Experience using personas to provide site logins

I recently knocked up a site for internal use at an organisation. I didn’t want to spend a lot of time coming up with a user system – the app is based on Flask so I’d have had to find something to manage users, and then handle password resets, and it’s all just too awful to contemplate.

Having seen a bit about Mozilla’s “Persona” federated authentication (for some reason, confusingly sharing a name with their theme system for Firefox) on LWN I followed the quick setup, set up flask-browserid and a tiny bit of infrastructure to maintain a list of email addresses with access. It took a couple of hours to get going, and another hour to debug a mysterious IE bug – not bad.

The really impressive bit is how it’s worked for the people using the application. I’ve got over fifty people using it, of various levels of computer skill, and I’ve had almost no support burden. I circulated a small document showing people how to get started, but that’s it.

Although Personas is federated, almost everyone is using the fall-back mode where Mozilla certify the identity. In that mode Mozilla let the person set a password, send an email to the person, they click to confirm ownership of the email address, and then (impressively) the login continues the second they click the link.

That fallback mode, and the fact that the system works around email addresses – which people understand – rather then URIs – which people don’t – is no doubt why I’ve found it so successful.

Anyway, it’s worked well. I’d definitely recommend it over coming up with your own user management infrastructure.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s