Agreed. I recently had someone who refused to sign in (after paying for a subscription!) because they thought I was asking for their Gmail password. He ended up changing his account to a different email address specifically so he wouldn't go through the Google bridge.

Persona is a great idea on paper, but my outsider's perspective is that it has been very very challenging to implement in practice. The BrowserID protocol works great. User experience and login state management has been a bumpy ride.

My site (letscodejavascript.com) relies solely on Persona, so I hope it thrives, but I can't help being worried at this announcement.

I'm a little confused at how the process could be any clearer. Just trying to register on your site, I'm asked to enter my email address. Upon providing a gmail address, I'm redirected to a Google OpenID page. It specifically says that your site will be granted access to my email address, no more. By clicking yes (without being asked to enter my password anywhere) I'm authenticated.

I've never used a more simple SSO system before.

Thanks for the kind words! For most people, it works exactly like you described. Unfortunately, there are some rough corner cases for folks with multiple Gmail addresses, and the experience is less-than-stellar if you're not logged into Google at all when you start.

(We do have patches ready for those issues. They'll go live as soon as we work out some deployment kinks and finish upgrading our production servers to Node 0.10.)

Is it documented that there is some rough cases that are still being worked on? Diving off from https://developer.mozilla.org/en-US/Persona I don't seem to see a summary of the real world state of play.

(Just mentioning this as I think it might help adoption if the project is more upfront about rough edges.)

The projects are on GitHub:

The main Persona project: https://github.com/mozilla/persona

The Gmail bridge: https://github.com/mozilla/persona-gmail-bridge

The Yahoo bridge: https://github.com/mozilla/persona-yahoo-bridge

(I'm not affiliated with the project, just a long-time user.)

Perhaps I have miscommunicated.

I was asking why there is not (or at least not that I've found) a summary of the state of play in a prominent place.

I could have read through several hundred issues to determine that I'd run into some rough edges with these bridges and that perhaps I should come back later. Instead I find these rough edges when I dive-in, and now I wonder what other shortcomings are not being mentioned with the same gusto as the projects wins.

I hope that clarifies my prior post.

>I've never used a more simple SSO system before.

really? you've never seen the countless amount of "connect with <facebook|google|yahoo>" using oauth?

They have one step less, are totally not federated, don't allow you to use your own email and have a bunch of downsides for the user. But they are simpler.

(also, I remember logging in with yahoo/google email+openid years ago, that was exactly as simple)

I don't use Facebook or Yahoo, and wouldn't trust either of them to authenticate with a site.

but you trust google, which I listed in my previous comment. Also openid+email worked the same way with custom domains years ago the same way.

I do not understand your reply, sorry.