Discussed this with @Juul briefly, sharing his experience writing hacks for authentication across all the systems at Labitat.

Given that it was a pain in the butt and took a bunch of time, at the very least it may be worth it (in the long term) to use Mozilla Persona to hack auth into all of our apps, instead of writing independent little hacks. Either way it's a lot of work, but it may be better than the alternatives. Definitely not the most immediate priority, but I think still worth keeping our eyes on.

Added a wiki page with more details here: https://sudoroom.org/wiki/Persona

On Thu, Apr 24, 2014 at 3:55 PM, Matthew Senate <mattsenate@gmail.com> wrote:

I've been thinking about how we could to encourage app development without having to increase the administrative costs, especially for user authentication.

Does anyone have any thoughts or experience with authentication systems (CAS or otherwise) that they can share?

Specifically, it seems like Mozilla Persona is a really good solution for us to implement and work towards:

https://en.wikipedia.org/wiki/Mozilla_Persona

A lot of systems already have libraries or support:

https://developer.mozilla.org/en-US/Persona/Libraries_and_plugins

It would be easy to implement using Mozilla.org as the provider, but due to decentralization of the system, we should be able to point to our own implemented server instead in the future.

Or perhaps there is a better alternative?

// Matt