I'd like to make a proposal, which is more a question: would you like implementation of Persona in Loomio? but not considering the development part (I may try to help there), I'd like to know if someone needs more explanation about how Persona works, what it would imply to use it etc. :)

Easy and intuitive, I tried it myself and I will use it for new sites developments, thanks for the info.

Yeah Persona looks great, and ethically it is squeaky-clean! SSO can be such a messy issue because you have a whole complex marketplace to worry about, and so many of the actors are ethically dubious. It would be nice if Loomio could support Persona and contribute a little to it's popularity.

I'd love to see Loomio support Persona!

@benjaminknightloom @richarddbartlett @miguelpradosrodrig do you think this would deserve a proposal, not for a decision by itself - how could I decide something :p - but mainly for seeing if people are sensible or not to the idea of this integration (an indicator of interest)?

i agree with persona.

Definitely! Please do give it your support!

It definitively worth a proposal

What proportion of visitors are likely to have a Persona account?

Single Sign-on (SSO) tries to solve the 'too many accounts' problem, but unfortunately it has introduced a new problem: too many SSO's! As a user, how am I supposed to recall if I used Facebook or Google or a site-specific account to log in to a particular service?

@matthewbartlett if we were just looking at popularity we'd roll out Facebook, Google, and Twitter etc before Persona, but in my opinion that would be a negative contribution to the ecosystem.

Of all the SSO solutions I know about, Persona is the only one I feel that is likely to make the ecosystem a better place over time.

FYI I came to this conclusion after scanning the docs, which I recommend if you're interested.

The plan (and baldamiq mockups) as I understood it is to start with Google, then add Facebook soon after. Though the plan may have evolved; Loomio's a dynamic place.

@raphaeljadot! Great to hear you supporting Persona. I personally really want to get it implemented. We've been working on SSO for Loomio, starting with Google Accounts support, once that is in there will be an obvious template for developers to follow when they want to implement another sign on service.

So in a few weeks it'll be pretty straight forward to implement Persona. I love the principals of Persona and really want to see Loomio embrace it too.

Thanks again.

You only need to put persona in or persona & facebook. If you have gmail, most probably it will be your email account linked to persona, so there is no need to put in gmail login. I found amazing not to have to remember passwords with persona, I think its a winner.

Hi @raphaeljadot , great to see you in here! It would be totally appropriate for you to put up a proposal on this if you'd like :)

The Loomio Community group isn't a decision-making forum, but it's a good place for anyone to raise things that they'd like to discuss.

Proposing something like "do people think it would be a good idea to support Persona?" could work very well

@matthewbartlett , I think it's a really important point to consider - realistically, a tiny proportion of our users would have pre-existing Persona accounts, and only a small proportion would be likely to set up Persona accounts as a result of stumbling across it via Loomio - but this would still be a good thing.

I'd personally be in favour of implementing SSO with Google, FB, and Persona (possibly in that order) to give people the option, then in the ideal situation that Persona starts to become more and more common, could promote it as a preferred option in some way.

The value of enabling login with externally issued/managed federated credentials is very high. There's a lot more practical value in going after "SSO with Google, FB, and Persona (possibly in that order)" than just supporting Persona alone, partly because there are larger architectural and policy dimensions at play. In my experience, it is useful to start identity/SSO initiatives to have a working general agreement on the priority intended goals to guide the work... eg: "increase user adoption" or "ease of use" or "provide simple integration point with other discussion apps/services using federated identity" etc. Bottom line: any SSO is better than no SSO for Loomio, and so I hope something results from this discussion.

It's not too hard to integrate Mozilla Persona with Devise. I have an example app demonstrating how to use the Devise-BrowserID-Authenticatable gem, if you folks are really interested in integrating Mozilla's single-sign-on solution.

Hey @jessedoud check out the links in Sean's comment here :)

I have been keen to support Persona, but the only way I can currently do that is to encourage the online services I use to adopt it. If I could login to Loomio with Persona, I could get into a habit of using it regularly, and make a stronger case for CoActivate and permaculture.org.nz to support it too. If that happened, more people could get into the habit of using it regularly, and the positive influence could spread.

An increasing number of people who are making an ethical decision not to use FaceBook or Google, just as people might choose to Boycott McDonalds, or eggs laid in battery cages. I think it would make a strong ethical statement for Loomio to support Persona (and perhaps OpenID) first. It would make an even stronger ethical statement to not support people logging in with FB or Google credentials at all.

@strypey love the clarity of your call for not using google Facebook sign ins to send a message about our ethics and it seems we will reach easy agreement on Persona.
I am keen to see volume of people using Loomio though. We need 20,000 users to even break even so right now my focus is much more on making Loomio really easy to get to and this will involve starting where people are at I suspect.

Thanks Vivien, I understand the need to meet people where they are. Even the Pirate Party has a FaceBook page, and GoogleGroups atm ;)

This is why I suggest supporting an open standards like Person first, as an ethical statement, then rolling out FB/ G+ as a pragmatic statement (maybe a couple of weeks later to give people time to try out Persona).

If @robertguthrie is right that the code that's being developed to support G+ can be easily extended to support other SSOs, this needn't slow you down too much.

@benjaminknightloom and anyone whou could be interested, here is for your information a link to a related discussion in dev-identity (ml of Mozilla Persona)

Two quotes that may interest:

Sean MA:

If anyone needs help implementing, we're always here."

Andrew C:

100% and in fact, I'm always in Wellington (which I just found out in a
totally unrelated way that you're also here).

I may be popping into Enspiral for a beer o'clock in the next few weeks but ping me if you'd like me to come into town if you need any help or just fancy a chat before that.

