Services/Sync/WEP/110: Difference between revisions
Jump to navigation
Jump to search
(Created page with '{{draft}} == WEP 110 - Site Auto-registration and Password Change == *Status: Draft *Created: 28 Oct 2009 *Reference Implementation: None *WEP Index =…') |
No edit summary |
||
| Line 11: | Line 11: | ||
As part of the [https://wiki.mozilla.org/Labs/Weave/Identity/Account_Manager Weave Identity] extension, we should support auto-registration of user accounts at websites and also manage passwords on behalf of the user. This WEP tackles the specific issue of the metadata that a site must provide to Weave in order to enable these features. | As part of the [https://wiki.mozilla.org/Labs/Weave/Identity/Account_Manager Weave Identity] extension, we should support auto-registration of user accounts at websites and also manage passwords on behalf of the user. This WEP tackles the specific issue of the metadata that a site must provide to Weave in order to enable these features. | ||
=== Metadata === | === Metadata === | ||
Websites should include a <link rel> tag on every page that requires the presence of an identity (pages behind authentication, or registration pages) | Websites should include a <link rel> tag on every page that requires the presence of an identity (pages behind authentication, or registration pages). | ||
<link rel="identity" href="/identity.json" /> | <link rel="identity" href="/identity.json" /> | ||
| Line 35: | Line 23: | ||
The <tt>href</tt> attribute of the identity <tt><link rel></tt> should point to a JSON file that describes the interface the website provides to auto-register accounts and manage them. The format of the JSON file is described in this section. The JSON file must be present on the same domain as the web page that pointed to it, or could alternatively be a chrome URI. | The <tt>href</tt> attribute of the identity <tt><link rel></tt> should point to a JSON file that describes the interface the website provides to auto-register accounts and manage them. The format of the JSON file is described in this section. The JSON file must be present on the same domain as the web page that pointed to it, or could alternatively be a chrome URI. | ||
{ | |||
domain: "http://example.org/", | |||
methods: | |||
{ | |||
"register": | |||
{ | |||
path: "/register", | |||
method: "POST", | |||
params: | |||
{ | |||
userName: "name_field", | |||
givenName: "first_name_field", | |||
familyName: "last_name_field", | |||
emailHome: "email_field", | |||
password: ["pw_field", "pw_field2"] | |||
} | |||
}, | |||
"login": | |||
{ | |||
}, | |||
"password": | |||
{ | |||
} | |||
} | |||
} | |||
=== Function === | |||
When Weave detects the presence of an identity tag, it will act as follows: | |||
* If the user is currently not logged in: | |||
** If there is an identity in local store corresponding to the current domain: | |||
*** Offer the user to login with that identity (or) auto-login | |||
** If there is no identity associated with the domain: | |||
*** Offer the user to auto-register with the site using a particular local identity | |||
* If the user is logged in: | |||
** Show a small UI element (key in the address bar as we did with the Weave auto-login feature?) that allows the user to log out or switch identities on the current domain. | |||
Revision as of 17:30, 28 October 2009
|
THIS PAGE IS A WORKING DRAFT | 
|
| The page may be difficult to navigate, and some information on its subject might be incomplete and/or evolving rapidly. If you have any questions or ideas, please add them as a new topic on the discussion page. |
WEP 110 - Site Auto-registration and Password Change
- Status: Draft
- Created: 28 Oct 2009
- Reference Implementation: None
- WEP Index
Introduction
As part of the Weave Identity extension, we should support auto-registration of user accounts at websites and also manage passwords on behalf of the user. This WEP tackles the specific issue of the metadata that a site must provide to Weave in order to enable these features.
Metadata
Websites should include a <link rel> tag on every page that requires the presence of an identity (pages behind authentication, or registration pages).
<link rel="identity" href="/identity.json" />
Suggested alternate values for rel value: autoregister
JSON Format
The href attribute of the identity <link rel> should point to a JSON file that describes the interface the website provides to auto-register accounts and manage them. The format of the JSON file is described in this section. The JSON file must be present on the same domain as the web page that pointed to it, or could alternatively be a chrome URI.
{
domain: "http://example.org/",
methods:
{
"register":
{
path: "/register",
method: "POST",
params:
{
userName: "name_field",
givenName: "first_name_field",
familyName: "last_name_field",
emailHome: "email_field",
password: ["pw_field", "pw_field2"]
}
},
"login":
{
},
"password":
{
}
}
}
Function
When Weave detects the presence of an identity tag, it will act as follows:
- If the user is currently not logged in:
- If there is an identity in local store corresponding to the current domain:
- Offer the user to login with that identity (or) auto-login
- If there is no identity associated with the domain:
- Offer the user to auto-register with the site using a particular local identity
- If there is an identity in local store corresponding to the current domain:
- If the user is logged in:
- Show a small UI element (key in the address bar as we did with the Weave auto-login feature?) that allows the user to log out or switch identities on the current domain.