Identity
Get Involved
- Reach out to us
- on IRC at irc.mozilla.org, #identity
- on our mailing list
- by tuning in to our short weekly meetings
- Learn more about Persona
- Follow us on
- our blog
- Twitter or Identica
- our announcement list
- Help us out by
- hacking on the code
- writing a plugin or a library
- spreading the word
- translating Persona in your language
Vision
Central to a people-centered ecosystem is an identity system that is under the control of the individual, and enables information sharing on the users own terms with no take-it-or-leave-it policies. To this end, Mozilla is building an identity system for the Web that has these properties.
The first service we're building, Persona, enables users to easily sign into websites using their existing email address in a secure and privacy-protecting way, with no additional passwords. For developers, it offers a very easy to implement API, and a verified email address they can use to communicate with the user.
User identities encompass much more than just an email address, of course, and so the next components of the Mozilla identity system will include payments, profile and data sharing on the users terms and more.
Identity Design Principles
draft 01 APR 2013
Account as relationship, not mechanism
We've used the metaphor of a lock and key for passwords. This is too cold and impersonal. It is an abstraction that serves the cold metal of hardware, but does nothing to help you build a relationship with the person. A more useful way to think about an account is that it allows a computer to identify this person, much like a doorman who can recognize a familiar face and recall their shared history to have a meaningful conversation.
Hierarchy of Needs
These are presented in order from lowest to highest level of user needs. They start with basic and move to more complex.
Reliability
I want access to my information 100% of the time, wherever I am. And don't blame me for unreliable service! The service should be percieved to be reliable.
- Can access when and where needed.
- Data is safe from unintentional loss.
- In-browser password manager is allowed to function normally, not disabled.
Safety
At all points of centralization, the service should be resistant to attack. The service should be perceived as secure/protected.
- Passwords stored securely.
- If I lose my device and attacker cannot remotely wipe another machine.
- Information from one account cannot be used to hack another site
Proportionality
The approach you use should be appropriate to the threat.
- Password character requirements should be reasonable. Don't ask for 72chars, capital + number that rotates every 90 days unless you are a high-risk target.
- Keep user logged in for long sessions unless you are a high-risk target.
Creating a supportive environment
Don't treat me as an intruder in my own house. Tone should be human and recognize that remembering credentials is a difficult thing to do. Be polite and forgiving of imperfect memory.
- Error messages should have positive tone. Shaming language around forgetting password only create unnecessary stress.
- After login it redirect user to where there intended to go.
- Remember my configurations.
- Clear how to access self help documents and forums.
Be the user's trusted agent
Provide a safe and secure way to take your information around the web
- Easy access to contacts, contents of your "wallet."
Responsibilities of Relying Party sites
There are several issues which are directly related to accounts which are outside the scope of Persona. These are guidelines for relying party sites implementing Persona.
- Site reflects whether the user is logged in or not.
- Rules are clear when and why I need to log in or out
- Usernames should only be used if you have public-facing content that needs to be anonymous.
- Site has clear policies about who has access to and who owns user data.
- Site employs ethical practices around what they do with user data and data portability.
- Changes to terms and privacy policies are presented with clear language.
Identity Speaks: Upcoming Conference Schedule
Interested in Persona? Check out Dan Callahan's presentation at PyCon 2013 Beyond Passwords: Secure Authentication with Mozilla Persona
Conference | Presentation Details | Date | Location | Presenter |
---|---|---|---|---|
Libre Software Meeting | Passwords and freedom: can we lose the former and retain the latter? | July 8, 2013 | Brussels, Belgium | Francois Marier |
Libre Software Meeting | Mozilla Persona for your domain | July 10, 2013 | Brussels, Belgium | Francois Marier |
Open Web Camp | Mozilla Persona: Simplified sign-on | July 13, 2013 | San Jose, California | Vlad Filippov |
WDCNZ | Taking the pain out of signing users in | July 25, 2013 | Wellington, New Zealand | Francois Marier |
PyCon Canada | Quick Wins for Better Website Security | August 10, 2013 | Toronto, Canada | Dan Callahan |
Ember Fest EU | Forget Passwords, Use Persona | August 30, 2013 | Munich, Germany | Dan Callahan |
- Adding a talk? Don't forget to add it to the Mozilla Events Calendar too.
- Removing a talk? Please move it to Identity/Spread Persona.
Meet the Identity Team
Name | Title | Location |
---|---|---|
Andy Chilton | Developer | New Zealand |
Austin King | Developer | Washington |
Brian Warner | Developer | California |
Chris Karlof | Developer | California |
Crystal Beasley | Lead UX Designer | Oregon |
Dan Callahan | Developer Relations and Documentation | Minnesota |
Danny Coates | Developer | California |
Edwin Wong | QA | California |
Francois Marier | Developer | New Zealand |
Gene Wood | Operations | California |
Hannah Quay-de la Vallee | Intern 2013 | San Francisco |
James Bonacci | QA | California |
Jared Hirsch | Developer | California |
Jed Parsons | Developer | California |
John Gruen | UX | New York |
John Morrison | QA | California |
Karl Thiessen | QA | California |
Katie Parlante | Developer | California |
Lloyd Hilaiel | Director, Identity Department | Colorado |
Ryan Feeley | UX Designer | Toronto |
Ryan Kelly | Developer | Australia |
Ryan Seys | Intern 2013 | San Francisco |
Sean McArthur | Developer | California |
Shane Tomlinson | Developer | United Kingdom |
Tauni Oxborrow | Program Manager | California |
Vlad Filippov | Intern 2013 | San Francisco |
Zach Carter | Developer | California |
Identity Projects
A complete & updated Identity project list with links to appropriate wiki pages coming in July 2013
- Identity UX
- Native FXOS & B2G - updated page coming soon
- Persona Analytics
- Profile in the Cloud (PiCL) - updated page coming soon
- Signin to the Web - updated page coming soon