Mozilla Persona

Mozilla Persona was a decentralized authentication system for websites developed by Mozilla . It made it possible for a user not to log in to every website they used with their username and password, but only to do this once at Mozilla Persona. The identity data stored there was then used to log in to other websites. The prerequisite was that the respective websites support Mozilla Persona. Mozilla announced in January 2016 that the service would be decommissioned towards the end of the year due to its low distribution.

History and goals

In July 2011, Mozilla introduced a new authentication system, then called BrowserID . According to Mozilla, the new system should free website providers from the task of having to provide their own mechanism for user authentication; The system shares this goal with other authentication systems such as OpenID or Facebook Connect . Other emphasized goals were security and simplicity. BrowserID should be as independent of the browser used as possible and protect the privacy of the user.

In September 2012, Mozilla released the beta version of BrowserID, now under the name Mozilla Persona. It works in all browsers relevant at the time and on desktop PCs as well as smartphones and tablets. The encrypted transmission of a user's access data, which is processed via the Mozilla Firefox Sync service , was also put into operation during the beta phase.

functionality

Mozilla Persona implements the BrowserID protocol, also designed by Mozilla . The BrowserID protocol allows a user to prove to a website that he is the owner of a specific e-mail address; it follows the motto " an e-mail address is an identity ". Persona's security concept is based on an asymmetric cryptosystem and digital signatures. The login process on a website is as follows:

On the website, the user clicks on a login link.
A persona window opens in which the user selects one of his saved identities (an e-mail address) from a list.
The browser creates a so-called statement of identity (Engl. Identity assertion ) to have, including the specification of the user of the selected by him e-mail address.
The browser signs the declaration with the identity's private key and sends it to the website's server.
The server has the declaration verified by an identity provider.

Differences to OpenID

According to Mozilla, Mozilla Persona stands out from other authentication systems such as OpenID (or Facebook Connect ) in a number of ways. First, the user is not provided with their own username or ID. Instead, a user uses their email address to authenticate to a website. Second, with Persona, in contrast to OpenID, the identity provider is not involved in the login transaction, so that greater protection of the user's privacy is guaranteed. Thirdly, according to Mozilla, Persona is particularly easy to integrate into browsers through the use of HTML5 and JavaScript .

Individual evidence

↑ Mozilla Stops Developing Its Persona Sign-In System Due To Low Adoption - Techcrunch, Jan 12, 2016
↑ Introducing BrowserID: A better way to sign in. In: Identity at Mozilla. Mozilla Foundation, July 14, 2011, archived from the original on January 28, 2013 ; accessed on October 3, 2012 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2
↑ Yvonne Ortmann: Mozilla Persona: Beta of the login system is here. In: t3n magazine . September 27, 2012, archived from the original on October 2, 2012 ; Retrieved October 3, 2012 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / t3n.de
↑ How BrowserID differs from OpenID. In: Identity at Mozilla. Mozilla Foundation, July 15, 2011, archived from the original on January 27, 2013 ; accessed on October 3, 2012 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2

[1] Mozilla Stops Developing Its Persona Sign-In System Due To Low Adoption - Techcrunch, Jan 12, 2016

[2] Introducing BrowserID: A better way to sign in. In: Identity at Mozilla. Mozilla Foundation, July 14, 2011, archived from the original on January 28, 2013 ; accessed on October 3, 2012 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2

[3] Yvonne Ortmann: Mozilla Persona: Beta of the login system is here. In: t3n magazine . September 27, 2012, archived from the original on October 2, 2012 ; Retrieved October 3, 2012 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / t3n.de

[4] How BrowserID differs from OpenID. In: Identity at Mozilla. Mozilla Foundation, July 15, 2011, archived from the original on January 27, 2013 ; accessed on October 3, 2012 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2

Mozilla Persona

contents

History and goals

functionality

Differences to OpenID

See also

Individual evidence