この翻訳は不完全です。英語から この記事を翻訳 してください。
BrowserID との違いは何ですか?
Persona は Mozilla による新しい分散ログインシステムの完全な実装です。
BrowserID は Persona がどのように動作するかを規定するオープンなプロトコルです。
Persona は BrowserID の実装によって Web サイトにユーザーがログインできるようにするものです。それに類似する関係として、Firefox は HTTP の実装によって、ユーザーが Web を閲覧できるようにするものです。
OpenID との違いは何ですか?
Persona と OpenID の目的と構造は非常に似ています。どちらのシステムも、ユーザーが所持しなければならないパスワードを減らすことができます。また、どちらも非集中型のシステムとして設計されています。This means that any domain can present itself as an Identity Provider without relying on a central authority.
Despite these similarities, Persona is easier to use and easier to add to websites. Persona also does a better job of protecting user privacy. Specifically:
- Persona はユーザーに易しいシステムです
- Persona identifies users based on email addresses, which users already know, understand, and naturally associate with online identities. With OpenID, users are forced to learn a new username: an unintuitive URL.
- Logging in with Persona is also easier: it just takes 2 clicks after a one-time setup process.
- Persona は開発者に易しいシステムです
-
Persona has a
simple API
that only takes an afternoon to get started with. - Persona identities are email addresses, so websites don't have to ask users for additional contact information during signup.
- Because users know and understand their email address, developers don't have to build complex pages with login buttons for all the popular OpenID providers.
- Persona はより適切にユーザーのプライバシーを保護します
- By design, OpenID allows Identity Providers to track their users around the web: whenever a user logs into a website, their browser gets redirected from that site to the user's Identity Provider, and then back to the site that the user requested. These redirects fully expose to the Identity Provider where the user is going.
- In contrast, the BrowserID protocol never leaks tracking information back to the Identity Provider. Rather, it behaves similarly to an ID card: users obtain signed credentials from their Identity Providers which can be presented to websites as a proof of identity. Websites can check the validity of these credentials without ever revealing a user's identity to their identity provider.
なぜ Persona には JavaScript が必要なのですか?
Persona requires JavaScript, but some users choose to selectively block JavaScript by using browser add-ons like NoScript. Many of these users are concerned about the privacy implications of enabling JavaScript, since it is often used to track visitors across websites.
However, in the case of Persona, JavaScript is actually used to enhance user privacy, as it allows the browser to perform cryptographic operations completely on the client side. By doing these operations on the client, Persona avoids the need to store secret keys anywhere other than in the user's own browser.
Persona は登録されたメールアドレスが現在使用されているかどうかを確認しますか?
No, Persona only guarantees the user's association with an address. As with any email address in any login system, it's possible that the address no longer works or is not regularly checked by the user. For most users, the email address will be functional.
どのようにしてメールアドレスから所属団体を確かめるのですか?
Persona asks the address's domain, which is free to verify its users in any way it chooses. If a domain is not a native Identity Provider, and thus can't verify its own users, the browser asks for verification from Persona's fallback Identity Provider at https://login.persona.org. Before certifying a user's identity, the fallback Identity Provider does test the address by sending an email to it and asking the user to click a link contained within.
どのような方法で、ユーザーが管理できなくなったメールアドレスのアカウントを復旧させることができますか?
The best way to do this is to allow your users to add a secondary email address to their account. See "Adding extra email addresses with Persona".
include.js を独自にホストすることはできますか? あるいは、https://login.persona.org にあるものを使用しなければなりませんか?
The code in include.js
is still subject to change. It's not yet recommended that you host it yourself.
アサーションをローカルで確認することはできますか? あるいは、リモートの確認サービスを使う必要がありますか?
To ensure user privacy, it's important that identity assertions are verified locally rather than with the remote verification service. However, the format of assertions is still subject to change, so local verification is not yet recommended. Even with remote verification, Persona protects the user from tracking by their identity provider.
Once the protocol has stabilized, libraries will be available to simplify local verification. Follow the Identity Blog to find out when local verification is recommended.
ほかのサインイン手段を利用しているユーザーが移行するために何か良い方法はありますか?
Despite Persona's benefits, it's never easy to move all of your users to a new login system. Conveniently, Persona's focus on email addresses makes it easy to use alongside existing login systems, so you don't have to switch all at once.
One particularly low-friction approach is to suggest Persona to users who forget their password. Instead of resetting passwords, users can simply log in with Persona.
新規アカウントを作成する際にも「サインイン」として扱われることを、どのようにして知らせるべきですか?
新しい API や非推奨の API など、BrowserID との主な違いはどのようにして調べられますか?
All major, backwards incompatible changes and deprecations are announced on the low-volume persona-notices mailing list. Please subscribe to it.
To find out about new features and enhancements, follow the the Identity team blog.
For development discussion, subscribe to the dev-identity mailing list.