Login with Mozilla Persona

Hi,
this is my first contribution to this workgroup, so excuse me if I start it wrongly :)
https://login.persona.org/about and http://www.mozilla.org/en-US/persona/
Mozilla Persona is imho the SSO to support, which has a chance to succeed as a standard and decentralized open SSO where, in a way, OpenId failed.
Instead of connecting with gmail, yahoo, facebook, whatever, you simply connect with your email address.
As said the main developer: "Persona is an easy way to sign in that enables you to use your existing email account. It's an open technology on the path to standardization."

Miguel Prados Rodriguez Fri 23 Aug 2013 4:59AM
Easy and intuitive, I tried it myself and I will use it for new sites developments, thanks for the info.
Richard D. Bartlett Mon 26 Aug 2013 11:56AM
Yeah Persona looks great, and ethically it is squeaky-clean! SSO can be such a messy issue because you have a whole complex marketplace to worry about, and so many of the actors are ethically dubious. It would be nice if Loomio could support Persona and contribute a little to it's popularity.

Benjamin Knight Tue 27 Aug 2013 10:15AM
I'd love to see Loomio support Persona!

Raphaël Jadot Tue 27 Aug 2013 11:57AM
@benjaminknightloom @richarddbartlett @miguelpradosrodrig do you think this would deserve a proposal, not for a decision by itself - how could I decide something :p - but mainly for seeing if people are sensible or not to the idea of this integration (an indicator of interest)?
Chris Taklis Tue 27 Aug 2013 12:03PM
i agree with persona.

Richard Fortune Tue 27 Aug 2013 3:44PM
Definitely! Please do give it your support!

Miguel Prados Rodriguez Tue 27 Aug 2013 6:29PM
It definitively worth a proposal

Matthew Bartlett Tue 27 Aug 2013 7:20PM
What proportion of visitors are likely to have a Persona account?
Richard D. Bartlett Wed 28 Aug 2013 3:41AM
Single Sign-on (SSO) tries to solve the 'too many accounts' problem, but unfortunately it has introduced a new problem: too many SSO's! As a user, how am I supposed to recall if I used Facebook or Google or a site-specific account to log in to a particular service?
@matthewbartlett if we were just looking at popularity we'd roll out Facebook, Google, and Twitter etc before Persona, but in my opinion that would be a negative contribution to the ecosystem.
Of all the SSO solutions I know about, Persona is the only one I feel that is likely to make the ecosystem a better place over time.
FYI I came to this conclusion after scanning the docs, which I recommend if you're interested.

Matthew Bartlett Wed 28 Aug 2013 5:45AM
The plan (and baldamiq mockups) as I understood it is to start with Google, then add Facebook soon after. Though the plan may have evolved; Loomio's a dynamic place.

Robert Guthrie Wed 28 Aug 2013 6:15AM
@raphaeljadot! Great to hear you supporting Persona. I personally really want to get it implemented. We've been working on SSO for Loomio, starting with Google Accounts support, once that is in there will be an obvious template for developers to follow when they want to implement another sign on service.
So in a few weeks it'll be pretty straight forward to implement Persona. I love the principals of Persona and really want to see Loomio embrace it too.
Thanks again.

Miguel Prados Rodriguez Wed 28 Aug 2013 6:34AM
You only need to put persona in or persona & facebook. If you have gmail, most probably it will be your email account linked to persona, so there is no need to put in gmail login. I found amazing not to have to remember passwords with persona, I think its a winner.

Benjamin Knight Wed 28 Aug 2013 9:15AM
Hi @raphaeljadot , great to see you in here! It would be totally appropriate for you to put up a proposal on this if you'd like :)
The Loomio Community group isn't a decision-making forum, but it's a good place for anyone to raise things that they'd like to discuss.
Proposing something like "do people think it would be a good idea to support Persona?" could work very well

Benjamin Knight Wed 28 Aug 2013 9:18AM
@matthewbartlett , I think it's a really important point to consider - realistically, a tiny proportion of our users would have pre-existing Persona accounts, and only a small proportion would be likely to set up Persona accounts as a result of stumbling across it via Loomio - but this would still be a good thing.
I'd personally be in favour of implementing SSO with Google, FB, and Persona (possibly in that order) to give people the option, then in the ideal situation that Persona starts to become more and more common, could promote it as a preferred option in some way.

