Firefox3/Firefox Requirements Meetings/Identity and Password Manager

From MozillaWiki
Jump to: navigation, search

« Firefox Requirements Meetings

Dial-in Info

  • +1 650-215-1282x91 Conf# 8602 (US/INTL)
  • +1 800-707-2533 (pin 369) Conf# 8602

Agenda

The following list is taken directly from the Firefox 3 Detailed Feature List. If this list does not match the other, the Google Spreadsheet version takes precedence (I may have made a copying error).

  • P1 - Improve Password manager
      • P1 FR - Do not offer to remember passwords when login fails
      • P1 FR - Store more precise URIs for autofilling user IDs and passwords
      • P1 NFR - Improve usefulness of password manager
      • P1 NFR - Improve usability of autofill UI
  • P1 - Add Identity Management
      • P1 FR - Support Microsoft CardSpace
      • P1 FR - Support OpenID
      • P1 NFR - Provide a simple Identity management UI
      • P1 NFR - Compatibility with OS-level Identity management options
      • P1 NFR - Out of band login support
  • P2 - Improve password security for users
      • P2 FR - Generate hashed passwords for increased security (ref: passwdhash)
      • P2 NFR - Ensure this system is at least as usable as normal password management/entry
  • P2 - Support for third-party Identity management systems
      • P2 FR - Provide extensible Identity management API
  • P3 - Keychain integration (Mac OS X only)
      • P3 FR - Integrate password management with keychain

Notes

Item

  • P1 - Improve Password manager
    • P1 FR - Do not offer to remember passwords when login fails
    • P1 FR - Store more precise URIs for autofilling user IDs and passwords
    • P1 NFR - Improve usefulness of password manager
    • P1 NFR - Improve usability of autofill UI

Notes

  • P1 FR "Do not offer..." should be changed to "Only let the user save the password after they know the login has succeeded"
    • ADD: "P3 FR Investigate if there is a way to be smarter about this and automate it"
    • FUTURE: Myk's idea which i totally failed to capture
    • "Store more precise URIs..." - we're going to pretty much get this for free and we'll just leave it as is.
    • ADD: "FR Improve the way password lists are sorted and add the ability to search or filter"
    • ADD: "NFR Improve usability of password manager list"
    • ACTION: "Autofill..." add "for multiple accounts on the same site" drop to P2, change "usability" to "discoverability"

Item

  • P1 - Add Identity Management
    • P1 FR - Support Microsoft CardSpace
    • P1 FR - Support OpenID
    • P1 NFR - Provide a simple Identity management UI
    • P1 NFR - Compatibility with OS-level Identity management options
    • P1 NFR - Out of band login support

Notes

  • This does not mean we intend to add UI or direct technical support immediately into the product. We want to talk to the people involved with these mechanisms about ways we could help possibly support these things.
  • Change to Px FR Support Microsoft CardSpace as is
    • Lots of discussion about this one.
    • Talk to people doing OpenSource CardSpace implementations and find out what's needed to support those other providers - third party provider that doesn't manage the identities centrally?
    • Discussion will continue in a dev.planning thread started by beltzner
  • Changing second FR2 to NFR (OpenID)
  • ADD: "P2 NFR Try to distill a set of requirements about how we can make our browser more usefully extensible towards supporting these groups."
  • "Provide a simple ID mgmt UI" -- take down to a P3
    • There is already a bug on supporting this Gerv will dig it up - RFC name: Field Names for E-Commerce; RFC3106 (2001), BUG: #136414
    • Microformats folks are possibly working on a similar standard
  • "Compat with OS-level ID mgmt options" - "if there's a way to kick things up to the CardSpace level should we?"
    • DELETE - redundant with item 1
  • Out of band login support - Mconnor project - a way to do login through chrome rather than thru a webpage. Essentially an antiphishing tactic. Needs to be written up as a spec. - move to "Password Security" bump down to P2.

Item

  • P2 - Improve password security for users
    • P2 FR - Generate hashed passwords for increased security (ref: passwdhash)
    • P2 NFR - Ensure this system is at least as usable as normal password management/entry

Notes

  • pwdhash = there is an extension that does pwdhash in such a way that it works.
  • Problem statement: Users like to have one password and use it on all systems and one password compromise causes huge problems.
  • Leave as they are.

Item

  • P2 - Support for third-party Identity management systems
    • P2 FR - Provide extensible Identity management API

Notes

  • Delete both these items, one is redundant, the second we don't want to do at this point.

Item

  • P3 - Keychain integration (Mac OS X only)
    • P3 FR - Integrate password management with keychain

Notes

  • Rephrase "P2 FR OS-level secure password storage integration", merge into a single line item

Further notes

Anything missing?

  • Maybe add some stuff about improving the usefulness of hte Master Password feature.
  • ADD: "P2 FR Simplify and promote use of Master Password" - under Imp PassMg, and put as a P2