2 features, 1 name



  • A couple of years ago Firefox introduced the completely useless and pointless feature callled "Persona" which is nothing more than a graphic which gets loaded into the upper portion of Firefox and interferes with the menu bar.  As far as I can tell, it still exists

    So now, Mozilla has launched a new project, their version of OpenID, and it's called . . . . wait for it . . . . Persona.  That page also contains a helpful feature that I have seen on several other websites.  I call it "links that don't actually go anywhere".  Click on "How it works" at the top of the page and it takes you to . . . .  the same page that you are already on!!



  • @El_Heffe said:

    I call it "links that don't actually go anywhere".  Click on "How it works" at the top of the page and it takes you to . . . .  the same page that you are already on!!
     

    Because...

    [ drumroll! ]

    That is the page you are on!

    It just doesn't indicate that in the menu.



  • You're linking to the "How it works" page. Of course you're going to get the same thing.



  • The graphic skinning was/is called "Personas" (note the s), the new name for BrowserID is Persona, and it works well.



  • Name gripes aside, I'm cautiously optimistic that Persona solves some of the horrible glaring problems with OpenID.

    I'm almost positive it doesn't, and adds brand new horrible glaring problems of its own. But I'm trying to be cautiously optimistic about it!



  • @pinkduck said:

    The graphic skinning was/is called "Personas" (note the s)
    A Persona.  Personas is the plural..  You don't say "Download a Personas".  Regardless, they really should have put a little effort into coming up with a new name.



  • Wow another single sign-on that nobody will use, if only because the only people who are still using Firefox are Firefox loyalists, people on ten-year-old machines, and users who think it's normal for extensions to be disabled for a few days every three weeks.



  • @MiffTheFox said:

    it's normal for extensions to be disabled for a few days every three weeks.
     

    That happened like once or twice. Hasn't happened and I didn't remember it until you posted this, so from my point of view it's a non-issue or a solved problem.



  • It's very much not solved, it just depends on the plugins you use. On one machine, where I used to have Fiddler, its Fx plugin kept breaking all the time until I gave up. On a Linux box, I was using Moonlight until recently (it's been discontinued) and it also broke every single time.



  • @GMMan said:

    You're linking to the "How it works" page. Of course you're going to get the same thing.
     

    Hum.. No, I'm pretty sure he's linkig to the "about" page.

    But, anyway, if that is hte page he's in, that link shouldn't exist.



  • @Mcoder said:

    @GMMan said:

    You're linking to the "How it works" page. Of course you're going to get the same thing.
     

    Hum.. No, I'm pretty sure he's linkig to the "about" page.

    But, anyway, if that is hte page he's in, that link shouldn't exist.


    You clearly didn't check the URL of the "How it works" page. It says "about".



  • @MiffTheFox said:

    if only because the only people who are still using Firefox are Firefox loyalists, people on ten-year-old machines, and users who think it's normal for extensions to be disabled for a few days every three weeks.
     

    The alternative is to have no usefull extensions at all, and have Google spy on you? Thanks, I'm out.

    If it didn't froze when a page is loading, was able to correctly download files, and didn't crash once in a while, Firefox would be perfect. But it is still less worse than Chrome, because of those extensions (you know, you don't need to upgrade at the exact moment they release something) and because it obeys MY commands, not Google's ones (that is, sometimes it won't obey anybody at all, it'll just stay there, playing dead).



  • @Mcoder said:

    @MiffTheFox said:

    if only because the only people who are still using Firefox are Firefox loyalists, people on ten-year-old machines, and users who think it's normal for extensions to be disabled for a few days every three weeks.
     

    The alternative is to have no usefull extensions at all, and have Google spy on you? Thanks, I'm out.

    If it didn't froze when a page is loading, was able to correctly download files, and didn't crash once in a while, Firefox would be perfect. But it is still less worse than Chrome, because of those extensions (you know, you don't need to upgrade at the exact moment they release something) and because it obeys MY commands, not Google's ones (that is, sometimes it won't obey anybody at all, it'll just stay there, playing dead).