Poll Created Wed 28 Aug 2013 1:34PM
Log in with Persona? Closed Sat 31 Aug 2013 2:35PM
Persona is an interesting SSO that could be taken in account, both for practical and ethical reasons (see discussions)
Would you like the possibility to log in loomio with Persona?
http://www.mozilla.org/en-US/persona/
For people who do not have a Persona account:
It's not a question about the implementation of Persona before, after or over Google account or Facebook account, but mainly about supporting a saner single sign on system (simple, universal, non centralized, letting users control their data, open-source)
Results
Results | Option | % of points | Voters | |
---|---|---|---|---|
|
Agree | 100.0% | 12 |
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
Abstain | 0.0% | 0 | ||
Disagree | 0.0% | 0 | ||
Block | 0.0% | 0 | ||
Undecided | 0% | 888 |
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
12 of 900 people have voted (1%)

Raphaël Jadot
Wed 28 Aug 2013 1:37PM
In my opinion, loomio team should support this :) for letting users breaking their digital jails :)
Other advantage, it's well documented, and even if i did not implemented it myself, some colleagues dev told me it's easy to implement.
Jaco van der Merwe
Wed 28 Aug 2013 6:26PM
introduces a degree of SSO & superficial multi-platform integration
Richard D. Bartlett
Wed 28 Aug 2013 8:15PM
I love Persona :)

Benjamin Knight
Wed 28 Aug 2013 8:24PM
I'd love to see us support Persona alongside other SSO options

Sean Tilley
Wed 28 Aug 2013 10:18PM
Mozilla Persona is awesome, and I'd love to see more platforms supporting it. :)

Danyl Strype
Fri 30 Aug 2013 5:52AM
I think this is an obvious first choice for Loomio supporting SSO. OpenID second choice. Currently popular corporate-owned social media empires third, if at all.
vivien maidaborn
Fri 30 Aug 2013 7:13PM
Persona our starting point for lots of good reasons

Poll Created Sat 7 Sep 2013 10:23AM
Implement Persona before Google/Yahoo login Closed Tue 10 Sep 2013 11:01AM
For the reason given in a comment on the left (email from Dan Callahan), people having a google or yahoo account already have a persona account. (And for people not having a google or yahoo account, creating a new one is straightforward)
Compared to the login with google/facebook/yahoo, it has the advantage of preserving privacy, so I suggest implementation of persona first, as the userbase is already huge and the privacy-preserving feature is a clear advantage.
Results
Results | Option | % of points | Voters | |
---|---|---|---|---|
|
Agree | 76.5% | 13 |
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
Abstain | 23.5% | 4 |
![]() ![]() ![]() |
|
Disagree | 0.0% | 0 | ||
Block | 0.0% | 0 | ||
Undecided | 0% | 882 |
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
17 of 899 people have voted (1%)
OpenLifeChallenge
Sat 7 Sep 2013 4:02PM
Definitely go for implementation of privacy-preserving login before any other, also good to help other open-source projects.

Robert Guthrie
Sat 7 Sep 2013 11:41PM
I really do like persona.

Richard Fortune
Mon 9 Sep 2013 2:18AM
Definitely the way to go. Open and not feeding into any of "malicious" existing services! :)
Richard D. Bartlett
Mon 9 Sep 2013 3:59AM
I am not too worried about the order we deploy them in, so long as we have maximum coverage

Miguel Prados Rodriguez
Mon 9 Sep 2013 11:08AM
Simpler

Charlie DeTar
Mon 9 Sep 2013 5:04PM
Persona is our best hope for a reasonable SSO.

mix irving
Mon 9 Sep 2013 10:24PM
I'm leaning towards yes but trust the group on this

Dan Callahan
Mon 9 Sep 2013 11:31PM
Loomio and Mozilla's values are closely aligned, and Persona feels like a strong fit, both philosophically and pragmatically. The core Persona team is ready and available to assist Loomio with any issues that arise.

Benjamin Knight
Tue 10 Sep 2013 1:12AM
keen!

Alanna Irving
Tue 10 Sep 2013 4:05AM
Sounds good. I defer to the knowledgeable people in this discussion.

