Jon, We're talking about identity, which is pretty catastrophic if its wrong, so I'm operating with an abundanceof caution.
I love the idea of Persona, but don't know much about it, so please fill me in if you have answers to my questions/concerns. --- Persona has only just gone into beta, and is under active development. I know Google has stretched our ideas of using Beta software in production, but still... Persona is distributed, but there aren't any (major) IdPs signed up yet. What happens if no-one signs up? Do I have to worry about the service just stopping in a couple of years? I use 2-factor authentication on my Google account. How will this work? In my tests Persona can be pretty slow. What are Mozilla doing about provisioning, load spikes, etc? I've had some issues with the popup being suppressed sometimes on iOS. Don't know why, but its a no-no if users can't log in. Also, its easy to spoof the popup, as it has a weird address in the address bar anyway. During my (very limited) testing I used 2 Google Accounts. Could easily be 2 users of the one machine. When a session expired I'd log in to account A with a password, and after logging off and in again account B was available _without_ a password which I didn't like. Not that this is any worse than other providers, we've had nasty incidents with Google login cookies. If you use Facebook as identity provider (or Google to a lesser extent) you get told about failed login attempts and other stats to help protect your account. Does/will Persona off such facilities? Will the IdPs be able to? Tim On Wednesday, October 17, 2012 2:04:57 AM UTC+1, Jon Stevens wrote: > > I'm curious, what makes you think that Persona isn't ready for prime time? > We've been using it for Voost and while I admit, it isn't 100% perfect > (what is?), it definitely works great in a production environment. > > jon > > > On Tuesday, October 16, 2012 1:52:19 PM UTC-7, Tim Niblett wrote: >> >> There is a demo at http://personashiro.appspot.com showing how to set up >> Mozilla's Persona <https://login.persona.org/> for identity and Apache >> Shiro <http://shiro.apache.org/> for authorization. There is a small >> demo here <https://github.com/cilogi/personashiro/tree/master/micro-demo> >> which >> shows how to set things up. The aim is to be as simple to program as the >> built-in user service but to provide more authorization features. >> >> Persona isn't quite ready for prime time yet, but it looks interesting. >> It seems (in principle) to be more secure than using OAuth for >> identification, for what that's worth. >> > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/eA1qaCHqbXUJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
