Identity at Mozilla

With Persona, you can log into web sites using the email address of your choice. The first time you use an email, our servers send you a confirmation link. By following that link, you confirm your identity to Persona, which then vouches for your ownership of that email address.

Of course, in the long term, Persona is meant to be distributed: alice@example.com should be verified and certified by the administrators of example.com. If example.com wants to use 2-digit passwords, they can. If they want to use retinal scans powered by your webcam, they can. It’s up to them. With each domain able to customize its authentication protocol with its users, the Web becomes more secure.

Did you know that Persona supports this today?

If you own a domain, you can claim your users without asking Mozilla. Just follow the Persona Identity Provider protocol as described in our Identity Provider Guide. You can also start with the code for eyedee.me, our example Identity Provider. Just connect this code to your user database and advertise your domain as a Persona Identity Provider.

Pragmatic, Gradual Distribution

We don’t expect the world to switch over to a distributed authentication protocol overnight. In fact, we expect to be running the Persona Identity Provider, which we call the Fallback, for a long time and for a lot of users. Building new distributed protocols takes time.

That said, we’re not waiting around to make Persona capable of distributed authentication. For those users and domains who want it, Persona is already distributed. We think that’s pretty cool.

As always, we welcome your questions and comments on our mailing list, or via the #MozillaPersona hash-tag on Twitter.