    Let me guess, you also use Linux* because you're afraid Apple and Microsoft are spying on you? If you're really paranoid, just use a fork of Chrome like Iron that takes out "spyware" such as installer logs, updates, and search suggestions.

    And last I checked yes you did have to update extensions after every upgrade because Mozilla wouldn't let extensions that specify a max version greater then the current stable of Firefox into AMO. Unless they changed that recently and now let developers just say that their extensions will work in up to Firefox 10 million or something**.

    Also what extensions do you use that don't have equivalent extensions for Chrome, or even better, functionality built in to the browser already? Did you know that when Chrome launched it had Firebug and Greasemonkey*** built in?

     

    * Non-Ubuntu, because Canonical has root! </meme?>

    ** Firefox 10 million projected release date: In two years.

    *** Userscript support has been removed for whatever reason though, but reinstated via an extension.



  • @MiffTheFox said:

    @Mcoder said:

    @MiffTheFox said:

    if only because the only people who are still using Firefox are Firefox loyalists, people on ten-year-old machines, and users who think it's normal for extensions to be disabled for a few days every three weeks.
     

    The alternative is to have no usefull extensions at all, and have Google spy on you? Thanks, I'm out.

    If it didn't froze when a page is loading, was able to correctly download files, and didn't crash once in a while, Firefox would be perfect. But it is still less worse than Chrome, because of those extensions (you know, you don't need to upgrade at the exact moment they release something) and because it obeys MY commands, not Google's ones (that is, sometimes it won't obey anybody at all, it'll just stay there, playing dead).

    Let me guess, you also use Linux* because you're afraid Apple and Microsoft are spying on you? If you're really paranoid, just use a fork of Chrome like Iron that takes out "spyware" such as installer logs, updates, and search suggestions.

    And last I checked yes you did have to update extensions after every upgrade because Mozilla wouldn't let extensions that specify a max version greater then the current stable of Firefox into AMO. Unless they changed that recently and now let developers just say that their extensions will work in up to Firefox 10 million or something**.

    Also what extensions do you use that don't have equivalent extensions for Chrome, or even better, functionality built in to the browser already? Did you know that when Chrome launched it had Firebug and Greasemonkey*** built in?

     

    * Non-Ubuntu, because Canonical has root! </meme?>

    ** Firefox 10 million projected release date: In two years.

    *** Userscript support has been removed for whatever reason though, but reinstated via an extension.

    I use Safari.

    START THE FLAMES :D.



  • @MiffTheFox said:

    Did you know that when Chrome launched it had Firebug built in?
     

    That's webkit, not Chrome. And it's cool. But I like Firebug better.



  • @blakeyrat said:

    Name gripes aside, I'm cautiously optimistic that Persona solves some of the horrible glaring problems with OpenID.

    I'm almost positive it doesn't, and adds brand new horrible glaring problems of its own. But I'm trying to be cautiously optimistic about it!

    <commencing rant about single sign on in 3 ... 2 ... 1 ... >

    I think the web would really benefit from a (working) single sign on solution - it would force services to invest more in interoperability and would make life of users a lot easier - but I don't see how something like this would be possible at all from a commercial perspective.

    I mean, take a look at the sites that use the (in)famous "Log in with Twitter/Facebook/whatever" functions, which I'd say is the closest to a working single sign on function we have so far. Even most sites which make use of those functions don't allow you to actually sign in with them - they're basically using them as a disguised "register" button which will conveniently connect your new account with your Facebook identity. You still have to answer the same annoying questions you've had before.

    The reason is of course that right now you can earn big bucks if you provide an account API - but you will almost only have disadvantages if you're the consumer of such an API. I think before this changes, we'll keep having everyone and their grandma presenting their new killer single sign on solutions - and we'll have no one using it except themselves.