Poll Created Sat 7 Sep 2013 10:23AM
Implement Persona before Google/Yahoo login Closed Tue 10 Sep 2013 11:01AM
For the reason given in a comment on the left (email from Dan Callahan), people having a google or yahoo account already have a persona account. (And for people not having a google or yahoo account, creating a new one is straightforward)
Compared to the login with google/facebook/yahoo, it has the advantage of preserving privacy, so I suggest implementation of persona first, as the userbase is already huge and the privacy-preserving feature is a clear advantage.
Results
Results | Option | % of points | Voters | |
---|---|---|---|---|
|
Agree | 76.5% | 13 |
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
Abstain | 23.5% | 4 |
![]() ![]() ![]() |
|
Disagree | 0.0% | 0 | ||
Block | 0.0% | 0 | ||
Undecided | 0% | 882 |
KC
SW
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
17 of 899 people have voted (1%)
OpenLifeChallenge
Sat 7 Sep 2013 4:02PM
Definitely go for implementation of privacy-preserving login before any other, also good to help other open-source projects.

Robert Guthrie
Sat 7 Sep 2013 11:41PM
I really do like persona.

Richard Fortune
Mon 9 Sep 2013 2:18AM
Definitely the way to go. Open and not feeding into any of "malicious" existing services! :)
Richard D. Bartlett
Mon 9 Sep 2013 3:59AM
I am not too worried about the order we deploy them in, so long as we have maximum coverage

Miguel Prados Rodriguez
Mon 9 Sep 2013 11:08AM
Simpler

Charlie DeTar
Mon 9 Sep 2013 5:04PM
Persona is our best hope for a reasonable SSO.

mix irving
Mon 9 Sep 2013 10:24PM
I'm leaning towards yes but trust the group on this

Dan Callahan
Mon 9 Sep 2013 11:31PM
Loomio and Mozilla's values are closely aligned, and Persona feels like a strong fit, both philosophically and pragmatically. The core Persona team is ready and available to assist Loomio with any issues that arise.

Benjamin Knight
Tue 10 Sep 2013 1:12AM
keen!

Alanna Irving
Tue 10 Sep 2013 4:05AM
Sounds good. I defer to the knowledgeable people in this discussion.
Dazza Greenwood Wed 28 Aug 2013 6:59PM
The value of enabling login with externally issued/managed federated credentials is very high. There's a lot more practical value in going after "SSO with Google, FB, and Persona (possibly in that order)" than just supporting Persona alone, partly because there are larger architectural and policy dimensions at play. In my experience, it is useful to start identity/SSO initiatives to have a working general agreement on the priority intended goals to guide the work... eg: "increase user adoption" or "ease of use" or "provide simple integration point with other discussion apps/services using federated identity" etc. Bottom line: any SSO is better than no SSO for Loomio, and so I hope something results from this discussion.

Sean Tilley Wed 28 Aug 2013 10:17PM
It's not too hard to integrate Mozilla Persona with Devise. I have an example app demonstrating how to use the Devise-BrowserID-Authenticatable gem, if you folks are really interested in integrating Mozilla's single-sign-on solution.
Richard D. Bartlett Wed 28 Aug 2013 11:40PM
Hey @jessedoud check out the links in Sean's comment here :)

Danyl Strype Fri 30 Aug 2013 5:48AM
I have been keen to support Persona, but the only way I can currently do that is to encourage the online services I use to adopt it. If I could login to Loomio with Persona, I could get into a habit of using it regularly, and make a stronger case for CoActivate and permaculture.org.nz to support it too. If that happened, more people could get into the habit of using it regularly, and the positive influence could spread.
An increasing number of people who are making an ethical decision not to use FaceBook or Google, just as people might choose to Boycott McDonalds, or eggs laid in battery cages. I think it would make a strong ethical statement for Loomio to support Persona (and perhaps OpenID) first. It would make an even stronger ethical statement to not support people logging in with FB or Google credentials at all.
vivien maidaborn Fri 30 Aug 2013 7:12PM
@strypey love the clarity of your call for not using google Facebook sign ins to send a message about our ethics and it seems we will reach easy agreement on Persona.
I am keen to see volume of people using Loomio though. We need 20,000 users to even break even so right now my focus is much more on making Loomio really easy to get to and this will involve starting where people are at I suspect.

