



Daniel Mills <thu...@mozilla.com> schrieb:

>Hi treaki,
>
>In Persona, your email provider is your identity provider. The email
>verification that Mozilla does right now is only done when the email
>provider doesn't have Persona support, as a fallback. Sites do not need
>to change when an email provider adds Persona support.
>
>Another difference is that Persona uses client-side crypto to limit
>disclosure of information. In particular, your email provider does not
>get to see where you are signing into (even when it has Persona support
>and is acting as your identity provider).
>
>Lastly, the Persona protocol is designed so that browsers can support
>it natively, and implement their own identity chooser. In that case,
>the "Persona pop-up" can be replaced by the browser, with no changes to
>any sites.
>
>Dan
>

[Daniel Mills]

You mean, having a different fallback identity provider? What we're telling websites to do is:

1) trust example.com to tell you if the user is us...@example.com
2) otherwise, trust that Mozilla sent an email to us...@example.com and the user verified it

(1) happens when example.com is an identity provider. (2) is the fallback. So--you can re-create all the pieces somewhere else, sure, but websites won't trust that fallback, so you won't be able to log in. Think about it: obviously you can't set up a server that allows you to sign into existing sites as any email you like :-)

But the path for decentralization is clear: first, domains can certify their own users by implementing the Persona IdP protocol. Second, browsers can implement their own chooser by implementing the Persona client API.

Dan

[Dan Callahan]

On 11/6/12 11:53 AM, treaki wrote:
> Thanks for the information. Is it also possible to add/use another persona master server if the browser and the mail provider dosnt support it?

Nothing in the protocol forbids it, but the idea of multiple fallbacks
is strongly discouraged: to be usable, every site has to trust every
fallback. If the number of fallbacks creeps above 1, then we get into
the quagmire of CAs and trusted authorities and it's just a huge mess.

Moreover, users would potentially need N accounts to support all N
fallbacks, since the fallback is determined by the site you're logging
into. Ick.

This whole architecture is designed to solve the bootstrapping problem
with new decentralized systems: thanks to our fallback, Persona will
work, right now, with any email address. As domains add native support
for Persona, then the centralized bits transparently and automatically
fall away, completely removing Mozilla and its fallback from the
interaction.

Thus, we're hoping to convince as many email providers as possible to
support Pesona natively once it leaves beta. You can help by building
things with Persona, enabling your own domain, and telling other sites
and developers about Persona.

(And you can help us build the right thing by staying on this list and
poking us if something isn't clear or if we ever seem to be going the
wrong way. Thank you for sending in this email!)

-Callahad

[treaki]

Another thing is that Mozilla don't recommend to include the include.js by my self. But by including a JavaScript file from another site Mozilla could possibly do everything with my website visitors. It is not a good idea to include an open decentralized software from one specific server.

Also i hate JavaScript and it sould be possible to use your authentication system without it like open id doses

Greetings







Daniel Mills <thu...@mozilla.com> schrieb:

>You mean, having a different fallback identity provider? What we're
>telling websites to do is:
>
>1) trust example.com to tell you if the user is us...@example.com
>2) otherwise, trust that Mozilla sent an email to us...@example.com and
>the user verified it
>
>(1) happens when example.com is an identity provider. (2) is the
>fallback. So--you can re-create all the pieces somewhere else, sure,
>but websites won't trust that fallback, so you won't be able to log in.
>Think about it: obviously you can't set up a server that allows you to
>sign into existing sites as any email you like :-)
>
>But the path for decentralization is clear: first, domains can certify
>their own users by implementing the Persona IdP protocol. Second,
>browsers can implement their own chooser by implementing the Persona
>client API.
>

>Dan
>
>
>On Nov 6, 2012, at 9:53 AM, treaki <tre...@googlemail.com> wrote:
>
>> Thanks for the information. Is it also possible to add/use another
>persona master server if the browser and the mail provider dosnt
>support it?
>>
>>
>>

[Mike G]

Recent past messages have touched on that.

[Dan Callahan]

On 11/6/12 12:15 PM, treaki wrote:
> Another thing is that Mozilla don't recommend to include the include.js by my self. But by including a JavaScript file from another site Mozilla could possibly do everything with my website visitors. It is not a good idea to include an open decentralized software from one specific server.

The ability to self-host the include.js file is a a pre-requisite before
Persona leaves Beta. We're working on it. But for now, the data formats
are still in flux, and strongly suggesting that people link to us gives
us a lot of flexibility as we work on updating that side of the system.

But also note that next year, both Firefox and FirefoxOS will ship with
native support for the navigator.id APIs. Once that happens, you won't
need the shim at all if you're a Firefox user.

> Also i hate JavaScript and it sould be possible to use your authentication system without it like open id doses

Would you mind elaborating on why you dislike JavaScript? Persona is
using JS to enhance your privacy -- it lets us do all of the public key
cryptography computations on your local machine, instead of needing to
reveal your secret key to a third party.

Nevertheless, Persona may not be for you, yet. And that's okay: it's
still a very young system. We're actively working on finding a way to
make Persona work without JavaScript and to let you self-host the
include.js file. We're just not done, yet.

Cheers,
-Callahad