Mozilla Mozilla (stylized as moz://a) is a free software community founded in 1998 by members of Netscape. The Mozilla community uses, develops, spreads and supports Mozilla products, thereby promoting exclusively free software and open standards, w ...

Persona was a decentralized

authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicat ...

system for the web, based on the open BrowserID protocol prototyped by

and standardized by

IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and ...

. It was launched in July 2011, but after failing to achieve traction, Mozilla announced in January 2016 plans to decommission the service by the end of the year.

History and motivations

Persona was launched in July 2011 and shared some of its goals with some similar authentication systems like

OpenID OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by co-operating sites (known as relying parties, or RP) using a third-party identity provid ...

Facebook Connect The Facebook Platform is the set of services, tools, and products provided by the social networking service Facebook for third-party developers to create their own applications and services that access data in Facebook. The current Faceboo ...

, but it was different in several ways: # It used email addresses as identifiers # It was more focused on privacy # It was intended to be fully integrated in the browser (relying heavily on Javascript). The privacy goal was motivated by the fact that the identity provider does not know which website the user is identifying on. It was first released in July 2011 and fully deployed by

on its own websites in January 2012. In March 2014, Mozilla indicated it was dropping full-time developers from Persona and moving the project to community ownership. Mozilla indicated, however, that it had no plans to decommission Persona and would maintain some level of involvement such as in maintenance and reviewing

pull request In software development, distributed version control (also known as distributed revision control) is a form of version control in which the complete codebase, including its full history, is mirrored on every developer's computer. Compared to centr ...

s. Persona services are shut down since November 30, 2016.

Principles and implementation

Persona was inspired by the ''VerifiedEmailProtocol'' which is now known as the ''BrowserID'' protocol. It uses any user

email address An email address identifies an email box to which messages are delivered. While early messaging systems used a variety of formats for addressing, today, email addresses follow a set of specific rules originally standardized by the Internet Enginee ...

to identify its owner. This protocol involves the browser, an identity provider, and any compliant website.

The browser, the provider and the website

The browser stores a list of user verified email addresses (certificates issued by the identity providers), and demonstrates the user's ownership of the addresses to the website using

cryptographic Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...

proof. The certificates must be renewed every 24 hours by logging into the identity provider (which will usually mean entering the email and a password in a Web form on the identity provider's site). Once done, they will be usable for authenticating to web sites with the same browser for the rest of the day, without entering passwords again (

single sign-on Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems. True single sign-on allows the user to log in once and access services without re-enterin ...

). The decentralization aspects of the protocol reside in the theoretical support of any identity provider service, while in practice it seems to rely mainly on Mozilla's servers currently (which may in turn delegate email address verification, see identity bridging below). However, even if the protocol heavily relies on a central identity provider, this central actor only knows when browsers renew certificates, and cannot in principle monitor where the certificates will be used.

Identity bridging

Mozilla announced "identity bridging" support for Persona in July, 2013. As they describe on their blog:

"Traditionally ... Mozilla would send you an email and ask you to click on the confirmation link it contained. With Identity Bridging, Persona learned a new trick; instead of sending confirmation emails, Persona can ask you to verify your identity via your email provider’s existing
OpenID OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by co-operating sites (known as relying parties, or RP) using a third-party identity provid ...
or
OAuth OAuth (short for "Open Authorization") is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords. Th ...
gateway."

This announcement included support for existing users of the Yahoo Mail service. In August 2013, Mozilla announced support for Identity Bridging with all Gmail accounts. They wrote in this additional announcement that "combined with our Identity Bridge for Yahoo, Persona now natively supports more than 700,000,000 active email users. That covers roughly 60–80% of people on most North American websites."

Deployment

Persona relies heavily on the JavaScript client-side program running in the user's browser, making it widely usable. Support of authentication to Web applications via Persona can be implemented by CMSs such as

Drupal Drupal () is a free and open-source web content management system (CMS) written in PHP and distributed under the GNU General Public License. Drupal provides an open-source back-end framework for at least 14% of the top 10,000 websites worldwid ...

Serendipity Serendipity is an unplanned fortunate discovery. Serendipity is a common occurrence throughout the history of product invention and scientific discovery. Etymology The first noted use of "serendipity" was by Horace Walpole on 28 January 1754. ...

WordPress WordPress (WP or WordPress.org) is a free and open-source software, free and open-source content management system (CMS) written in PHP, hypertext preprocessor language and paired with a MySQL or MariaDB database with supported secure hypert ...

Tiki In Māori mythology, Tiki is the first man created by either Tūmatauenga or Tāne. He found the first woman, Marikoriko, in a pond; she seduced him and he became the father of Hine-kau-ataata. By extension, a tiki is a large or small wooden ...

Mozilla Persona
/ref> or

SPIP SPIP (''Système de Publication pour l'Internet'') is a free software content management system designed for web site publishing, oriented towards online collaborative editing. The software is designed for easy setup, use and maintenance, and is ...

. There is also support for Persona in the

Phonegap Apache Cordova (formerly PhoneGap) is a mobile application development framework created by Nitobi. Adobe Systems purchased Nitobi in 2011, rebranded it as PhoneGap, and later released an open-source version of the software called Apache Cordova ...

platform (used for compiling HTML5 apps into mobile apps).

provides its own Persona server at persona.org. It is also possible to set up your own Persona identity provider, providing

federated identity A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems. Federated identity is related to single sign-on (SSO), in which a ...

. Notable sites implementing Persona include Ting, ''

The Times ''The Times'' is a British daily national newspaper based in London. It began in 1785 under the title ''The Daily Universal Register'', adopting its current name on 1 January 1788. ''The Times'' and its sister paper '' The Sunday Times'' ...

'' Crossword, an
Voost

References