> Are there any websites with implementations that don't prompt directly for Mozilla's site
That's the OpenID model. BrowserID works somewhat differently. Your ID is an email address, so your provider is that email's domain. Because few domains support it directly yet, Mozilla operates an optional, centralized authority that can issue credentials to other users. But you don't have to use that if you add support on your own domain.
After that, the UI is also provided by Mozilla's cross-browser JS shim, but it's just a polyfill for `navigator.id.`. If your browser has native support for those methods (Firefox will, soon), then Mozilla's UI is completely uninvolved.
Basically, we're starting with a single, optional point of centralization: login.persona.org. As native support comes online from various domains and browsers, our central fallback will automatically drop out of the picture.
> Am I correct in presuming Persona is an implementation of BrowserID?*
Yep! BrowserID is the protocol, Persona is Mozilla's cross-browser UI and optional centralized services. It's kind of like how Google Login is really OpenID/OAuth under the hood, but more meta.
> "As part of the normal operation of the Persona service, Mozilla will retain a log of which sites you have disclosed your email to."
Yeah, that line sounds super bad. IIRC, it's a relic of a previous design of the cross-browser shim that needs to be removed. I'll follow up with Mozilla's legal folks.
Are there any browsers that currently implement BrowserID? I just fired up Firefox 15 and still get the pop-up for login.persona. Or links to near future impementations?
Thanks for you and otzen for shedding light on all of this.
I believe Firefox OS will have the first enabled-by-default, user-visible implementation around Q1 next year. Bits are starting to land in Firefox, but they're super, super experimental and not totally functional yet.
Yep! You can delegate to another Identity Provider (IdP) by adding a JSON file to your domain (we're looking into DNS-based ways of doing the same), but afaik, there aren't any publicly available IdPs that accept delegation yet. Ozten is working on one.
Also, we still haven't completely shored up the IdP-facing API (there are a few rough edges to fix before committing to it), so the specifics are still subject to change. https://mockmyid.com/ and https://eyedee.me/ are both open source, example IdPs that we're using for testing.
That's the OpenID model. BrowserID works somewhat differently. Your ID is an email address, so your provider is that email's domain. Because few domains support it directly yet, Mozilla operates an optional, centralized authority that can issue credentials to other users. But you don't have to use that if you add support on your own domain.
After that, the UI is also provided by Mozilla's cross-browser JS shim, but it's just a polyfill for `navigator.id.`. If your browser has native support for those methods (Firefox will, soon), then Mozilla's UI is completely uninvolved.
Basically, we're starting with a single, optional point of centralization: login.persona.org. As native support comes online from various domains and browsers, our central fallback will automatically drop out of the picture.
> Am I correct in presuming Persona is an implementation of BrowserID?*
Yep! BrowserID is the protocol, Persona is Mozilla's cross-browser UI and optional centralized services. It's kind of like how Google Login is really OpenID/OAuth under the hood, but more meta.
> "As part of the normal operation of the Persona service, Mozilla will retain a log of which sites you have disclosed your email to."
Yeah, that line sounds super bad. IIRC, it's a relic of a previous design of the cross-browser shim that needs to be removed. I'll follow up with Mozilla's legal folks.