    <end of rant>

    @MiffTheFox said:

    *** Userscript support has been removed for whatever reason though, but reinstated via an extension.

    It technically hasn't been removed - it's just a consequence of Google's new policy that all remotely extension-ish things for chrome are now to be installed via their web store, and only via their web store. Of course that makes Chrome's native userscript support completely pointless, but it's still technically there...

    I'm rather surprised that the above extension is still allowed in the web store, because it effectively breaks that exact policy. I'd like to stick up for the conspiracy theorists in this one and guess that it won't be available for very long anymore.



  • @PSWorx said:

    I think the web would really benefit from a (working) single sign on solution

    It had one. Passport.com. But being owned by Microsoft meant the 2/3rds of the web run by the "Microsoft SUX!!!! OPEN SORESS!!!!" people would never adopt it.



  • @blakeyrat said:

    @PSWorx said:
    I think the web would really benefit from a (working) single sign on solution

    It had one. Passport.com. But being owned by Microsoft meant the 2/3rds of the web run by the "Microsoft SUX!!!! OPEN SORESS!!!!" people would never adopt it.

    Have there ever been any non-Microsoft auth providers/login servers/etc that you could use with Passport though?



  • @MiffTheFox said:

    Let me guess, you also use Linux* because you're afraid Apple and Microsoft are spying on you?
     

    I mostly use Linux, but not because of Apple or Microsoft spying on me. Differently from Chrome, Windows and OS-X don't directly spy their users (altough Windows puts a huge target at you, and invites all the interested parties around the world to).

    By the way, Canonical by no means has root of your computers. But, anyway, for unrelated reasons, I prefer to avoid them, and use plain Debian on most computers.

    @MiffTheFox said:

    If you're really paranoid, just use a fork of Chrome like Iron that takes out "spyware" such as installer logs, updates, and search suggestions.

    Konqueror works well for me. I guess it is similar enough so I won't want a fork of Chrome... But I miss some extensions.

    @MiffTheFox said:

    Also what extensions do you use that don't have equivalent extensions for Chrome, or even better, functionality built in to the browser already?

    Right now, I have an ad blocker that works; mass downloading functionality; Noscript (that is available, right?); and 5 web development related ones, one of those is firebug (available).

     

     



  • There's no NoScript for Chrome becuase only paranoid Firefox users think it still doesn't break the internet.


  • Considered Harmful

    @MiffTheFox said:

    There's no NoScript for Chrome becuase only paranoid Firefox users think it still doesn't break the internet.

    I install NoScript but leave it on Allow Scripts Globally. It still catches and blocks suspicious script behavior: anything that looks XSS-y, clickjacking, redressing... Really the sheer number of known script exploits is enough to make me leery.



  • Surely TRWTF is that Firefox seem to have reinvented OAuth / OpenID ? Yes Mozilla, what open source really needs is another competing authentication method in the market.

    It could be their very own Netscape 5.



  •  I just forbid every script on my personnal computer. You know what ? Internet work fine everywhere. From time to time, I have to lend temporary exceptions for some useless thing, but apart from Facebook I can't recall a site really broking without javascript - and since Facebook have to be the main thing you want to block anyway...

     (and I will wait for Chromium linux to work somewhat reliably before considering switching - and I use linux mainly because the price of a windows installation is not worth the OS, while I am on a strict no pirating policy)


  • Considered Harmful

    @Quango said:

    what open source really needs is another competing authentication method in the market.

    obligatory


  • Trolleybus Mechanic

    @joe.edwards said:

    @Quango said:
    what open source really needs is another competing authentication method in the market.
    obligatory
     

     

    I think you meant to post this one:

     



  • But the real question is, can you summon your Persona to battle by shooting yourself in the head?



  • @blakeyrat said:

    Name gripes aside, I'm cautiously optimistic that Persona solves some of the horrible glaring problems with OpenID.

    I'm almost positive it doesn't, and adds brand new horrible glaring problems of its own. But I'm trying to be cautiously optimistic about it!

