Firefox/Projects/AccountManager/SecurityReview: Difference between revisions

Firefox/Projects/AccountManager/SecurityReview (view source)

Revision as of 22:09, 31 August 2010

1,379 bytes added , 31 August 2010

→‎Overview

Thunder

946

edits

@@ Line 1: / Line 1: @@
 == Overview ==
-''Describe the goals and objectives of the feature here.''
+From the [[Firefox/Projects/AccountManager|project page]]:
+:The Account Manager project aims to help users manage the (currently manual and tedious) process of signing up/in/out of sites by adding chrome-level status and knobs to give the user a consistent point to view and control of sign-in status to the current site.
+Example use-case from the [[/Labs/Weave/Identity/Account_Manager/Spec/Latest#Introduction|specification]]:
+:A web browser visits a new site. The site advertises to the browser that account management features are available. The browser user requests "connection" to the site. The browser negotiates account setup, possibly disclosing some personal information about the user, and learns a userid-credential pair. On a subsequent visit, the browser notices that it does not have an active session, and automatically establishes one. When the user requests "disconnection" from the site, the browser terminates the session. When the user views a "my accounts" page in his browser, she sees what information the site is storing about her.
+Generally speaking, the protocol defines two things
+# How to determine ''status''--that is, who is signed in.
+# How to discover ''capabilities''--that is, what does the site support and how does it work.
+With these two pieces the user-agent can present UI to the user to allow them to control their identity on each site.
 ;Background links
 * {{bug|571409}} Add Account Manager support to Firefox
+* [[Firefox/Projects/AccountManager|Project page]]
 * [[Labs/Weave/Identity/Account_Manager/Spec/Latest|HTTP Extensions for Account Management and Session Identification]]