A Persona interview
I have recently been contributing to Mozilla's Persona project, which is an awesome way to make authentication easier for sites and their users. They kindly published an interview with me, which I reproduce here in full for archival purposes.
Introduction
Over the past year, Dirkjan Ochtman has been a consistent, constructive voice in the Persona community. His involvement has helped ensure that we stay true to Mozilla’s mission of open, transparent, and participatory innovation.
More impressively, Persona’s new backgroundColor feature is the direct result of Dirkjan’s efforts.
We hope this interview highlights his contributions and inspires others to get involved.
From the rest of us at Mozilla, thank you.
Who are you?
I’m Dirkjan Ochtman, a 30-year old software developer living in Amsterdam. I work for a financial startup by day; in my free time, I contribute to a bunch of open source projects, like Mercurial, Python, Gentoo Linux and Apache CouchDB. I also started a few things of my own.
Have you contributed to Mozilla projects in the past? How did you get involved in Persona?
I started using Firefox almost ten years ago, and I’d been watching Mozilla before that. The Mozilla mission of an open Internet resonates with me, so I tend to try and find stuff around the edges of the project where I can help. This year, I also became a Mozilla Rep.
I find BrowserID/Persona compelling because I hate having to register on different sites and make up passwords that fit (often inane) security requirements. And you just know that many sites store passwords insecurely, leaking sensitive information when they get hacked. Persona allows me to authenticate with my email address and a single password; no more guessing which username I used. I trust Mozilla’s password storage to be much more secure than the average Internet site, and because Persona is open source, I can verify that it is.
In addition to setting up Persona sign in on a small community site I run, I’ve also implemented my own Python-based Identity Provider. This means that when I use Persona, I control my own login experience. My Identity Provider uses Google Authenticator, so now I don’t have to remember any passwords at all.
The documentation for building an Identity Provider was scattered and incomplete, so I helped improve that. From that work, I got to know some of the great people who work on Identity at Mozilla.
What have you hacked on recently?
There has been a long-standing issue that the Persona dialog contained too much Mozilla branding and did not sufficiently emphasize the individual websites that users were signing into. There was an issue about this on Github, but I seem to remember complaints on the mailing list from even longer ago.
Of course, I prefer to use Persona over Facebook Connect or Twitter, so I decided to see if I could fix some of these issues. Luckily one of the Persona developers, Shane Tomlinson, was available to work on this at roughly the same time.
To improve the branding balance, we first de-emphasized the Persona branding. I focused on allowing websites to specify a background color for the Persona dialog. This is important because it can make the dialog feel much more “at home" on a site. We had to work out some tricks to ensure that text stayed readable regardless of the background color specified.
What was that experience like?
It was great. I had no previous experience with Node.js, but getting the application up and running was easy. I got basic backgroundColor support working in a few hours, but it took a few nights to tweak things and write tests. Fortunately, Shane is also based in Europe, so we could easily work together. When Shane showed our work on the mailing list, response from the other developers was very positive.
It would be really great if this helps drive Persona adoption amongst large websites.
Any plans for future contributions?
I’ll probably stay involved for the foreseeable future. Now that I know what I’m doing with the dialog, I would like to help out with further improvements to the login flow and website API. I’m also very interested in stabilization and/or standardization of the Identity Provider API.