     

    Now, I'll admit I don't use OpenID all that much, due mostly to it not being used on a lot of the sites I use.  But when I *do* use it, it's always worked quite well for me.  What's so glaringly horrible about it?

     



  • @Mason Wheeler said:

    Now, I'll admit I don't use OpenID all that much, due mostly to it not being used on a lot of the sites I use. But when I do use it, it's always worked quite well for me. What's so glaringly horrible about it?

    * Terrible usability (requires either a redirect to another site, or entering a long complicated gibberish URL, or both). This is by far the most glaring issue.

    * Tons of incentive for sites to become OpenID providers, very little incentive for sites to accept OpenID logins from providers other than themselves. As a result, I probably have more OpenID logins than I have accounts on sites that accept OpenID logins. (If you do user-level analytics, you can't get shit from OpenID logins.)

    * No ability to merge two OpenID accounts into one (useful for when, for example, an OpenID provider decides to no longer be an OpenID provider-- in the current design you simply lose all data associated with that login and have to start over.) There's also no way to, for example, tell OpenID that my Google Account, my Yahoo Login and my OpenID.org login are all the same person and should be treated interchangeably.

    This I think is the biggest obstacle to adoption. StackOverflow (which bull-headedly refuses to make its own account system and uses only OpenID instead) "solved" it by allowing a single user to add multiple OpenID logins, but of course that solution:
    1) Only works for sites that offer it, and
    2) Requires users to be forward-thinking enough to add multiple logins before their OpenID provider shuts down, which is a ridiculous thing to expect
    3) Creates tons of hassle for admins when an OpenID provider does go down (because they have to update the accounts for people who didn't do 2) manually, or because they get bad press when a third-party makes their user lose all the data on their site)

    With a normal website login system, my data is "owned" by two parties: myself, because I know the password, and the website because they store the actual data. If either party loses their bit, the data is lost. With OpenID, my data is "owned" by three parties: myself, the website, and my OpenID provider. Even worse, the third party, the OpenID provider, has near-zero incentive to continue being an OpenID provider.

    * Advanced features require owning or renting a web server. (For example if you want to be your own provider to prevent the previous bullet-point.)

    * I used to have on my list "requires a web browser to accept a OpenID login" but I think the newest version of OpenID solved that one.



  • @blakeyrat said:

    [long list of OpenID misfeatures]

    Plus, it doesn't work better or faster or more conveniently or more controllably or more securely than KeePass or any number of other user-controlled encrypted password safes, none of which require any special server-side support. OpenID is a non-solution to a solved problem.



  • @MiffTheFox said:

    There's no NoScript for Chrome becuase only paranoid Firefox users think it still doesn't break the internet.

     

    Funny, some sites just don't work unless I block Javascript.

    But the main reason I use NoScript is that I can control what sites run Java and Flash.

     



  • @MiffTheFox said:

    And last I checked yes you did have to update extensions after every upgrade because Mozilla wouldn't let extensions that specify a max version greater then the current stable of Firefox into AMO. Unless they changed that recently and now let developers just say that their extensions will work in up to Firefox 10 million or something.
    If an extension says it's compatible with the latest Firefox, and if it consists exclusively of XUL, HTML, and JavaScript (no XPCOM Extensions or other binary sludge), then it will automatically be bumped to new Firefox versions when they come out. If it does have binary sludge, like Fiddler's COM+ connection to Fiddler to figure out when it's running and what port to use, then you need to update it. Every six weeks. Whether it actually breaks or not. (With a new binary with a new XPCOM version number.)@MiffTheFox said:
    Also what extensions do you use that don't have equivalent extensions for Chrome, or even better, functionality built in to the browser already? Did you know that when Chrome launched it had Firebug and Greasemonkey built in?
    AdBlock Plus is almost worthless in Chrome, because it can't do the fun things it does in Firefox like actually prevent ads or their JavaScript from loading, it can only make images/flash disappear that have already loaded (and possibly pwned you) and can't do anything about JavaScript. NoScript does not exist. They may have a Firebug knockoff, but they don't have any of the new Web Developer features in Firefox. They don't have Greasemonkey anymore. Chrome attempts to silently automatically update, and if you close it while it's updating and attempt to run it as a limited user, it horks itself. (Firefox now also attempts to silently update, but they use a dedicated run-as-Trusted-Installer service which only takes action when all copies of Firefox are closed, and will un-hork things on a failed browser launch.) Personas (custom toolbar imagery) is not supported. Persona (single-sign-on) is only partially supported. There is no analogue to Mozilla Weave (bookmark, history, and tab synchronization). There's no version of Chrome for Symbian, Windows Mobile 5 and 6, Windows Phone 7, SPARC Solaris, Alpha AXP Windows 2000, PowerPC Windows 2000, or OS/2. (Firefox runs on all those platforms except WP7, and prior to NoDo there was a build you could sideload.) I admit some of these are not extension issues, but damn it, I'm on a rant...



