April 2013
2 posts
New Persona Beta: Millions of Users Ready to Log...
Persona, Mozilla’s easy and safe way to log into your favorite websites, using any modern browser, is now in Beta 2. The goal of Persona is simple: we want to eliminate passwords on the Web. This release, packed with performance improvements and new features, brings us another big step closer to that goal. In particular, we’ve made it easy for users with existing Web accounts to log in without...
Persona on Firefox OS phones
You’ve probably heard about Firefox OS, Mozilla’s major effort to create a free mobile phone ecosystem using HTML5 as the one platform you need to develop rich mobile apps. You can expect Firefox OS phones in stores in South America later this year.
What you may not yet know is that we built Persona into Firefox OS. When invoked on Firefox OS, Persona presents a natively-optimized,...
March 2013
3 posts
Persona is distributed. Today.
With Persona, you can log into web sites using the email address of your choice. The first time you use an email, our servers send you a confirmation link. By following that link, you confirm your identity to Persona, which then vouches for your ownership of that email address.
Of course, in the long term, Persona is meant to be distributed: alice@example.com should be verified and certified by...
we're changing our privacy policy
“We’re changing our privacy policy…” Does that sentence fill you with dread? Most of the time, unfortunately, it should. Too many web services change privacy policy to increase collection and use of your data. It’s often hard to keep up with these changes.
In this case, you can rest easy. We’re making the Mozilla Persona privacy policy better for users. We...
Users don't like social login
We were very happy to see the revamped “Log In with Google Plus” product from our friends across town: big improvements in user experience, great mobile integration, and clearer privacy controls. Still, we think Identity on the Web can be better: easier for developers, true choice and control for users.
In particular, we think login should be personal and minimal first, social later....
February 2013
1 post
Persona plays well with Firefox's third-party...
Firefox is experimenting with a new third-party cookie policy. Alex Fowler, Mozilla’s Lead on Privacy and Public Policy, puts it this way:
On Friday, Mozilla released a Firefox patch into its “Nightly” channel that changes how cookies from third party companies function. Users of this build of Firefox must directly interact with a site or company for a cookie to be installed on their...
December 2012
1 post
A Node.js Holiday Season
JavaScript is at the very heart of Persona: even its server-side components are written in JavaScript, thanks to Node.js.
The Persona team is currently writing a series of fortnightly blog posts on our experience with Node.js, and the first four articles are already available:
Tracking Down Memory Leaks in Node.js
Fully Loaded Node
Using Secure Client-Side Sessions to Build Simple and Scalable...
September 2012
3 posts
Announcing the First Beta Release of Persona
For the past year Mozilla has been working on an experimental login system that completely eliminates passwords on websites while being safe, secure, and easy to use. Today we’re casting off the “experimental” label and announcing the first “beta” release of Persona.
Persona is ready to use for authentication: it works in all major smartphone, tablet, and desktop browsers, the user experience...
Committing to a Stable API for Persona
Later this month, we will be announcing the first “beta” release of Persona. Part of that announcement will include committing to long-term support for our APIs, so that developers can more confidently rely on Persona in their sites and applications. This post will serve to outline the deprecation strategy that Persona will adopt for its beta releases.
How is deprecation handled?
Before...
Application and Platform Integration of Persona
We are happy to see Persona gaining traction in the developer community, with dozens of sites and services integrating Persona to simplify and speed up the login process while simultaneously eliminating site-specific passwords for users. Some recent Persona adopters include:
LoginRadius, an embeddable authentication widget, permits quick integration of Persona and other authentication systems...
August 2012
1 post
A new API for Persona
After gathering feedback from our users and our User Experience team, we’re excited to announce that we’ve implemented several important new features in Persona. These features include showing your website’s name and logo in the login dialog, a streamlined experience for first-time Persona users, and greater security thanks to global logout from any device.
In order to make these features a...
July 2012
4 posts
Improvements to the First Time Sign-up Flow
The Persona team has always been interested in optimizing the user experience for developers and users alike. Some time ago we identified one area where we could improve: the first-time sign-up flow. We’ve been hard at work making this process as smooth as possible, read on to find out how!
The Challenge
The Persona sign-up flow is designed to leverage the user’s existing accounts and...
New Feature: Adding Your Website's Name and Logo...
