Firefox/Projects/AccountManager: Difference between revisions
Jump to navigation
Jump to search
| Line 46: | Line 46: | ||
|- | |- | ||
| P1 || M1 || Account Manager service || {{bug|571413}} || | | P1 || M1 || Account Manager service || {{bug|571413}} || | ||
|- | |||
| P1 || M1 || Realm detection engine || {{bug|571411}} || | | P1 || M1 || Realm detection engine || {{bug|571411}} || | ||
|- | |||
|} | |} | ||
| Line 60: | Line 62: | ||
|- | |- | ||
| P1 || M1 || Username + password forms: sign in/sign out || {{bug|571414}} || | | P1 || M1 || Username + password forms: sign in/sign out || {{bug|571414}} || | ||
|- | |||
| P1 || M2 || Username + password forms: registration || {{bug|571418}} || | | P1 || M2 || Username + password forms: registration || {{bug|571418}} || | ||
|- | |||
| P1 || M2 || HTTP Auth: sign in/sign out || - || | | P1 || M2 || HTTP Auth: sign in/sign out || - || | ||
|- | |||
| P2 || M3 || HTTP Auth: registration || - || | | P2 || M3 || HTTP Auth: registration || - || | ||
|- | |||
| P1 || M2 || OpenID: connect/disconnect || - || | | P1 || M2 || OpenID: connect/disconnect || - || | ||
|- | |||
| P2 || M2 || Proprietary federated: connect/disconnect || - || | | P2 || M2 || Proprietary federated: connect/disconnect || - || | ||
|- | |||
| P3 || M2 || OAuth: connect/disconnect || - || | | P3 || M2 || OAuth: connect/disconnect || - || | ||
|- | |||
|} | |} | ||
| Line 79: | Line 88: | ||
|- | |- | ||
| P1 || M3 || Synth realm API for addons || || | | P1 || M3 || Synth realm API for addons || || | ||
|- | |||
| P3 || M3 || Synth realm demo add-on, Fb support || || | | P3 || M3 || Synth realm demo add-on, Fb support || || | ||
|- | |||
|} | |} | ||
Revision as of 03:11, 30 June 2010
The Account Manager project aims to help users manage the (currently manual and tedious) process of signing up/in/out of sites by adding chrome-level status and knobs to give the user a consistent point to view and control of sign-in status to the current site.
The project has two main deliverables:
- A protocol definition that sites can use to define their account-and-session management features in a format a web browser can understand. (Check out the latest draft of the specification, or older versions).
- An implementation of this protocol in Firefox.
This project is a reboot of the Account Manager Labs project, see that page for more background information.
Drivers
- Dan Mills (Labs lead)
- Gavin Sharp (Firefox lead)
- Alex Faaborg (UX)
- You!
Status
- Starting Out
We're keeping track of sites that support Account Manager, see this list.
Goals
Non-Goals
- Greasemonkey-like hacks that work only on one site, except as needed only to demonstrate the potential for the feature.
- Creating new and interesting authentication/authorization schemes.
- Extensive hacking on Password Manager-like heuristics to make it only sort of work on more sites.
Timeline/Milestones
- {{bu571409 Tracking bug]
| Core Features | ||||
| Priority | Target | Item | Bug | Status |
| P1 | M1 | Account Manager service | bug 571413 | |
| P1 | M1 | Realm detection engine | bug 571411 | |
| Profiles | ||||
| Priority | Target | Item | Bug | Status |
| P1 | M1 | Username + password forms: sign in/sign out | bug 571414 | |
| P1 | M2 | Username + password forms: registration | bug 571418 | |
| P1 | M2 | HTTP Auth: sign in/sign out | - | |
| P2 | M3 | HTTP Auth: registration | - | |
| P1 | M2 | OpenID: connect/disconnect | - | |
| P2 | M2 | Proprietary federated: connect/disconnect | - | |
| P3 | M2 | OAuth: connect/disconnect | - | |
| Synth Realms | ||||
| Priority | Target | Item | Bug | Status |
| P1 | M3 | Synth realm API for addons | ||
| P3 | M3 | Synth realm demo add-on, Fb support | ||
Requirements
- Status display
- Unregistered, signed-out, and signed-in for supported sites [P1]
- Notifications of site requests for sign-in [P3]
- Sign-up support
- New id+secret pair negotiation [P1]
- Automatic password generation [P1]
- Optional feature to allow user-defined passwords [P1]
- Remember preferred email and username(s) [P1]
- Sign-in support
- Request existing user credentials for new/unknown sites [P1]
- Two-click sign-in [P1]
- Optional automatic sign-in on next session [P2]
- Support for multiple accounts [P1]
- Sign-out support
- Two-click sign-out [P1]
- Password change
- User-initiated password change [P2]
- To a new random password [P3]
- To a new user-defined password [P2]
- User-initiated password change [P2]
- Support for various authentication types
- Form submission/cookie [P1]
- HTTP Basic auth [P1]
- HTTP Digest auth [P2]
- Client certs [P3]
- Supports sync if installed [P1]
- Disables itself during private browsing mode [P1]
Dependencies
Generally speaking:
- Password manager
- Theme work, site button in particular
- Notifications, to a lesser extent
Mockups
Testing
Related Projects / Other Links
We held an in-person meetup on May 21st, see:
- The meetup page (with notes).
- Distilled analysis from discussions at the meetup.