  • @blakeyrat said:

    * * * *
     

    oh oh! Now do OAuth!



  • @flabdablet said:

    OpenID is a non-solution to a solved problem.


    I wouldn't exactly call it "solved", given how many passwords you're still required to remember on the web today. But yeah, I agree that it's a non-solution.
    @TwelveBaud said:
    If it does have binary sludge, like Fiddler's COM+ connection to Fiddler to figure out when it's running and what port to use, then you need to update it. Every six weeks. Whether it actually breaks or not.
    And that's a desirable feature because ...?
    @TwelveBaud said:
    There is no analogue to Mozilla Weave (bookmark, history, and tab synchronization).

    Um? (though I'll give you that this will probably dump even more information into Google's data pool. Then again, Mozilla would get the same data using Weave.)



  • @blakeyrat said:

    Name gripes aside, I'm cautiously optimistic that Persona solves some of the horrible glaring problems with OpenID.

    I'm almost positive it doesn't, and adds brand new horrible glaring problems of its own. But I'm trying to be cautiously optimistic about it!

      Pro:
    • You log in with your primary e-mail address, using the credentials and log-in form of that primary e-mail address provider.
    • If support ever enters the browser, then your e-mail provider won't know what websites you visit, and the websites will only learn your e-mail address.
    • A Persona authentication is verifiable on its face using public-key cryptography; a round-trip back to the credential provider is only necessary when the authentication expires (daily by default).
      Con:
    • Still requires a web browser, just like OpenID. *
    • Still breaks if your primary e-mail provider goes under, although then you've a whole bunch more problems.
    • As it stands, Mozilla knows everything about everyone all the time, since they're the only people routing and verifying authentications. There is a way for websites to verify the information without hitting up Mozilla, but in practice, it's far easier just to use Mozilla's servers.
    * The latest version of OpenID still does not fix this. On the very few sites that support it, your in-browser JavaScript can trade in a set of credentials for an application token, and then somehow (window.external, or document scraping, or the good old ten-finger express) get that into your main application for use in REST calls, but it still requires a browser for the initial login.


  • @TwelveBaud said:

      Pro:
    • You log in with your primary e-mail address, using the credentials and log-in form of that primary e-mail address provider.
    • If support ever enters the browser, then your e-mail provider won't know what websites you visit, and the websites will only learn your e-mail address.
    • A Persona authentication is verifiable on its face using public-key cryptography; a round-trip back to the credential provider is only necessary when the authentication expires (daily by default).
      Con:
    • Still requires a web browser, just like OpenID. *
    • Still breaks if your primary e-mail provider goes under, although then you've a whole bunch more problems.
    • As it stands, Mozilla knows everything about everyone all the time, since they're the only people routing and verifying authentications. There is a way for websites to verify the information without hitting up Mozilla, but in practice, it's far easier just to use Mozilla's servers.

    Thanks for doing the legwork. Can it associate multiple logins to a single person, ala Passport?

    Edit: also it looks like there's still no incentive to site owners to actually accept these logins.



