← Back to context

Comment by throwaway92873

4 years ago

The Persona team approached the company I was working for, asking us to add Persona login alongside our other login options. Mozilla came to us because we had a huge web presence at the time (about the size of Wordpress, let's say). We discussed it internally and ultimately rejected their request. We were going through a re-org and just didn't have anyone to spare. We were also rewriting the component where the login would live, and this would have been out of scope.

Looking back, I now see that not volunteering myself for the challenge was one of the biggest mistakes I've made in my career. It was one of those rare opportunities to make a difference.

I also wonder why nobody has tried it since. It's a simple approach, but you'd need a good security team backed by a trusted organization to make an implementation credible.

3 comments

throwaway92873

Reply
dane-pgp  4 years ago

> I also wonder why nobody has tried it since.

For what it's worth, the vision does live on and people are working on developing web standards that get us closer towards it. One example is the W3C's "Credential Management Level 1" from 2019, which specifically references[0] Mozilla's work:

"The API defined here does the bare minimum to expose user agent’s credential managers to the web, and allows the web to help those credential managers understand when federated identity providers are in use. The next logical step will be along the lines sketched in documents like [WEB-LOGIN] (and, to some extent, Mozilla’s BrowserID [BROWSERID])."

More recently, in fact, today, I see there is a "Federated Credential Management API" draft published,[1] which has the goal of:

"enabling a website to request a users [sic] federated credentials from a user agent, and to help the user agent store the users [sic] federated credentials for future use."

[0] https://www.w3.org/TR/credential-management-1/#teh-futur

[1] https://wicg.github.io/FedCM/

GekkePrutser  4 years ago

Didn't Apple try it 2 years ago? Log in with Apple...

I would never use these services unless it was completely open, free and privacy centric though.

Apple comes a bit of the way but they tend to make stuff work only on their own hardware wish won't work for me. Persona would have been a good option. Especially because it could be self hosted. That would be amazing. It was just a bit too early.

mderazon  3 years ago

I think that unless you worked at FAANG it wouldn't have made much of a difference for Personas

Google / FB login still would have probably won