Persona is decentralised by design (with a centralised stop-gap to get things going). Once other companies implement their own Identity Provider it's all entirely decentralised.
Doesn't that lead to the problem of having to have multiple identities again?
ATM, I have a FB account that I can use to log in to some sites, a Twitter account, a Google account, a Yahoo account, etc.
With potentially everyone being able to be an Identity Provider, what happens if a site recognizes some providers, but not others? Does Persona ensure that, regardless of Provider, I can use one login on all sites?
Furthermore, how does it protect me from the site gathering and aggregating all kinds of information about me (which, admittedly, they probably already have)? There's usually one overarching, way-behind-the-scenes entity handling the data aggregation for many sites (ie., Facebook) which leads us right back to where we are now.
Persona is the protocol that the sites use to communicate with the identity provider. If they support Persona they will support Persona authentication from any email provider that chooses to support Persona and from the fallback provider that Mozilla provides.
Well, since they get the email address, they can easily check that it ends in @gmail and stop everyone else. Of course, only supporting gmail means they have to write _more code_ than supporting every provider, so lets hope lazyness wins.