  • On the risk of sounding noobish, but if you're using the login credentials of the user's mailbox anyway (which basically would make the mail provider the actual auth provider), why would you need a 4th party (mozilla) at all?
    Why couldn't you just - I don't know - have a website that wants to use the service e-mail you some kind of key (on first login) and then have some module in Firefox connect to your mailbox and retrieve the key on subsequent logins?



  • @PSWorx said:

    @flabdablet said:
    OpenID is a non-solution to a solved problem.
    I wouldn't exactly call it "solved", given how many passwords you're still required to remember on the web today. But yeah, I agree that it's a non-solution.
    The password manager built-in to my web browser does a fine job of remembering passwords for me.  A "Single Signon" system for the Internet is trying to solve a problem that doesn't exist.  But, even if we accept the premise that we need some sort of central password repository, it's never going to happen.  Many of the problems with current OpenID type systems have already been mentioned here, but it really comes down to:

    1. It really only works if there is only one provider.
    2. Everyone wants to be that one provider.
    3. Even if we can decide on who that one provider should be, there is still no incentive for websites to use it

     

     



  • @PSWorx said:

    @flabdablet said:
    OpenID is a non-solution to a solved problem.


    I wouldn't exactly call it "solved", given how many passwords you're still required to remember on the web today.

    Personally, I'm required to remember one - the master password for my personal KeePass database. I no longer even know what any of my actual web or email or banking passwords are; KeePass made them all up for me (they all have at least 100 bits of entropy). It also remembers them for me, and autotypes them into sites as needed. I don't even need to sync my important bookmarks across multiple browsers and browser installations any more, because KeePass remembers all those as well. It's absolutely a solved problem. Has been so for ten years.



  • @flabdablet said:

    @PSWorx said:
    @flabdablet said:
    OpenID is a non-solution to a solved problem.


    I wouldn't exactly call it "solved", given how many passwords you're still required to remember on the web today.

    Personally, I'm required to remember one - the master password for my personal KeePass database. I no longer even know what any of my actual web or email or banking passwords are; KeePass made them all up for me (they all have at least 100 bits of entropy). It also remembers them for me, and autotypes them into sites as needed. I don't even need to sync my important bookmarks across multiple browsers and browser installations any more, because KeePass remembers all those as well. It's absolutely a solved problem. Has been so for ten years.

    Well, depends on your use-case. If you only want something to remember your passwords, you're right. (Which was arguably what I was telling in the previous post, I admit) - but that still leaves you with a whole mess of accounts that you have to remember and maintain separately.
    What Passport, OpenID, Persona, Facebook Connect etc try to do after all is to make you be able to log into (ideally) arbitrary pages with the same account, not just the same password - allowing consumers to use information from your account as well and, ideally, allow you to configure your account/read notifications/etc at a centralized place. Of course, because of what El_Heffe wrote, that problem is probably unsolvable in practice. But that doesn't mean people shouldn't think about ways of how to alleviate it.

    ... also after skimming the documentation of KeyPass, what do you do if you need to check your e-mail in an internet cafe?


  • @PSWorx said:

    Well, depends on your use-case. If you only want something to remember your passwords, you're right. (Which was arguably what I was telling in the previous post, I admit) - but that still leaves you with a whole mess of accounts that you have to remember and maintain separately.

    What Passport, OpenID, Persona, Facebook Connect etc try to do after all is to make you be able to log into (ideally) arbitrary pages with the same account, not just the same password - allowing consumers to use information from your account as well and, ideally, allow you to configure your account/read notifications/etc at a centralized place. Of course, because of what El_Heffe wrote, that problem is probably unsolvable in practice. But that doesn't mean people shouldn't think about ways of how to alleviate it.



    ... also after skimming the documentation of KeyPass, what do you do if you need to check your e-mail in an internet cafe?