Danyl Strype Sun 1 Sep 2013 6:41AM
Thanks Vivien, I understand the need to meet people where they are. Even the Pirate Party has a FaceBook page, and GoogleGroups atm ;)
This is why I suggest supporting an open standards like Person first, as an ethical statement, then rolling out FB/ G+ as a pragmatic statement (maybe a couple of weeks later to give people time to try out Persona).
If @robertguthrie is right that the code that's being developed to support G+ can be easily extended to support other SSOs, this needn't slow you down too much.

Raphaël Jadot Mon 2 Sep 2013 10:23AM
@benjaminknightloom and anyone whou could be interested, here is for your information a link to a related discussion in dev-identity (ml of Mozilla Persona)
Two quotes that may interest:
Sean MA:
If anyone needs help implementing, we're always here."
Andrew C:
100% and in fact, I'm always in Wellington (which I just found out in a
totally unrelated way that you're also here).I may be popping into Enspiral for a beer o'clock in the next few weeks but ping me if you'd like me to come into town if you need any help or just fancy a chat before that.

Raphaël Jadot Sat 7 Sep 2013 10:16AM
Here is a copy of a reply sent by Dan Callahan in the identity/persona discussion about loomio..
I don't know if it's still possible to add comments to the discussion, but a few notes based on concerns that were raised:
- "What proportion of visitors are likely to have a Persona account?"
All Gmail and Yahoo users effectively have an account today. That's over 700 million active addresses, or likely 60-80% of users on most English-language websites.
More importantly: People don't need an account beforehand. Persona is simply a nice, federated implementation of "Sign in with your email." If you have an email address, Persona will work for you today. In the worst case, it falls back to acting just like a traditional login system (verification email, etc), so the base case is identical.
- "We've been working on SSO for Loomio, starting with Google Accounts support"
I'd humbly suggest that Loomio explore Persona first, as it acts as a superset of Google login, with additional privacy-preserving features. More info.

Raphaël Jadot Sun 8 Sep 2013 8:30AM
I'd really like to insist on what has been said in my previous comment: there are in fact more people "ith a persona account than a google account :)
Chris Taklis Sun 8 Sep 2013 10:36AM
@raphaeljadot you don't know that. i mean that more people have persona account than a google account.
i think the best it to have a multiple option to login with what everyone has. It can be google, yahoo, hotmail, facebook, persona, openid, etc.
It is more equal to all than to say to other before you login you must have account to persona or to google only.

Raphaël Jadot Sun 8 Sep 2013 11:52AM
@christaklis it's simply because every one who has a google account has a persona account (explained in a previous comment) or in this link in addition to yahoo accounts (yahoo + google + other persona account > only google :)

Raphaël Jadot Sun 8 Sep 2013 11:55AM
@christaklis in fact, a persona account is not an account by itself (it's not openid, for example). It's only related to your email address, which means by only having an email address you have a "persona account". The advantage is that if you are already connected with yahoo or google, you don't have to enter a different password thanks to identity bridge
Chris Taklis Sun 8 Sep 2013 12:02PM
Look @raphaeljadot ... i didn't know what was Persona and i of course haven't account. Now i know because of this discussion and i have made an account.
In Greece, very few people know about persona or openid. The most people want to register or login with their google/hotmail/yahoo/facebook account. and mostly of facebook account.
That general means that loomio "must" have as much options can for login. Look in some countries there have more knowledge of computers and some not. That mean that Loomio or general each tool must be as easy for everyone. That is my opinion.

Raphaël Jadot Sun 8 Sep 2013 12:22PM
@christaklis I totally understand what you mean In fact you consider persona as an account by itself. It's not. It's a login system. To make it simple You have a gmail account? It's a persona account. You have a yahoo account, it's a persona account.
About "facebook' it's another problem, because it's not related to an email address, unless you use a "@facebook.com" address. In this case, contrary to gmail and yahoo, a facebook account is not a persona account, still to make it simple (but the email address you used for creating your facebook account is a persona account)
It's why I made the proposal of implementing Persona "before" google and yahoo.
Chris Taklis Sun 8 Sep 2013 12:29PM
i read that to create persona account you have to choose what email address you want. that i did it to login in persona.
but how it is different. i still can't understand it.
you mean that all email adresses like google, yahoo and other is made by persona?

