I came across Mozilla Persona today. It’s a Single Sign-On (SSO) system that is similar to OpenID. While it looks like there is no need for yet another SSO, it does have some promising features compared to OpenID, and especially OpenID provided by “Big Players” like Google and Facebook (actually, Facebook doesn’t provide OpenID but a similarly working Facebook Connect).
The one main benefit is privacy. The first kind of privacy is related to the provider. In OpenID, the provider knows exactly where you’ve logged in to. For example, if I want to use my Google account as an OpenID to sign in to a gardening forum, Google will know that I’ve signed up there, and they will get notified every time I sign in. Persona, on the other hand, seems to sidestep this issue. After registering with a Persona provider (Mozilla offers one), the provider gives the user a cryptographically signed token, which he can present to sites he signs in to. The site can verify the validity of the certificate without telling the provider which user it wishes to validate.
Another aspect of privacy provided by Persona is how easy it is to create alter egos (and thus keep our anonymity on the net). Facebook and other OpenID-like providers require extensive personal information and have a real-name policy (which, in case of violation, can result in a blocked account). Persona, by allowing you to register with any email address (think about Mailinator), allows you to create these anonymous personas. It also allows you more control over the kind of profile information it shares with providers.
There is one last remaining issue, which still concerns me. If you use an OpenID provider, such as Google, and it decides to block your account, then you lose access to all those places you authenticated to using that account. This can be worked around by setting up your own OpenID provider, but that’s not simple. I’m not sure if Persona offers an easier way around it.
Overall, Persona looks very promising as an alternative to OpenID. If anyone has real experience with it, I would love to hear.