Services/Sync/Features/MigrateToDigestAuth

< Services‎ | Sync
Please use "Edit with form" above to edit this page.

Status

Migrate from Basic Auth
Stage Shelved
Status In progress
Release target TBD
Health OK
Status note `

{{#set:Feature name=Migrate from Basic Auth

|Feature stage=Shelved |Feature status=In progress |Feature version=TBD |Feature health=OK |Feature status note=` }}

Team

Product manager Jennifer Arguello
Directly Responsible Individual Jennifer Arguello
Lead engineer Chenxia Liu
Security lead Brian Smith (?)
Privacy lead `
Localization lead `
Accessibility lead `
QA lead Tracy Walker
UX lead `
Product marketing lead `
Operations lead `
Additional members `

{{#set:Feature product manager=Jennifer Arguello

|Feature feature manager=Jennifer Arguello |Feature lead engineer=Chenxia Liu |Feature security lead=Brian Smith (?) |Feature privacy lead=` |Feature localization lead=` |Feature accessibility lead=` |Feature qa lead=Tracy Walker |Feature ux lead=` |Feature product marketing lead=` |Feature operations lead=` |Feature additional members=` }}

Open issues/risks

Sync web servers receive username/pass in cleartext (BasicAuth) through https before handing them off to LDAP/mySQL. Will be a problem when we store sync-keys protected by username/pass, because access to Sync web servers will be point of vulnerability.

If an attacker gains control of Sync web servers, they will have access to username/pass in cleartext, can use these credentials to access sync-key, and then unencrypt user data stored on Sync web servers.

Stage 1: Definition

1. Feature overview

Replace BasicAuth with more secure system where Sync web servers do not have access to cleartext passwords. This protocol can be DigestAuth, public/private key, etc, needs to be cleared with Security.

2. Users & use cases

Users using Sync will use more secure protocol (not BasicAuth) to authenticate access to Sync web servers. Passwords must not be passed around in plaintext.

Migration:

DigestAuth (strawman): will revert to BasicAuth once for calculating hash of password for authentication, and will use DigestAuth for all future authentication.

3. Dependencies

Must discuss replacement authentication protocol with security people (bsmith?)

4. Requirements

`

Non-goals

Hope to get ahead in setting up security necessary for running a sync-key server

Stage 2: Design

5. Functional specification

`

6. User experience design

`

Stage 3: Planning

7. Implementation plan

`

8. Reviews

Security review

`

Privacy review

`

Localization review

`

Accessibility

`

Quality Assurance review

`

Operations review

`

Stage 4: Development

9. Implementation

Stage 5: Release

10. Landing criteria

` {{#set:Feature open issues and risks=Sync web servers receive username/pass in cleartext (BasicAuth) through https before handing them off to LDAP/mySQL. Will be a problem when we store sync-keys protected by username/pass, because access to Sync web servers will be point of vulnerability.

If an attacker gains control of Sync web servers, they will have access to username/pass in cleartext, can use these credentials to access sync-key, and then unencrypt user data stored on Sync web servers. |Feature overview=Replace BasicAuth with more secure system where Sync web servers do not have access to cleartext passwords. This protocol can be DigestAuth, public/private key, etc, needs to be cleared with Security. |Feature users and use cases=Users using Sync will use more secure protocol (not BasicAuth) to authenticate access to Sync web servers. Passwords must not be passed around in plaintext.

Migration:

DigestAuth (strawman): will revert to BasicAuth once for calculating hash of password for authentication, and will use DigestAuth for all future authentication. |Feature dependencies=Must discuss replacement authentication protocol with security people (bsmith?) |Feature requirements=` |Feature non-goals=Hope to get ahead in setting up security necessary for running a sync-key server |Feature functional spec=` |Feature ux design=` |Feature implementation plan=` |Feature security review=` |Feature privacy review=` |Feature localization review=` |Feature accessibility review=` |Feature qa review=` |Feature operations review=` |Feature implementation notes=* https://bugzilla.mozilla.org/show_bug.cgi?id=445757 |Feature landing criteria=` }}

Feature details

Priority P2
Rank 999
Theme / Goal `
Roadmap Sync
Secondary roadmap `
Feature list Services
Project `
Engineering team Sync

{{#set:Feature priority=P2

|Feature rank=999 |Feature theme=` |Feature roadmap=Sync |Feature secondary roadmap=` |Feature list=Services |Feature project=` |Feature engineering team=Sync }}

Team status notes

  status notes
Products ` `
Engineering ` `
Security sec-review-unnecessary `
Privacy ` `
Localization ` `
Accessibility ` `
Quality assurance ` `
User experience ` `
Product marketing ` `
Operations ` `

{{#set:Feature products status=`

|Feature products notes=` |Feature engineering status=` |Feature engineering notes=` |Feature security status=sec-review-unnecessary |Feature security health=OK |Feature security notes=` |Feature privacy status=` |Feature privacy notes=` |Feature localization status=` |Feature localization notes=` |Feature accessibility status=` |Feature accessibility notes=` |Feature qa status=` |Feature qa notes=` |Feature ux status=` |Feature ux notes=` |Feature product marketing status=` |Feature product marketing notes=` |Feature operations status=` |Feature operations notes=` }}