Security Watch

Keeping Track of patches and hacks in the IT security world.

Mozilla Expands Persona ID Service

You use your browser as your window to the Web today, so why not use it as the storehouse for your online identity, too?


Single sign-on (SSO) mechanisms offer the promise of users having a single credential (the sign-on) in order to log into multiple sites and services. When it comes to the Web, there are multiple sources of identity to power SSO, and open-source browser vendor Mozilla wants to be one of them.

Mozilla launched its BrowserID effort in 2011 and renamed the consumer-facing technology bits Persona in 2012. Just to confuse us all, the core specification behind Persona is still known as BrowserID.

The basic idea behind BrowserID/Persona is that your email address, as stored and authenticated inside your Firefox browser, is your identity. So whenever you visit a site that has Persona support, you get a log-in window pop-up, and all you need to do is click OK and away you go. Yes, it's much like what we're all doing with Facebook/Twitter/Google-based authentication now too, the difference is that Persona is browser-based.

Now, Mozilla is expanding Persona with what they refer to as an Identity Bridge for Gmail. With an Identity Bridge, user email authenticity can be confirmed via an OpenID or OAuth gateway. Both OpenID and OAuth are existing open protocol specifications for user identification. The news here is that now Gmail users can leverage their existing Gmail credentials to log-in to Persona-powered Websites.
According to Mozilla, Persona now can potentially support some 700 million email users. That's a whole lot of users.

Then again, in my own experience, OpenID/OAuth-based authentication from Google/Facebook/Twitter is already very commonplace across the Web. So why would I (or anyone else) bother with Persona?

There might be one very good reason, especially in these particularly privacy-sensitive times.

"Persona remains committed to privacy: Gmail users can sign into sites with Persona, but Google can’t track which sites they sign into," Mozilla states.

That's a big plus. Time will tell whether Persona/BrowserID will actually become popular in terms of widespread usage (as opposed to just being supported). I suspect that if Mozilla and its supporters continue to evangelize and improve the technology, Persona/BrowserID is something that isn't going to go away.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.