> But i have to say unless Google/Yahoo/Facebook/Twitter support this it will whitehr and die.

Why? It might not become ubiquitous if they big players don't support it, but it could become the alternative that all the other sites use and makes their lives easier.

I don't see a network effect here that means only one method will win and all the others lose.

I wonder how feasible it would be to shim OpenID and OAuth on top of this? Many major email providers offer OpenID or OAuth to verify email ownership. If the browser fell back to using one of those, it wouldn't need to use the alternate user/pass system in Persona.

The Persona team is actively working on this, actually. When a domain can't certify its own users, we fall back to having login.persona.org act as a third-party verifier. Of course, login.persona.org needs proof that you are who you say you are, so on first contact we create a password and do a standard email confirmation. Semantically, we'd get the same assurance, and better UX, by bridging to OpenID (Yahoo, Google) and OAuth (Hotmail). So we're doing that. :) This is a major Q4 goal for us, and we're mostly code-complete, modulo things that turn up in QA.

if I understand you correctly, That rather defeats the privacy defending part of persona. At the moment any site who wants to verify me through openid has to request back to gmail. So google knows every time I log into a openid site, which site it is, and can also refuse to verify me if they choose (not in enough circles, arrived at site with a bing.com referrer header etc etc)

no, I like this design, and I am guessing the reason only time crossword signed up is that google and yahoo like knowing which sites I have visited. Making me even more happy to move away