What is the benefit of this (from a developer/website perspective) over using OpenID? I can't really see the difference... obviously I'm missing something fundamental...
The main things are ubiquity, ease of use, and privacy.
- Persona works with any email address. This means you can reach anyone that hits your site, without forcing them to sign up with a third party provider.
- I can answer the question "what email address do you want to log in with?" I can't answer the question "what is your OpenID?" nor can I remember which of the 13 buttons on Stack Overflow I used last.
- OpenID requires phoning home with every login transaction. Persona explicitly does not. Your provider doesn't get to learn where you are logging in.
Edit: Put another way, can you tell me what your Google OpenID URL is without cheating? Can most people? If not, then you're only able to select a provider from a predetermined whitelist on each website. That undermines your ability to self-identify, self-assert, and choose who you trust. The open web deserves better.
While the HN community understood that, my mother was never going to grasp the idea of ownership of a URL as a login credentials. Many people don't even understand URLs and just Google for everything they want.
Email addresses have been used as login credentials for a while, so people are used to that. The explanation of Persona might be a little weird, but it's not as totally disabling to a nontechnical user as being asked to sign in with OpenID.
In short: easier to implement, everyone has an email address, improved privacy. OpenID tells the provider every time you log in to any website, Persona does not.
