So we’ve all found at this point that OpenID while appealing to geeks has a terrible user experience (particularly for non-Geeks) and painfully obvious in hindsight issues with privacy and bi-directional information leakage.
So while OpenID may be the hero we deserve, Mozilla Persona (persona.org) thankfully appears to be the hero we need.
Mozilla Persona uses a lot of hindsight intelligence to give us a true successor to OpenID that works and that has a wonderfully simple user experience for geeks and muggles alike: choose an email address and if your email provider supports it you login just like logging in to check your email and if not you fallback to a simple choose a password screen. Plus there’s already smart support for Yahoo and Google accounts already by bootstrapping their existing OpenID/OAuth implementations.
Technically it does a lot of things right: it has a friendly and trustworthy brand name (but leaves the focus on site being logged into), it is based on browser PKI support and implementing it in a website is just a matter of integrating a friendly JavaScript API and a quick REST call to a web service for signature verification. Things are fairly nicely decoupled and there is much done to increase user security and privacy.
It really does seem like the first true user-friendly web-wide single sign on system that could work. It’s still the early days for it (only a small handful of sites actively accept it right now), but well worth taking a look at it and considering supporting it, because I do think it is the SSO we, the web, need.