Building Persona: federated and privacy-sensitive identity for the Web
It turns out that solving the general identity problem is very hard. Some of these solutions require complicated redirections, an overwhelming amount of jargon and lots of verbose XML. The technology has been around for a long time, but implementing it properly (and safely) is often incredibly difficult. It's a lot to ask of the millions of part-time developers out there that are building sites out of some quick HTML, a MySQL database and some PHP code samples.
This talk will explore the challenges of the existing Web identity solutions and introduce the choices that we made during the development of Persona (formerly BrowserID), a new Open Source federated identity solution from Mozilla, designed and built to respect user privacy.
It will cover:
- a quick overview of existing identity systems on the Web
- a discussion of the complexities and privacy-related concerns that existing identity solutions have
- the cryptographic protocol behind Persona (including how crypto is used to provide both authentication and privacy, even from your identity provider)
- the Persona federation approach: fully distributed with fallbacks
- demos and actual code from sites that have implemented Persona
- the basics of the Persona API so that attendees can go out and support this technology on their own sites without much trouble
Identity is a very significant piece of Internet infrastructure and so it is critical that the solution that gets widely adopted be free-as-in-freedom, cross-browser, distributed and ruthlessly focused on making it easy for developers and end-users.
Francois is a software engineer on the Mozilla Identity team where he fights for the open Web by building alternatives to centralised proprietary silos.
A long time Debian developer, Francois has been involved in Open Source for over 10 years and regularly contributes to several projects. He also volunteers for the FSF and leads the development of Libravatar.org.