One of the features we’ve added to Persona’s new Observer API is the ability for websites that use Persona (“Relying Parties”) to add their name and logo to the login screen. To do this, just add a siteName and/or siteLogo property to your navigator.id.request() call.
The default login screen only shows the website’s domain name, as illustrated below:
By adding siteName, you can put additional...
Mozilla Persona rebranding is live
You may have noticed that, as of tonight, https://browserid.org redirects to https://login.persona.org. The main site and login dialog have been re-branded, as we announced a few months ago, to Mozilla Persona. This is one big step in preparation for our Beta Launch in mid-August. If you used BrowserID before today, you will automatically inherit the new look-and-feel, and everything will continue...
Security fix in Persona Verifier and new mailing...
Last Monday, we identified a security hole in the implementation of our Verifier. We deployed a fix in 6 hours. The full details of the issue are available on the wiki. If you’re running a site against our Verifier, you are safe.
We did our best to identify whether this issue affects other verifiers. To the best of our knowledge, there are no other implementations affected. If you happen...
June 2012
1 post
Deprecating requiredEmail
At the end of last year we introduced an experimental feature called requiredEmail which let websites ask a user to log in with a specific email address, rather than prompting users to select any address. Unfortunately, the use cases we had envisioned never materialized, and requiredEmail failed to find traction with our early adopters.
Since requiredEmail only acted as a shortcut through our UI,...
May 2012
1 post
Streamlining Login with Privacy Policy and Terms...
A new feature landed in Persona last month that promises to make the sign-in process even smoother by asking users to consent to site-specific Terms of Service and Privacy Policies as a native part of the login flow. This means that sites using Persona can easily present their own terms of service and privacy policy to users in an obvious, seamless, and uniform location. Moving user consent into...
February 2012
3 posts
Introducing Mozilla Persona
This past year we’ve been building the core of a Web-scale identity system. We’ve been calling it BrowserID: our name both for the technology1 and the Mozilla service that implements the technology. Today we’d like to introduce Mozilla Persona, our new name for the complete Identity offering from Mozilla: a collection of components and experiences we’re designing to manage the whole of a user’s...
1 tag
BrowserID now available in 28 languages
We’re proud to announce that with the latest update to BrowserID the sign-in flow is available in 28 languages, in addition to English.
Like many of our previous updates, users and sites automatically benefit from the added feature without having to change anything. Users will see BrowserID in their preferred language, based on their browser’s settings.
Here’s what BrowserID...
ID provider support now live on BrowserID
Last week we pushed out a BrowserID feature that gets us closer to the decentralized identity system we envision for the Web. But more than that, it enables a truly awesome user experience—registration flows go from 8 screens to one simple sign-in. Seriously!
See for yourself:
Chicken or egg
Some context: Building a distributed system is a chicken and egg problem
- you have to...
January 2012
3 posts
3 tags
BrowserID Represents @NodeSummit
If you’re a regular reader of this blog or a developer working with Browser ID, no doubt you already know that it’s fundamentally a node.js project built on a Node.js platform. Not surprising then that we’ll be at Node Summit, a 2-day event that begins tomorrow at San Francisco’s Mission Bay Conference Center.
Node.js pioneer Mark Mayo is now a principal engineer in...
Open Source Rookie of the Year
Even in the Open Source world, tooting one’s own horn is a reason to blog, right? Along with educating, announcing new features, raising awareness, inviting adoption and participation, and asking for feedback.
This post is one of those shameless brag moments. We wanted to to quack proudly about the fact that the 4th annual Black Duck Software Rookies of the Year program has recognized...
BrowserID deployments at Mozilla
Mozillians enjoy their holidays by… deploying awesome code. In the last few weeks, a number of Mozilla properties have deployed BrowserID:
Mozilla Apps Developer Preview
Firefox Affiliates
Mozillians
Mozilla Add-On Builder
Mozilla Developer Network (MDN)
We’re deploying BrowserID internally because the best way to ensure that we build it right is if we’re using it in...
December 2011
1 post
BrowserID this week: better, faster, more secure.
Today, we released an important set of new features for BrowserID. These features make BrowserID more useful, faster, and more secure. We look forward to your feedback, as always on the mailing list or on Twitter using the #browserid hashtag.
Features
BrowserID now lets you stay signed in to web sites of your choosing. This will work only with web sites that want to allow persistent sign-in,...