Raphaël Jadot Sun 8 Sep 2013 12:34PM
@christaklis have to run just now, but i'll come back with something i hope will be clear explanations :p
Chris Taklis Sun 8 Sep 2013 12:35PM
ok i am waiting...

Charlie DeTar Mon 9 Sep 2013 5:03PM
I strongly support signin with persona. I've been following its development closely, and implemented it as the only sign in option for a collection of decision making tools I built (intertwinkles). A few caveats to be aware of:
- Persona might require a little more redesign than just dropping in facebook connect etc. Its API is very javascript-native and ajaxy; to use it properly would require loading scripts on every page.
- A fair number of users are confused about the privacy implications of persona. In my work with InterTwinkles, many users interpreted it as the opposite of what it is -- they thought it was an SSO that would reduce their privacy and collect more info about them.
- Implementing more than one sign-in option can result in user confusion. I recommend choosing a minimum set -- loomio-specific login and persona is a good minimum, especially because persona bridges to other major services like Google and Yahoo.

Dan Callahan Mon 9 Sep 2013 11:35PM
Chris is raising some important points to consider when implementing Persona. Namely, very few people will click on a button that says "Sign in with Persona," because people don't know what Persona is.
The simple fix? Label the button "Sign in with your email," since that's what Persona is. The "Persona" part is just an implementation detail for developers. :)
Richard D. Bartlett Mon 9 Sep 2013 11:52PM
@dancallahan what about putting, say, the Google and Yahoo logos on the button too?

Benjamin Knight Tue 10 Sep 2013 1:10AM
Welcome to the community @dancallahan! Great to have your first-hand experience in here :)
There's really strong alignment between the values driving Persona and the motivations of Loomio, so I love the idea of working together.
I think there are real benefits in implementing Persona as an initial SSO for Loomio. The only potential downside I can see is that things might not be quite as accessible as having stock standard 'sign in with FB' 'sign in with gmail' buttons, but I'm sure we can design our way around things to maximise clarity and accessibility

Raphaël Jadot Tue 10 Sep 2013 8:02AM
@dancallahan thank you for joining and helping me in explaining with simple words :)
@christaklis dan is the man for better technical explanations :)
@richarddbartlett I think it could be a good idea to make a button such as sign with your email or yahoo or gmail :)

Raphaël Jadot Thu 10 Oct 2013 1:37PM
It's working now Woohoo!

Matthew Bartlett Thu 10 Oct 2013 8:19PM
@robertguthrie I notice on my iPhone 3GS, using SSO Google, that it now asks me to sign in every time; and it doesn't go to the page I requested before sign-in (inbox).

Robert Guthrie Thu 10 Oct 2013 9:59PM
Thanks Matthew.

Danyl Strype Sat 12 Oct 2013 2:22PM
Great to see Persona on the Loomio front page! Who would I have to buy a sandwich for to make it the first of the three (before FB and Goog)?

Danyl Strype Tue 15 Oct 2013 12:17PM
Also, if there were some experts who helped you with Persona integration, could someone from the Loomio crew put me in touch with them? We'd like to do the same thing for permaculture.org.nz.

Matthew Bartlett Tue 15 Oct 2013 8:33PM
@robertguthrie's the expert!

Robert Guthrie Tue 15 Oct 2013 11:08PM
@strypey At first I built our own stuff to connect to Persona, down to http requests, following mozilla developer guides, then I dropped it all in favour of OmniAuth.
The nice thing we did was create an identity model (User has many Identities) so that users can authorise against many services and link each one to their user account.

Danyl Strype Wed 16 Oct 2013 12:15AM
Thanks to @matthewbartlett for the tip, and @robertguthrie (I see the resemblance now!) for the explanation. Being a power user rather than a coder, I have a rough idea what you're describing, but it would be good to get a more detailed explanation. What I need to understand is to what degree what you've done can cross over to a Drupal site.
Raphaël Jadot · Thu 22 Aug 2013 10:05PM
I'd like to make a proposal, which is more a question: would you like implementation of Persona in Loomio? but not considering the development part (I may try to help there), I'd like to know if someone needs more explanation about how Persona works, what it would imply to use it etc. :)