Ah, but if only people switched to Persona.

If only people looked into it more than 5 minutes and realized that Persona is still maintained and is by far the best way to do authentication on the web. Really, the most correct protocol out there.

But then of course, if only Mozilla had a marketing team worth a damn and didn't make it look like they gave up on the whole thing in the first place, we wouldn't have this situation.

I get sad trying to promote it. I get the feeling that whoever is in charge of decisions around Persona has no idea how important a project like it is for the web. Everybody is tying a core and extremely security-sensitive part of their websites, authentication, to other websites in a non-decentralized way. And every time there's a damn post about "Facebook auth is down!", "Twitter auth is down!"... how long is it going to be until those are down for good and people just can't log in anymore?

Blergh. Sad.

I agree with you. I looked into Persona to implement an SSO for our products (provider and client). I've never been able to understand OAuth in the context of an authentication mechanism so I left it.

However, Persona has very poor library support, especially for providers. The support channels are also very small, so you're not likely to find other people fixing the same issues.

I ended up just hacking an OpenID provider libary to get the result I wanted. It's a real shame because Persona seemed to be designed for circumstances very similar to what I wanted to do.

If you want to talk more about persona and try to promote it (brand new mailing list):

persona.advocacy atsign librelist dot com send an email to subscribe, the first email will be

I don't see this going anywhere unless you either have Mozilla's endorsement or a userbase to work with already.

This worries me:

http://techcrunch.com/2014/03/08/mozilla-stops-developing-it...

but ok, let's take a hard look at it and see if we can pool people into it. I've created a mailing list to get things started:

persona.advocacy atsign librelist dot com send an email to subscribe, the first email will be discarded.

Well, you have convinced 1 person to look into it. Whats the best article, blogpost to read.

Unfortunately, like scott said above, persona has very poor overall support. The best resources are the official ones:

https://developer.mozilla.org/en-US/Persona

I strongly believe in the protocol, but I have stopped believing in Mozilla to actually do something with it. They have absolute technical gold (yes, it has a couple of issues, they are minor overall) and they just aren't doing anything with it.

I still encourage people to actually implement it because, unlike with centralized protocols, we don't actually need Mozilla for it to work (persona servers are open source and the whole protocol is decentralized). But I have very little faith in ever getting the critical mass necessary for a majority of devs to adopt it without Mozilla promoting it more. (And they were so close, too, with their gmail gateway...)

Seams like a cool system. What do you think about the new Fido standards, U2F and UAF. They solve the same problem but without a third party.