I clicked on this article thinking it was about Telecommunications Devices for the Deaf, wondering what the alternatives are now that installed payphones with TDD consoles are not to be seen anywhere. I must look into the smart- and feature-phone alternatives.
I'm dubious about the meaningfulness of broad terms like "Christian", "Muslim", etc., because of their coarse granularity. I'm not religious, but from what I observe, I don't think the "Christian" crowd of Catholics, Protestants, Mormons, and Unitarian Universalists would say they believe the Same Thing. I'm guessing that if you asked a C of E whether they were of the same religion as Jehovah's Witnesses, they'd probably look at you funny. Ditto for Shia and Sunni. Such distinctions have great social relevance everywhere. Consider Latin Americans: Catholic vs Evangelical (and that in itself is already a ludicrous simplification) has massive post-colonial, political, and social ramifications; to lump them all as "Christians" is to throw away so much information. It would also be interesting to see a break-down that included people who culturally identify with a "faith" but who are non-practicing (like so many of my Jewish friends).
Persona uses third-party cookies, so this is expected with this add-on. If you whitelist persona.org (e.g., just visit persona.org and set self-destruct to "never"), then Persona works fine.
Mozilla Identity dev here. The reason for that was due to a large degree to time and priorities. We were close to shipping Persona preffed off in Firefox over 18 months ago. Then FirefoxOS came along and our focus was changed to implementing Persona as the sign-in system on the device (which we did; it's natively supported there). FirefoxOS has been a massive effort on behalf of the whole company, and it has diverted crucial resources from the Persona effort on desktop. Then we shifted our focus again to Firefox Accounts and revising Sync. A native implementation of Firefox Accounts should be landing in FirefoxOS 1.4. As a result, we have native BrowserID support (both Persona and Firefox Accounts use this protocol) in FirefoxOS and as a backbone in desktop Firefox. There is a lot of persona in Firefox right now, but sadly you can't see it. Despite these massive efforts, we still have not been able to land the last patches to surface this in the UI on desktop.
And you're right, it appears to send the message that Mozilla did not see enough importance in federated, user-controlled identity on the web to make sure it landed in the desktop browser. But Mozilla, like all organizations, has to balance its priorities. There's a lot going on, and the decision was made that other projects would take priority. I hope the decision is revised in the future.
If it looked half-hearted, I can assure you it was not from lack of effort or dedication from the team. We believe in Persona and poured our hearts into it.
Thanks for the info. I don't think anyone's accusing the Persona team of being half-hearted. Execution was great! But I will accuse Mozilla leadership of being tragically poor. It's nice to think about "sustainability" in a post-web world, but sustainability for Mozilla must start with Firefox. Mozilla is Firefox. And Mozilla has the billions to make it rock. So when resources are diverted away while there's still work to do, you should see red flags and look for better focus right away. When Apple was the iPod, we made damn sure it was the best possible iPod before anything else.
I'm not sure 1B is very little - it's thousands of programmer-years. It is weird to characterize 1B over 3 years as "billions" unless there are substantial funds coming from other sources.
That's the vast majority of Mozilla's income, you can check the publicly-available financials. It's small potatoes compared to the companies Mozilla competes against: Google, Apple, Microsoft.
Disclosure: the Identity team at Mozilla work for me.
tldr; we couldn't get it to work.
Let's get something straight first. I'm not a fan of excuses. Persona failed to achieve its goals, and I'd rather we own up to what it was good at, and what it failed at, learn from it, and keep fighting for better authentication on the internet because that's what matters. We play to win at Mozilla based on the principle that to have influence in a market, you need adoption. We're willing to play the long game when we have some line-of-sight to success, in other words, but it was clear that even if we had a team of 100 on Persona we were not going to see adoption.
Persona was never close to being shippable on desktop. It's true that we spent effort trying to make Persona work for Firefox OS, and that effort did not result in a fantastic on-device experience. Sign-in to web? Yes. Sign-in to device? Not so much. Federated login is really hard, unsurprisingly, for UX reasons as much or more than raw technology reasons. This is difficult stuff, and changing user expectations about how an "account" works is very, very difficult.
As the AAR linked to in this post iterates, there were a lot of factors involved in why Persona never took off, but most important was the 3-way cold-start due to needing large numbers of users, supporting IdPs (email providers), and many RPs (websites) before the system as a whole could get to critical mass. There was simply no evidence at all that adding a native implementation would have pushed any of the large IdPs (i.e. email providers) to support the system. In fact, the opposite is true; when we decided to start offering more Firefox services ourselves we effectively had the kinds of authentication/authorization challenges any large IdP would have and we found Persona unfit for our needs. (entropy generation as one example, covered in the FAQ)
We could have kept adding complexity to Persona to support Firefox/Mozilla specific use cases, but I believe we made the right call and let Persona focus on its core value prop - sign-in to the web with a verified email. We spent time and money to stabilize and fix inconsistencies in the API, and signed up to continue running the core secondary service for the Internet. We've invested heavily, and continue to invest in pushing identity on the web forward.
One last comment: It's important to note here that we did choose the underlying BrowserID protocol for use with Firefox accounts, incurring significant engineering cost (supporting your own authentication stack is not free), so that if we're successful in becoming a large IdP, we get a chance to fight this federation fight again without being in an adoption stalemate next time. Will that future system be exactly Persona? Almost certainly not -- we have to be willing to iterate the design and protocols until we've got something that works -- but we do believe that BrowserID/VEP is the right technology to be building from, and that we should let Persona continue to fulfill its current sweet spot for sign-in to the web for sites that love the way Persona works.
Over at FastMail we seriously looked into implementing Persona across the board. We're one of the bigger "small" email providers and we figured that it would be a good thing to get in on the ground floor if it succeeded, and have a(nother) feature to differentiate us from our competition, and to be able to give feedback on the system from the iDp perspective.
The hard requirement for HTTPS or DNSSEC is what raised the bar too high for us in the end (see https://github.com/mozilla/persona/issues/1523 for more info). Basically, the domain owner needs to securely delegate to the identity provider. Since we provide DNS and basic web hosting for most user domains, that means we have to provide HTTPS certificates for every domain we manage (and at least one IP per domain) or be able to serve proper DNSSEC records for every domain we manage (difficult when many registries we use still don't support it).
DNSSEC is something we're working towards, and I'd really like to have full support available this year. HTTPS without needing one IP per domain and multiple certificates is still not yet feasible, though there are specs gradually coming down the pipeline for it (DANE, DNA, POSH, etc). Without all this tech in place, Persona seems to be a non-starter for a IdP that wants to manage lots of domains.
I don't blame the Persona guys for this. I know they tried and they got a lot of it right, and should be applauded for that. Maybe the next round of federated authentication will work. I have no idea, but I know we'd still like to be involved, and we'll be watching the space with interest.
Did the FirefoxOS Persona stack move away from having an iframe point at a remote location at some point? I mean, the API was still in flux, as far as I know (last thing I heard was lloyd's blog post in January; it seems to be mostly FxA since). If the core transport can't get narrowed down, people can't actually federate with it.
