Identity/Contacts-Backup: Difference between revisions

Jump to navigation Jump to search

Identity/Contacts-Backup (view source)

Revision as of 02:59, 10 April 2014

4,255 bytes removed ,  10 April 2014
moved to Cloud Services
(moved to Cloud Services)
Line 1: Line 1:
= Bugs =
# REDIRECT [[CloudServices/Contact-Sync]]
 
* [https://bugzilla.mozilla.org/show_bug.cgi?id=976837 Meta bug] for this proof-of-concept
* [https://bugzilla.mozilla.org/show_bug.cgi?id=859306 Sync contacts with CardDAV] is another effort by Telefonica people
 
= Auth APIs =
 
There are three different APIs involved in the integration between Firefox Accounts (FxA) and fruux's SabreDAV:
 
# Logging into the fruux web dashboard using Persona.
# Provisioning a fruux username and device-specific password from a FxA assertion.
# Authenticating each CardDAV requests using HTTP basic auth over TLS.
 
== Provisioning of new fruux accounts or device-specific passwords ==
 
Here's how the FxOS app will push a contact to fruux:
 
# If it doesn't have a fruux username and password stored (i.e. fresh account), it will call the fruux provisioning API. Otherwise jump to Step 7.
# The fruux server will receive a FxA assertion which contains a UUID and an email address.
# If there aren't any user accounts associated with that FxA UUID and email, fruux will create one.
# Once a user account exists, a new device-specific password will be created.
# The fruux server will return this username & password to the FxOS app.
# The FxOS app will store these credentials.
# Once it has credentials, the FxOS app will use HTTP basic auth in a CardDAV request.
# If that request fails with a 401 error code, the app will clear its credentials and go back to Step 1, unless it has already tried to reset the credentials (in which case, it silently fails).
 
== User identifier ==
 
Initially, fruux will use both the UUID '''and''' the email address it gets from FxA to identify users.
 
Once web logins are done with FxA, the email address will no longer need to be associated with the basic auth credentials.
 
== Revocation of fruux credentials ==
 
Since the FxOS application will do silent on-demand provisioning of credentials using FxA assertions as described above, fruux can choose to revoke device-specific passwords whenever it wants, according to its own policies.
 
Eventually FxA will offer an API for receiving notifications when it recommends that usernames & passwords associated with an FxA UUID be revoked (e.g. when a user reports their device as stolen). That API doesn't exist yet though.
 
= UX Questions =
 
* Entry points to enabling Contacts backup:
** FTE - add copy to FxA intro screen and follow pattern for opting in/out used by Where's My Fox
** Settings app - see mocks forthcoming from :skinny
* If FXA password changes cease backing up to fruux.
** How do we notify the user that backups have ceased and prompt for new password? (How is this dealt with in other places like WMF and Marketplace? We should already have screens for a password reprompt.)
* What happens when a user signs out of FXA and signs in with a new FXA account?  We presume that:
** The backup of the first user's account is suspended
** Users can turn on contacts backup by signing in with a FxA or in the settings app
* In the FTE, should users elect to opt in or opt out?  (Opt out for first version)
* What do the advanced settings look like in the Settings app? - see mocks forthcoming from :skinny
** What do we show in url, username, and password if the user is using fruux? - need eng answers
** If the user changes CardDAV settings, is there a way to restore default (fruux)?
** Can we reach the Settings page before the FXA email is verified?
 
= Parked Questions for future versions =
 
* Do we need a separate TOS/PP for fruux, or can we bundle terms in the existing policy? (Not dealing with TOS/PP issue in this prototype.)
* Entry points to enabling Contacts backup:
** FTE
** Settings app
** Contacts app
* In the FTE, should users elect to opt in or opt out?
** What are the legal vs UX considerations?
* If you are not signed in (signed out, kicked out, never signed in), how should the Contacts app invite you to create or sign into an FXA account and begin backing up contacts?
** Specifically, after creating your first contact:
*** If you are signed in, and not backing up, how do we invite you to opt in?
*** If you are signed out, how do we invite you to sign in/up and opt in?
 
= Crazy Future Ideas =
 
* Watch multiple import sources
* Strategy for backing up new contacts when pulling from multiple sources (where do they go?)
Fmarier
Confirmed users
908

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/962891"

Navigation menu