On 2016-01-29 18:50, Stephen J. Turnbull wrote:
Simon Hanna writes:
I propose using the django authentication system by default and making it easy for people to add other authentication methods.
I think we should provide social auth (OAuth2 or whatever Google and Yahoo! do) by default. At least as I recall the discussion at the sprints a couple years ago, we picked Persona because a Mozilla person gave us a lot of help with the implementation, but we really wanted social auth because users demand it and because it allows us to get out of the business of storing and securing passwords.
I can only speak for me, but I liked Persona because it allowed people/email providers to implement their own backends, giving them a real possibility to handle the authentication themselves with Persona merely being a technology or a broker. Also the fact that Mozilla is a Non-Profit which doesn't aim at making money from user data. Which is why I would rather make the local option the default, but give site admins everything they need to integrate OAuth(2) using Gmail, Yahoo, Twitter or else.