Inspired by Indie Web Camp as well as the Unhosted project, I now host my own Persona Identity. I believe that Persona protocol will be an important building block for the Federated Social Web.
What is Persona?
Persona is a the decentralized authentication method which is a competitor to Facebook Connect, Twitter sign-in, etc. It’s being built by Mozilla, but works out of the box across devices and browsers.
Persona hopes to get email providers, universities, companies, and other entities to implement the BrowserID protocol. I’ve implemented this for myself, so any email address on the ozten.com domain will use my service for authentication. All ozten.com users would basically include me and my cat
What does it look like?
In this video, I’m logging into The Times Crossword page via Persona using my own service. It shows my avatar and I can type in my password. Avatars are provided by Libravatar and it’s the same avatar I use across the web. Sensing a theme here?
How does Persona and my self-hosted service look across the web? In the next video I log in to my self-hosted blog’s admin page, again to the Times Crossword, and a several other sites… Notice I don’t have to re-enter my password. I can just pick an active identity and go.
On the 3rd site, I click "this is not me" to show my hostedpersona log in screen again. Then I log in to several other sites with various identities. For example on Bugzilla I use a gmail account to manage bugs, so email@example.com wouldn’t be a good identity there.
Wow… so easy to reuse my self hosted identity across all these sites. Once I’m logged in, the Persona UX manages my session, so I’m not bugged for a password.
I challenge the organizers of next year’s IndieWebCamp:
Offer Persona Log In as a way to authenticate to http://indiewebcamp.com
(I’m happy to help)
Wanna own your own Persona?
Definitely weigh the options… self-hosting an important identity (I’ve used firstname.lastname@example.org for 15 years) is kind of dangerous (especially for me as Mozilla web properties use it) and will become more risky as Persona gains adoption across the web.
Wanna hack without too much risk? Register a new domain name instead of using your actual personal domain. Okay, enough parenting…
So you want to run your own service… what is required?
- SSL Certificate
- Crypto Code
- Dynamic server side code for provisioning and authentication
To get an SSL cert I needed a static IP. Getting a static IP was 1 click and 3.95 per month.
Getting an SSL cert was one click, 12 hours, and 15 bucks a year from my website hosting provider. You can do it cheaper and better, but I wanted to see what this would be like for novice netizens. (Okay, and I’m lazy)
My personal website is mostly PHP and I didn’t want to re-invent the Persona crypto wheel. I’ve been writing more Node code lately, so I decided to:
- Write a new Node based service
- Host it on ec2
- Reuse Mozilla’s browserid-certifier server to do all the crypto
The BrowserID protocol enables a domain to delegate authority to another domain. I had ozten.com delegate authority to hostedpersona.me.
Starting projects at 4:30am can lead to lame names… which is how I registered hostedpersona.me I picked this name as I might host friends’ Identities too, if they are dumb enough to trust them to me, since this is only a side-project.
Level of Difficulty
Implementing an Identity Provider service is much harder than adding Persona Log In to your website. If you haven’t played with that… do that first!
You are definitely better off trusting Mozilla or your email provider to manage your account’s security. Just say’n.
If you do want to do this… I think it’s about 10x as hard as adding Persona Log In to a website. Be sure to check out these tips.
So there you go, Persona has allowed me to have an easy to use, portable, self-hosted Identity on the web. I think Persona is going to be a key ingredient to the federated social web.