Realistically and perhaps sooner than you think They are finishing up the LDAP based provider, once that happens, you could hook it up to most company-wide authentication systems.

Once that's working @university.edu and @bigco.com would authenticate directly with the organization. That'll be huge. This is a very very high value feature, I expect it to be the driving force for adoption.

One of the big challenges of large organizations is shutting someone off once they've left the company. This provides very unintrusive way to do so for applications that use Persona. I could see large organizations requiring that all logins use Persona (and the @organization domain).

That's exactly my thinking when creating https://persowna.net/. Providing authentication that hooks up to the corporation's specific system for the entire web is potentially a very big thing.

Decentralisation can happen gradually.

By using a browserId enabled user agent/browser and an email provider who has implemented the browserId -protocol you already have a fully decentralised Persona experience.

My problem is with the "email provider" part. In the real world, it just means Google, Yahoo, Microsoft, and handful of firms (like Rackspace) that provide hosted email solutions for a fee. You might call it "decentralized", but I'd call it "mostly centralized".

Eh, so what? The only thing your provider knows is that you're trying to authenticate somewhere, but not where. It's hardly bad.

It's still way, way better than "Log in with Facebook" and has the potential to get even better over time.

Of course it is, but it still ain't anything close to optimal.