Here we explore what it would take to provide an Identity Provider for the federation.
It used to be possible to use Persona tools such as:
- Persona IDP - developer.mozilla.org/ 
- Persona browserid-certifier (node.js) - github
to create your own identity provider for SSO.
# Capability URI authentication
Here is an old idea - not properly thought through. We aim to explore it and other ideas with regard to creating a decentralised / and / or federated identity service linked to the federation.
It should be possible to set up a web site which will automatically generate an updated Persona certificate for your sites - without the need for anything other than the knowledge of the URL (Capability URI).
Visiting this URL would then automatically renew your persona certificate - and redirect you to your site. You would bookmark this url on your local machine in order to be able to visit it later. You could share it with other people you want to have access to your site.
A second Persona based url - would enable access to revoking, or changing the durations of the certificates that were issued via the url.
This service could be developed in a way which is compatible with modern decentralised blockchain and IPFS technologies - allowing users to choose this way to renew there certificates, or the web service.
# See also - Federated identity - Fedwiki Security - Capability URL - Auth0 - Sovrin - Self-sovereign - Self-sovereign Identity Network - Identity provider - Types of Identity Providers - Information Card - Claims-based identity - Security token service - Kantara Initiative - Higgins project - Digital authentication - Single sign-on