Identity/Persona AAR: Difference between revisions
< Identity
Jump to navigation
Jump to search
(Created page with "Here's a summary of what we got right and what we could have done better with Persona, distilled from a lot of different conversations with people inside and outside of the co...") |
(→What did we learn?: small correction, it's not just Firefox) |
||
| Line 22: | Line 22: | ||
* Persona should be built natively into Firefox, Fennec and Firefox OS to make the JavaScript shim unnecessary on these platforms. The base functionality should be cross-browser, but the experience should be optimized for the native platforms. | * Persona should be built natively into Firefox, Fennec and Firefox OS to make the JavaScript shim unnecessary on these platforms. The base functionality should be cross-browser, but the experience should be optimized for the native platforms. | ||
* Sites should control most of the user flow and Persona should be almost invisible to users. | * Sites should control most of the user flow and Persona should be almost invisible to users. | ||
* Sites should be able to offer these benefits to their | * Sites should be able to offer these benefits to their users with a native UA implementation: better UX, reduced login friction and phishing protection. | ||
Revision as of 23:25, 6 February 2014
Here's a summary of what we got right and what we could have done better with Persona, distilled from a lot of different conversations with people inside and outside of the core team.
What did Persona get right?
- We built a simple solution that developers love.
- Users and developers trust Mozilla and want us to fix identity on the web.
- The demand for "solving the password problem" is increasing with every high-profile password leak and advances in password-cracking tech.
- As the 2013 Snowden relevations have shown, decentralized and privacy-respecting technologies are badly needed.
Why did Persona fail to gain wide adoption?
- We started building a whole identity stack but it's really hard to do things in a decentralized way.
- We experimented outside of Firefox and could not leverage the Fx user base or Mozilla's marketing / evangelism resources.
- We offered an easy and secure solution but large sites that have enough resources to allocate to their login experience don't care.
- We made Persona a user-visible brand but that competed with a site's own brand.
- We looked at Facebook Connect as our main competitor, but we can't offer the same incentives (access to user data).
- We built complex features (session management) that our users did not want, and which made Persona difficult to use or understand.
What did we learn?
- Persona should be pared down to its core: a decentralized email verification and login API for the web. No more session management, no attribute exchange.
- Persona should be built natively into Firefox, Fennec and Firefox OS to make the JavaScript shim unnecessary on these platforms. The base functionality should be cross-browser, but the experience should be optimized for the native platforms.
- Sites should control most of the user flow and Persona should be almost invisible to users.
- Sites should be able to offer these benefits to their users with a native UA implementation: better UX, reduced login friction and phishing protection.