    KeePass lets me group accounts into folders and subfolders, so it never becomes a "whole mess" of accounts. For example, one of my folders is "Has CC info" and any organization that has my credit card details on file goes in there; when my card expires, I know exactly which sites I need to log onto and update my details to keep e.g. domain autoregistrations and VoIP telephony working. And I would much rather do it that way than have a whole bunch of who-can-remember-who-I-authorized-to-do-what linked to a centralized server where my CC info is held.

    Checking my email in internet cafes is not something I generally do, because I can't trust their workstations not to have hardware keyloggers installed. I pay for a cheap VPN service for when I'm using one of my own devices on somebody else's wifi. If I'm using a workstation that isn't mine but is still trustworthy, I use the copy of my KeePass database and the portable KeePass executable I carry with me in USB memory attached to my car keys.



  • @flabdablet said:

    KeePass lets me group accounts into folders and subfolders, so it never becomes a "whole mess" of accounts. For example, one of my folders is "Has CC info" and any organization that has my credit card details on file goes in there; when my card expires, I know exactly which sites I need to log onto and update my details to keep e.g. domain autoregistrations and VoIP telephony working. And I would much rather do it that way than have a whole bunch of who-can-remember-who-I-authorized-to-do-what linked to a centralized server where my CC info is held.

    Checking my email in internet cafes is not something I generally do, because I can't trust their workstations not to have hardware keyloggers installed. I pay for a cheap VPN service for when I'm using one of my own devices on somebody else's wifi. If I'm using a workstation that isn't mine but is still trustworthy, I use the copy of my KeePass database and the portable KeePass executable I carry with me in USB memory attached to my car keys.

    That's surely the responsible way to do it, however I'm going out on an limb and guess that the the average joe user won't think like that. To adopt this as a really widespread solution, it would have to be easier to use than to just reuse the same password on every account (or once click on the shiny Facebook Connect button and be done with it). And keeping your keypass database updated, backed up and properly organized for every blog you might want to write a comment for once or twice certainly isn't. Let alone maintaining a custom VPN for off-site access and never using any kind of public computer.

    We might be talking about slightly different things. Your approach is probably useful for tech people and corporate environments, but I can't imagine how it would be adopted by average consumers or your facebook-addicted neighbour's daughter. Which, I think were some of the use-cases of OpenID and Passport. (Not that the facebook-addicted daughter should ideally have access to your credit card...)


  • @blakeyrat said:

    Can it associate multiple logins to a single person, ala Passport?
    Nope!@PSWorx said:
    On the risk of sounding noobish, but if you're using the login credentials of the user's mailbox anyway (which basically would make the mail provider the actual auth provider), why would you need a 4th party (mozilla) at all?
    Why couldn't you just - I don't know - have a website that wants to use the service e-mail you some kind of key (on first login) and then have some module in Firefox connect to your mailbox and retrieve the key on subsequent logins?
    Mozilla is only there "temporarily" while they're waiting to be able to build it into Firefox, to have all the mail providers implement their part of the contract, and for service consumers to do the validation themselves rather than asking Mozilla "does this pass the sniff test?". Plus, connecting to mail from Firefox has privacy concerns, and breaks Every Six Weeks (TM) since it can't be done from JavaScript, and doesn't solve the single sign-on problem.



  • @MiffTheFox said:

    Wow another single sign-on that nobody will use, if only because the only people who are still using Firefox are Firefox loyalists, people on ten-year-old machines, and users who think it's normal for extensions to be disabled for a few days every three weeks.

    You forgot "People at work whose only choices are IE or Firefox" which is why I'm typing this from Firefox instead of Google Chrome right now!

     



  • @PSWorx said:

    ... also after skimming the documentation of KeyPass, what do you do if you need to check your e-mail in an internet cafe?
     

    It's been ported to most of the major portable devices (iOS, Android, and, for the indie crowd, OpenPandora).

     



  • @TheLazyHase said:

    I use linux mainly because the price of a windows installation is not worth the OS, while I am on a strict no pirating policy)
     

    Is it like a diet or something?

     


Log in to reply