lecture: Persona: a federated and privacy-protecting login system for the whole Web


Websites that need to identify their users commonly use one of two methods: a username & password scheme that's hard to secure and creates a lot of pain for users, or a centralized proprietary service on which many of their users already have accounts.

There must a better way. A cross-browser solution for authenticating users which feels like the Web and preserves the decentralized architecture necessary for an open network. We present Mozilla Persona.

Passwords are a big problem online and a lot of websites have turned to centralized services to handle logins for them. It's a disturbing trend from a privacy/surveillance point of view, but from a software freedom point of view, it's also turning these proprietary services into core dependencies and expanding the walled gardens.

That's why Mozilla is building Persona, a new federated and cross-browser system which makes identity a standard part of the browser. It's simple, privacy-sensitive and entirely Open Source.

This talk will explore the challenges of the existing Web identity solutions and introduce the choices that were made during the development of Persona.

It will cover:

- a quick overview of current identity systems on the Web
- a discussion of the complexities and privacy-related concerns that existing identity solutions have
- how crypto is used to provide both authentication and privacy, even from your identity provider
- the Persona federation approach: fully distributed with fallbacks
- the importance of building a cross-browser system that works on all your devices
- demos and actual code from sites that have implemented Persona
- the basics of the Persona API so that attendees can go out and support this technology on their own sites

Identity is a very significant piece of Internet infrastructure and so it's critical that the solution that gets widely adopted be free-as-in-freedom, decentralized and ruthlessly focused on making it easy for developers and end-users.