Here is a copy of a reply sent by Dan Callahan in the identity/persona discussion about loomio..

I don't know if it's still possible to add comments to the discussion, but a few notes based on concerns that were raised:

• "What proportion of visitors are likely to have a Persona account?"

All Gmail and Yahoo users effectively have an account today. That's over 700 million active addresses, or likely 60-80% of users on most English-language websites.

More importantly: People don't need an account beforehand. Persona is simply a nice, federated implementation of "Sign in with your email." If you have an email address, Persona will work for you today. In the worst case, it falls back to acting just like a traditional login system (verification email, etc), so the base case is identical.

• "We've been working on SSO for Loomio, starting with Google Accounts support"

I'd humbly suggest that Loomio explore Persona first, as it acts as a superset of Google login, with additional privacy-preserving features. More info.

I'd really like to insist on what has been said in my previous comment: there are in fact more people "ith a persona account than a google account :)

@raphaeljadot you don't know that. i mean that more people have persona account than a google account.

i think the best it to have a multiple option to login with what everyone has. It can be google, yahoo, hotmail, facebook, persona, openid, etc.

It is more equal to all than to say to other before you login you must have account to persona or to google only.

@christaklis it's simply because every one who has a google account has a persona account (explained in a previous comment) or in this link in addition to yahoo accounts (yahoo + google + other persona account > only google :)

@christaklis in fact, a persona account is not an account by itself (it's not openid, for example). It's only related to your email address, which means by only having an email address you have a "persona account". The advantage is that if you are already connected with yahoo or google, you don't have to enter a different password thanks to identity bridge

Look @raphaeljadot ... i didn't know what was Persona and i of course haven't account. Now i know because of this discussion and i have made an account.

In Greece, very few people know about persona or openid. The most people want to register or login with their google/hotmail/yahoo/facebook account. and mostly of facebook account.

That general means that loomio "must" have as much options can for login. Look in some countries there have more knowledge of computers and some not. That mean that Loomio or general each tool must be as easy for everyone. That is my opinion.

@christaklis I totally understand what you mean In fact you consider persona as an account by itself. It's not. It's a login system. To make it simple You have a gmail account? It's a persona account. You have a yahoo account, it's a persona account.

About "facebook' it's another problem, because it's not related to an email address, unless you use a "@facebook.com" address. In this case, contrary to gmail and yahoo, a facebook account is not a persona account, still to make it simple (but the email address you used for creating your facebook account is a persona account)

It's why I made the proposal of implementing Persona "before" google and yahoo.

i read that to create persona account you have to choose what email address you want. that i did it to login in persona.

but how it is different. i still can't understand it.

you mean that all email adresses like google, yahoo and other is made by persona?

@christaklis have to run just now, but i'll come back with something i hope will be clear explanations :p

ok i am waiting...

I strongly support signin with persona. I've been following its development closely, and implemented it as the only sign in option for a collection of decision making tools I built (intertwinkles). A few caveats to be aware of:

• Persona might require a little more redesign than just dropping in facebook connect etc. Its API is very javascript-native and ajaxy; to use it properly would require loading scripts on every page.
• A fair number of users are confused about the privacy implications of persona. In my work with InterTwinkles, many users interpreted it as the opposite of what it is -- they thought it was an SSO that would reduce their privacy and collect more info about them.
• Implementing more than one sign-in option can result in user confusion. I recommend choosing a minimum set -- loomio-specific login and persona is a good minimum, especially because persona bridges to other major services like Google and Yahoo.

Chris is raising some important points to consider when implementing Persona. Namely, very few people will click on a button that says "Sign in with Persona," because people don't know what Persona is.

The simple fix? Label the button "Sign in with your email," since that's what Persona is. The "Persona" part is just an implementation detail for developers. :)

@dancallahan what about putting, say, the Google and Yahoo logos on the button too?

Welcome to the community @dancallahan! Great to have your first-hand experience in here :)

There's really strong alignment between the values driving Persona and the motivations of Loomio, so I love the idea of working together.

I think there are real benefits in implementing Persona as an initial SSO for Loomio. The only potential downside I can see is that things might not be quite as accessible as having stock standard 'sign in with FB' 'sign in with gmail' buttons, but I'm sure we can design our way around things to maximise clarity and accessibility

@dancallahan thank you for joining and helping me in explaining with simple words :)
@christaklis dan is the man for better technical explanations :)
@richarddbartlett I think it could be a good idea to make a button such as sign with your email or yahoo or gmail :)

It's working now Woohoo!

@robertguthrie I notice on my iPhone 3GS, using SSO Google, that it now asks me to sign in every time; and it doesn't go to the page I requested before sign-in (inbox).

Thanks Matthew.

Great to see Persona on the Loomio front page! Who would I have to buy a sandwich for to make it the first of the three (before FB and Goog)?

Also, if there were some experts who helped you with Persona integration, could someone from the Loomio crew put me in touch with them? We'd like to do the same thing for permaculture.org.nz.

@robertguthrie's the expert!

@strypey At first I built our own stuff to connect to Persona, down to http requests, following mozilla developer guides, then I dropped it all in favour of OmniAuth.

The nice thing we did was create an identity model (User has many Identities) so that users can authorise against many services and link each one to their user account.

Thanks to @matthewbartlett for the tip, and @robertguthrie (I see the resemblance now!) for the explanation. Being a power user rather than a coder, I have a rough idea what you're describing, but it would be good to get a more detailed explanation. What I need to understand is to what degree what you've done can cross over to a Drupal site.