Loomio

Add Persona Log in to Diaspora

F
Flaburgan Public Seen by 83
F

Flaburgan started a proposal Wed 12 Sep 2012

Add Persona Log in to Diaspora Closed Thu 20 Sep 2012

Persona (was called BrowserID) is a system powered by Mozilla which allow you to link your browser with e-mail addresses. See https://www.persona.org/ and https://github.com/mozilla/persona.org

You need to log once, and you're logged on every web-site which implements Persona. (Better than OpenID !)

I think that if we put Persona on Diaspora, it will be very powerful to provide support to users. We can offer a forum, a platform for suggestion, etc and nobody need to subscribe on each web site. And if we talk about it to Loom.io developers, maybe Loom.io can implement it too.

I already deploy it on some web site, it is REALLY simple. 30 lines, maximum.

Think the non-multiplication of accounts is a requirement to have a real participation of all the community.

Results
Agree - 4
Abstain - 4
Disagree - 4
Block - 4
4 people have voted (2%)
F

Flaburgan
Agree
Wed 12 Sep 2012

A

altruism Wed 12 Sep 2012

Interesting, OpenID is good but have some disadvantages. I will read some about this "persona" and then I will get back.

A

altruism Wed 12 Sep 2012

Does it work with Opera, Chrome and other browsers? :)

F

Flaburgan Wed 12 Sep 2012

Altruism : Of course ! Everything Mozilla makes work on every platform ;)

The web site just have to do a POST request to the Mozilla server, and parse the JSON answer to know if the user is log in or not. I can do it really easily.

FS

Florian Staudacher Wed 12 Sep 2012

I'm always pro-'everything that makes it more interoperable'.
I think the best way to get this integrated would be a plugin for the devise gem...

F

Flaburgan Wed 12 Sep 2012

Florian : I really know NOTHING about Ruby, I don't know what a gem is, but if you look at this example of implementation you will see that it is something really small.

SH

Steven Hancock Wed 12 Sep 2012

There's an OmniAuth strategy for BrowserID, assuming nothing has changed except the name, it should work with Persona. https://github.com/intridea/omniauth-browserid

We're already using OmniAuth for Twitter and Facebook account linking anyway, might as well use it to its full potential.

SH

Steven Hancock
Abstain
Wed 12 Sep 2012

I'd have to know more about how this works before saying yes or no.. but as far as I can tell we should be able to use this with OmniAuth

SH

Steven Hancock
Agree
Wed 12 Sep 2012

After looking at their site this seems pretty simple to integrate with OmniAuth for the Diaspora app and the PHP code to make it work with MediaWiki, Drupal, etc. wouldn't be too complicated either.

F

Flaburgan Wed 12 Sep 2012

Steven : the process of the JSON is really simple to do with any programming language (I did it using Java, Ruby can do it easily too.)

SH

Steven Hancock Wed 12 Sep 2012

@Flaburgan Yeah, I see there are plugins for Drupal and Wordpress too.. none for MediaWiki but that wouldn't be too hard to do.

Even better than the OmniAuth strategy, I see that there's a Devise plugin for this and it's written by a Diaspora contributor/podmin. :)

https://github.com/denschub/devise_browserid_authenticatable

F

Flaburgan Wed 12 Sep 2012

There is probably a plugin for MediaWiki somewhere, I'll search (I'm a Mozilla contributor)

F

Flaburgan Wed 12 Sep 2012

Mozilla Dev answer : "there isn't one yet. I tried to write one and ran into the problem that media wiki does not support querying its user database by email, this is because an email is not required to access an account. I asked a Wikipedia developer about this and he said there were no plans to add it and that if I wanted that functionality, I would have to write it - of which I did not have time."

G

groovehunter Wed 12 Sep 2012

got the drupal module enabled, please try

When i enter my credentials the redirect target is not found.

A

altruism Wed 12 Sep 2012

Cannot try, I get an error when I try to load the page in Chrome. Notice: Undefined variable: default_container_width in include() (line 16 of /var/www/vhosts/d7_themes/beta/templates/page.tpl.php)

Should I try another browser?

A

altruism Wed 12 Sep 2012

Is Persona safe? How do Mozilla manage my data?

Persona ToS and PP:

https://login.persona.org/privacy
https://login.persona.org/tos

G

groovehunter Wed 12 Sep 2012

An unknown error occurred while attempting to validate your BrowserID login. After clicking "OK," you will be redirected ...
with FF and chromium

groove LOGGING OFF for a few hours cu

A

altruism Wed 12 Sep 2012

Cu later Groove! You did a great job today.

JR

Jason Robinson Wed 12 Sep 2012

Altruism - if some log in feature is added no one forces you to use it :) So voting should be based on whether this would make D* more better and accessible - not on personal usage patterns :)

JR

Jason Robinson
Agree
Wed 12 Sep 2012

SH

Steven Hancock Wed 12 Sep 2012

@Jason Not to mention we already allow linking to Facebook accounts. As someone who uses both, I'd have to say Mozilla's privacy policy (and the way they treat your personal information in general) is much more acceptable than Facebook's.

