Services/Sync/Features/MigrateToDigestAuth
Status
| Migrate from Basic Auth | |
| Stage | Shelved |
| Status | In progress |
| Release target | TBD |
| Health | OK |
| Status note | ` |
{{#set:Feature name=Migrate from Basic Auth
|Feature stage=Shelved |Feature status=In progress |Feature version=TBD |Feature health=OK |Feature status note=` }}
Team
| Product manager | Jennifer Arguello |
| Directly Responsible Individual | Jennifer Arguello |
| Lead engineer | Chenxia Liu |
| Security lead | Brian Smith (?) |
| Privacy lead | ` |
| Localization lead | ` |
| Accessibility lead | ` |
| QA lead | Tracy Walker |
| UX lead | ` |
| Product marketing lead | ` |
| Operations lead | ` |
| Additional members | ` |
{{#set:Feature product manager=Jennifer Arguello
|Feature feature manager=Jennifer Arguello |Feature lead engineer=Chenxia Liu |Feature security lead=Brian Smith (?) |Feature privacy lead=` |Feature localization lead=` |Feature accessibility lead=` |Feature qa lead=Tracy Walker |Feature ux lead=` |Feature product marketing lead=` |Feature operations lead=` |Feature additional members=` }}
Open issues/risks
Sync web servers receive username/pass in cleartext (BasicAuth) through https before handing them off to LDAP/mySQL. Will be a problem when we store sync-keys protected by username/pass, because access to Sync web servers will be point of vulnerability.
If an attacker gains control of Sync web servers, they will have access to username/pass in cleartext, can use these credentials to access sync-key, and then unencrypt user data stored on Sync web servers.
Stage 1: Definition
1. Feature overview
Replace BasicAuth with more secure system where Sync web servers do not have access to cleartext passwords. This protocol can be DigestAuth, public/private key, etc, needs to be cleared with Security.
2. Users & use cases
Users using Sync will use more secure protocol (not BasicAuth) to authenticate access to Sync web servers. Passwords must not be passed around in plaintext.
Migration:
DigestAuth (strawman): will revert to BasicAuth once for calculating hash of password for authentication, and will use DigestAuth for all future authentication.
3. Dependencies
Must discuss replacement authentication protocol with security people (bsmith?)
4. Requirements
`
Non-goals
Hope to get ahead in setting up security necessary for running a sync-key server
Stage 2: Design
5. Functional specification
`
6. User experience design
`
Stage 3: Planning
7. Implementation plan
`
8. Reviews
Security review
`
Privacy review
`
Localization review
`
Accessibility
`
Quality Assurance review
`
Operations review
`
Stage 4: Development
9. Implementation
Stage 5: Release
10. Landing criteria
` {{#set:Feature open issues and risks=Sync web servers receive username/pass in cleartext (BasicAuth) through https before handing them off to LDAP/mySQL. Will be a problem when we store sync-keys protected by username/pass, because access to Sync web servers will be point of vulnerability.
If an attacker gains control of Sync web servers, they will have access to username/pass in cleartext, can use these credentials to access sync-key, and then unencrypt user data stored on Sync web servers. |Feature overview=Replace BasicAuth with more secure system where Sync web servers do not have access to cleartext passwords. This protocol can be DigestAuth, public/private key, etc, needs to be cleared with Security. |Feature users and use cases=Users using Sync will use more secure protocol (not BasicAuth) to authenticate access to Sync web servers. Passwords must not be passed around in plaintext.
Migration:
DigestAuth (strawman): will revert to BasicAuth once for calculating hash of password for authentication, and will use DigestAuth for all future authentication. |Feature dependencies=Must discuss replacement authentication protocol with security people (bsmith?) |Feature requirements=` |Feature non-goals=Hope to get ahead in setting up security necessary for running a sync-key server |Feature functional spec=` |Feature ux design=` |Feature implementation plan=` |Feature security review=` |Feature privacy review=` |Feature localization review=` |Feature accessibility review=` |Feature qa review=` |Feature operations review=` |Feature implementation notes=* https://bugzilla.mozilla.org/show_bug.cgi?id=445757 |Feature landing criteria=` }}
Feature details
| Priority | P2 |
| Rank | 999 |
| Theme / Goal | ` |
| Roadmap | Sync |
| Secondary roadmap | ` |
| Feature list | Services |
| Project | ` |
| Engineering team | Sync |
{{#set:Feature priority=P2
|Feature rank=999 |Feature theme=` |Feature roadmap=Sync |Feature secondary roadmap=` |Feature list=Services |Feature project=` |Feature engineering team=Sync }}
Team status notes
| status | notes | |
| Products | ` | ` |
| Engineering | ` | ` |
| Security | sec-review-unnecessary | ` |
| Privacy | ` | ` |
| Localization | ` | ` |
| Accessibility | ` | ` |
| Quality assurance | ` | ` |
| User experience | ` | ` |
| Product marketing | ` | ` |
| Operations | ` | ` |
{{#set:Feature products status=`
|Feature products notes=` |Feature engineering status=` |Feature engineering notes=` |Feature security status=sec-review-unnecessary |Feature security health=OK |Feature security notes=` |Feature privacy status=` |Feature privacy notes=` |Feature localization status=` |Feature localization notes=` |Feature accessibility status=` |Feature accessibility notes=` |Feature qa status=` |Feature qa notes=` |Feature ux status=` |Feature ux notes=` |Feature product marketing status=` |Feature product marketing notes=` |Feature operations status=` |Feature operations notes=` }}