November 2011
3 posts
another introduction to BrowserID for WebFWD
A few days ago, we chatted with the WebFWD teams about BrowserID. WebFWD is Mozilla’s initiative to fund and support creative teams that build on the Open Web. The WebFWD blog summarizes the chat, and includes the screencast of our presentation:
Download Video:
MP4,
WebM,
Ogg HTML5 Video Player by VideoJS
Deploying BrowserID at Mozilla
Over the next few months, we’ll be deploying BrowserID on Mozilla web sites. When we do, we’ll point users to this blog post to explain what BrowserID is and why we think this is good for users. If you still have questions, remember you can easily join our mailing list or just Tweet with the hashtag #browserid.
What is BrowserID?
BrowserID is a very easy way to log into web sites by...
BrowserID now remembers the email you last used on...
Every Thursday, we deploy a new version of BrowserID to all users transparently. The user experience continues to improve, browser support is expanding, and new features are added. As of this week, BrowserID remembers the email address you last used on a given web site. If you used your home email address on a shopping site, that address will be selected by default the next time you log into that...
October 2011
3 posts
Note to Implementers: we changed the Verifier API
We usually leave the coding details of BrowserID to the mailing list. However, we deployed a change last Thursday that unfortunately broke a few sites that use BrowserID, so we want to help fix this issue ASAP.
First, we’re sorry. We thought the API change was safe given our logs, but we didn’t look carefully enough. We’ll be working on a better process for...
New BrowserID User Experience
Yesterday, in our weekly BrowserID release, we included a brand new design for the BrowserID website and popup dialog. The login flow is streamlined, the colors and overall design are more subtle, and the transitions are clearer. Try it out on myfavoritebeer or OpenPhoto and let us know what you think on the mailing list or by tweeting with #BrowserID. Those sites, like all BrowserID sites,...
BrowserID Design for Privacy
A few weeks ago, I presented an overview of the BrowserID architecture especially as it pertains to privacy. We’ve got the video online now (30 minutes of presentation, 30 minutes of Q&A):
as well as the slides.
Meanwhile, BrowserID development is moving along rapidly. We just deployed the certificate architecture, which brings the implementation much more closely in line with the...
September 2011
1 post
BrowserID at the Mozilla All-Hands
Last week Mozilla held an All-Hands, and it was exciting to see so many people learning, teaching, and discussing all things Mozilla. The Identity team gave a short demonstration of the latest version of BrowserID during the opening keynote, and we have a recording we can share with you:
In the demo you’ll see an overview of BrowserID, but also some new features we’re...
August 2011
2 posts
Sign Into Websites Directly From Your Browser...
One of the areas we’re actively exploring in the Identity team is how to make it easier and safer for users to sign into websites. The BrowserID project is part of that exploration, but not the sole component. Today, we are releasing an early experimental add-on for Firefox, Browser Sign-In, that allows users to sign into supported websites with one click of a button in Firefox. Watch the...
Join our BrowserID Privacy Brown Bag
Next week, Mozilla is hosting a brown bag on the BrowserID privacy architecture. Ben Adida, Mozilla’s technical lead for Identity, will describe the details of our experimental BrowserID system for the web and lead an open discussion on privacy and security related properties associated with our approach. Bring your lunch and join us in Mountain View or eat at your desk and participate...
July 2011
3 posts
Privacy and BrowserID
We’ve received a lot of very useful feedback on the Mozilla Labs’ BrowserID project. We want to take a moment to focus on the privacy aspects of BrowserID and what we’re trying to accomplish. For background information, you may want to skim our original announcement and Lloyd Hilaiel’s explanation of how BrowserID works.
We designed the BrowserID experiment to increase...
1 tag
How BrowserID differs from OpenID
We launched Mozilla Labs’ online identity experiment, BrowserID, only 24 hours ago, and the feedback has been incredibly useful already. At Mozilla, we believe in empowering individuals to shape their online experience. Our work on a decentralized identity solution for the Web matches that mission well. Also, because we believe that transparent community-based processes promote...
Introducing BrowserID: A better way to sign in
Today we’re excited to announce BrowserID: an experimental new way of signing into websites. Our goal with BrowserID was to design something safe and easy for users and the developers. We’d love for you to try it out and let us know what you think.
Why BrowserID?
For a Web developer, creating a new application always involves an annoying hurdle: how do users sign in? An email...