JR

Jason Robinson Wed 12 Sep 2012

As a general principle anything making it easier to join a D* pod should be done IMHO. Hell, why not even creating an account by using your Facebook or Google credentials.

But we have to remember to make sure in any option (Persona too) that the user should be able to switch their log in method to a pure D* account if for example they stop using the other service. I think this is critical.

FS

Florian Staudacher
Agree
Wed 12 Sep 2012

I agree with Jason: "anything making it easier to join a D* pod should be done" ;)

A

altruism Wed 12 Sep 2012

"Altruism - if some log in feature is added no one forces you to use it :) So voting should be based on whether this would make D* more better and accessible - not on personal usage patterns :)" Aha, I have not voted or expressed something that would indicate on the contrary. I do not understand why you are telling me this, care to explain?

JR

Jason Robinson Thu 13 Sep 2012

altruism, just referring to your comment on whether Persona log in possibility will endanger your data. So I assumed you we're considering your own data relating to this proposal.

Sorry if my assumption was wrong.

F

Flaburgan Thu 13 Sep 2012

So, is someone who know how the actual log in works want to work with me on that ?

I never contribute nor look at the Diaspora code for the moment...

T

tortoise Thu 13 Sep 2012

I think if we include it, we should be very clear about safety and privacy. Some people present are more open, which is fine, but I think we should be able to explain to users what the risks/benefits are for using this.

Disclosure is an honorable thing and it creates trust, and that's what will bring in more users. Not convenience.

F

Flaburgan Thu 13 Sep 2012

That's why I proposed Persona. Mozilla is a foundation and I trust in it.

A

altruism Thu 13 Sep 2012

Flaburgan, it has to be clear to new users that he/she can trust Mozilla. Not everybody is involved in the Mozilla Foundation as you are :)

SH

Steven Hancock Sat 15 Sep 2012

True, but I'd think most people know what Mozilla is thanks to Firefox. The real question is, how do they know (without visiting persona.org) that Persona is run by the same people who brought us Firefox? :)

JR

Jason Robinson Sat 15 Sep 2012

I don't know what the issue with trust is since only people who already have a Persona log in are likely to use this option ;)

It's like a "Log in with Facebook" button. Only people with Facebook accounts are going to press it.

F

Flaburgan Thu 20 Sep 2012

So, here we go ?

JR

Jason Robinson Thu 20 Sep 2012

Then we just wait for someone to code it :)

ST

Sean Tilley Thu 20 Sep 2012

What would be particularly interesting wouldn't just be having Persona to log in to a pod. I think it'd be really interesting if we could modify Persona for, say, decentralized app authentication. Just put in your Diaspora handle and password to log in to a site, and it could work similarly to "Log In With Facebook", only it'd be decentralized. Maybe other socnets could use it as well somehow, then we might just have a standard, secure way of authenticating apps using whatever decentralized platform you want.

JH

Jonne Haß Thu 20 Sep 2012

There's already a decentralized method for authentication: OpenID. I bet there's a gem or so to make a rails app an OpenID provider. If not might be worth creating one instead of hacking a unsuited protocol. Might look into that if the pressing refactoring stuff is done (or I'm bored of it :P). Shouldn't stop anyone from trying earlier.

ST

Sean Tilley Thu 20 Sep 2012

Interesting! I just finished reading a basic comparison between OpenID and oAuth, what benefits does OpenID provide that oAuth falls behind on?

ST

Sean Tilley Thu 20 Sep 2012

Also relevant: I've found a gem for adding Persona login to Rails apps. If we want Persona on pods for just user login, this might provide something interesting: https://github.com/bobjflong/persona_on_rails

It looks like it actually might be fairly trivial to implement. Might merit some experimentation?

JH

Jonne Haß Thu 20 Sep 2012

Uhm did you read everything? Steven already linked Dennis devise strategy ;)

JH

Jonne Haß Thu 20 Sep 2012

Back to OpenID vs oAuth: OpenID is as said decentralized. oAuth requires the clients to have some key and secret beforehand therefore we would need to hack the oAuth flow (what we did for a while but DInc removed that again) to allow automatic client registration. Requiring the client developers to register at every possible pod and every new pod popping up is… highly unrealistic.

ST

Sean Tilley Thu 20 Sep 2012

Was much farther down in the conversation; admittedly I missed it on mobile. ;) I'll check it out.

As for the problem of having to register every possible pod: totally makes sense. That would be a nightmare to deal with, at least without that hacked flow.

Apparently, we got rid of the oauth_provider gem due to circular dependencies. Either way, we can agree that a better implementation than a hackified oAuth is needed in the long run.

F

Flaburgan Fri 21 Sep 2012

"I think it'd be really interesting if we could modify Persona for, say, decentralized app authentication"

No need to modify Persona : it just links your browser with your email, so in every website which support it, you are logged.

F

Flaburgan Wed 21 Nov 2012

The best way to do it is to transform the pod in a Mozilla Persona Provider : The pod will certify the authentication, and a diaspora handle will become an Internet identity. So an inscription on Diaspora will be enough to use the system (no need to register to anything with Mozilla). Moreover, a diasporan will be able to connect on each site allowing to connect using Persona (like diaspora-project, but why not Loom.io, and others !) without registering !!