Get Involved

Reach out to us

• on IRC at irc.mozilla.org, #identity
• on our mailing list
• by tuning in to our short weekly meetings

Learn more about Persona

• Documentation
• Specification
• Bug tracker

Follow us on

• our blog
• Twitter or Identica
• our announcement list

Help us out by

• hacking on the code
• writing a plugin or a library
• spreading the word
• translating Persona in your language

Vision

Central to a people-centered ecosystem is an identity system that is under the control of the individual, and enables information sharing on the users own terms with no take-it-or-leave-it policies. To this end, Mozilla is building an identity system for the Web that has these properties.

The first service we're building, Persona, enables users to easily sign into websites using their existing email address in a secure and privacy-protecting way, with no additional passwords. For developers, it offers a very easy to implement API, and a verified email address they can use to communicate with the user.

User identities encompass much more than just an email address, of course, and so the next components of the Mozilla identity system will include payments, profile and data sharing on the users terms and more.

Identity Design Principles

draft 01 APR 2013

Relationship (like a doorman) not mechanism (like a lock) We've used the metaphor of a lock and key for passwords. This is too cold and impersonal. It is an abstraction that serves the cold metal of hardware, but does nothing to help you build a relationship with the person. An account allows a computer to recall this person, much like a doorman who can recognize a familiar face and recall their shared history to have a meaningful conversation. HIERARCHY OF NEEDS Reliability I want access to my information 100% of the time, wherever I am. And don't blame me for unreliable service! The service should be percieved to be reliable.

• Can access when and where needed.
• Data is safe from unintentional loss.
• In-browser password manager is allowed to function normally, not disabled.

Safety

At all points of centralization, the service should be resistant to attack. The service should be perceived as secure/protected.

• Passwords stored securely.
• If I lose my device and attacker cannot remotely wipe another machine.
• Information from one account cannot be used to hack another site

Proportionality

The approach you use should be appropriate to the threat.

• Password character requirements should be reasonable. Don't ask for 72chars, capital + number that rotates every 90 days unless you are a high-risk target.
• Keep user logged in for long sessions unless you are a high-risk target.

Creating a supportive environment

Don't treat me as an intruder in my own house. Tone should be human and recognize that remembering credentials is a difficult thing to do. Be polite and forgiving of imperfect memory.

• Error messages should have positive tone. Shaming language around forgetting password only create unnecessary stress.
• After login it redirect user to where there intended to go.
• Remember my configurations.
• Clear how to access self help documents and forums.

Be the user's trusted agent

Provide a safe and secure way to take your information around the web

• Easy access to contacts, contents of your "wallet."

Responsibilities of Relying Party sites

There are several issues which are directly related to accounts which are outside the scope of Persona. These are guidelines for relying party sites implementing Persona.

• Site reflects whether the user is logged in or not.
• Rules are clear when and why I need to login or out
• Usernames should only be used if you have public-facing content that needs to be anonymous.
• Site has clear policies about who has access to and who owns user data.
• Site employs ethical practices around what they do with user data and data porability.
• Changes to terms and privacy policies are presented with clear language.

2013 Identity Goals

• Sign into websites
• PiCL (a.k.a. Profile In the Cloud)
  • PiCL is pronounced 'pickle'
  • Details on this project can be viewed on the Attached Services page.
  • Demos are posted regularly on the Attached Services page.
• Native sign into websites & apps (FxOS, FxDesktop, FxAndroid, and others)
  • Work targeted to begin Q2

2013 Projects and Roadmap

Firefox OS

Profile in the Cloud (PiCL)

Signin to Web

Identity Speaks: Upcoming Conference Schedule

• Adding a talk? Don't forget to add it to the Mozilla Events Calendar too.
• Removing a talk? Please move it to Identity/Spread Persona.

Meet the Identity Team

Archive: Quarterly Goals and Project Summary

2013 Q1 Goals Project Description Status Contact [FFOS] FXOS Identity Service in production [Desktop, Android] PICL (Profile In Cloud) alpha1 add-on for Firefox and FX Android (Sync replacement) [Special] Persona Sign-In Beta 2 [FFOS, Desktop, Android] Persona Service one data-center deployed on AWS [FFOS, Desktop, Android] Improved Metrics [Special] Mozilla IdP [STRETCH] 2012 Q4 Goals Project Description Status Contact B2G Identity Integration [DONE] native identity client code landed in Gecko and Gaia [DONE] server-provided dialog, re-branded and integration tested [DONE] deployment plan finalized [DONE] performance optimizations for slow connections [DONE] [STRETCH] unverified email support Completed Ben Adida Continuous Improvement of Persona Service: [DONE] Proxy IdP [MISSED] Improved Metrics [DONE] Improved QA Automation [DONE] Scaling plan Team Signin Design and Prototyping of Significant New Persona Features: [DONE] Persona Password Manager pre-alpha release - delayed one week into Q1 because of holidays, but otherwise done, so marking it as such. [MISSED] [STRETCH] Native Mobile SDKs 2012 Q4 Project Summary Project Description Status Notes Gombot On-Hold Post-Mortem Notes can be reviewed at: Force Page Refresh Archived front page Features on ice (or dropped): Old / Archived Mozilla Identity Roadmap Owner: Dan Mills Updated: 2013-04-1 Our goal is to provide to users convenient, safe, and open identity solutions that can become standard components of the Web, while working out-of-the-box as well as we can make them to. In 2012, we will expand our user-centered identity platform beyond sign-in to also include connecting with sites and people as well as online payments. Name Description Status When Who Key-wrapping Support for key wrapping and wrapped key storage. This allows other sites to encrypt data with a key that is unlocked (locally) with the user's BrowserID password. Designing & planning Q1 Ben Adida navigator.id.share() prototype Developer API to allow users to easily share content with others Not started Prototype in Q2 Dan Mills Remote storage API prototype Developer API to store data (files) in the user's preferred storage provider Not started Prototype in Q3 Dan Mills API to me Developer API to access extended profile data for the user Not started Prototype in Q3 Dan Mills