28 comments

[ 3.2 ms ] story [ 70.2 ms ] thread
Is there a source package for this? I already run my own Persona identity provider and wouldn't mind rolling this out for my family or for my workplace on servers I own
Of course it's a Mozilla project. Beautiful exection on two very cool pieces of tech. Fantastic. More Persona!

edit: Hey where's the beef! This one doesn't seem to be the Gmail-enhanced flavor of Persona. (That, and you should already have an account with a password for me...)

Tried signing in with a gmail account and it wanted me to create a password. The gmail bridge seems to be functioning normally at persona.org, so what's the deal?
Tin Can is currently an experimental project. The login is currently using personatest, which is running an older version. I'm not too sure what the status is (I'm a friend of the author) right now with integrating this into persona.
(Identity team member here.) Yes, that's right. tincan is against running an ephemeral instance of Persona that doesn't do the account bridging, and doesn't share a database with the real persona.org. We do plan to integrate this with Persona. Also, while I think this is an awesome use case for Persona, and we do intend to land it in Firefox [1], it's worth noting that the proposed webrtc idp proxy architecture [2] is designed to work with any identity provider, not just Persona, and could be incorporated into any browser.

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=878941 [2] https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-...

I skimmed that bug report up and down a bit, but I don't understand what piece your codifying as part of the browser..
btw, this is why you should apply for an internship on the Identity team next summer :-)
+100! It was awesome to be an intern!
This is also why people should hire Ryan Seys when he's done with university. Oops - I didn't just say that! Hopefully he'll be coming back to Mozilla :)
Fails in firefox 23.0.1 for me (I see myself, but not the other person). Fails in chrome 29.0.1547.57 as well with similar results.
I am sorry! It is likely due to WebRTC's inability to connect to others when difficult NATs get in the way. TURN servers can mitigate this but Tin Can is not set up to use a TURN server (yet).
Hi I'm the Mozilla intern that developed this and would really love some feedback! It's super-experimental right now, but feel free to try it out! I plan to release a more formal post later once some more bugs are squashed.
First of all, project looks great! Haven't had a chance to try it yet, but I've been impressed with other WebRTC demos, including http://vmux.co which is similar but uses Twitter to authenticate.

My slightly less positive feedback would be, it seems dodgy that it uses personatest.org instead of persona.org (and there's no website at www.personatest.org verifying its legitimacy). Kind of makes me anxious that I'm being phished. Any reason for this? You surely don't want people getting used to entering their Persona credentials at sites other than persona.org.

+1 about personatest.org. I felt also slightly uncomfortable about this and would like to know the reason :)

Otherwise it seems great :)

This is a test persona server as the code here is still very early and not in the persona's master branch yet.
Persona required some changes to the code that have not yet landed in production i.e. on login.persona.org so we are using personatest.org for preliminary testing :)
ah ok, thanks for clarifying :)
Same here, I'd feel more comfortable if it was something like test.persona.org.
#1-9: It's awesome.

#10: I agree with the comments about personatest. I flat out refused to login because I didn't recognize it and the Gmail bridge wasn't working.

Hm Persona (or browserid) is advertised as a decentralized solution to replace passwords with a centralized backup running on mozillas servers. To avoid exactly what happens to me now when I click on the "Sign in with email" button:

----------------------

Error We are very sorry. The server is under extreme load!

Please close this window and try again.

    Action: Checking if Cookies are Enabled
    Now: Thu, 29 Aug 2013 06:03:47 GMT
    Network Info: GET: /wsapi/session_context

    Response Code - 503

    Response Text: server is too busy

    Error Type: server is too busy
----------------------

just two days ago I tried to install everything so I could be my own browserid provider. Turns out that is not really easy (yet). Even if I got quite a bit and was able to run https://github.com/mozilla/browserid-certifier on my server, I never was able to talk to it via curl (the example they have just crashes it) or from a PHP script (I always got a 400 Bad Request). That is mostly because I didn't get how "pubkey - Object compatible with JWT public keys." should look like.

In the end, after a days work I gave up because it was already way after midnight. I hope in the future there will be single file-php-script which I could call from the HTML pages I need to provide which would do all the signing, etc. for one-person browserid providers like I want to become.

If you want to run your own IdP, look at this thing:

https://bitbucket.org/djc/persona-totp

Also, the reason the server is busy is because Tin Can currently needs a forked version of Persona, so it's not running on the production infrastructure.