946
edits
Firefox/Projects/AccountManager: Difference between revisions
Firefox/Projects/AccountManager (view source)
Revision as of 23:26, 8 September 2010
, 8 September 2010→TODO
(→TODO) |
|||
| (11 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
__NOTOC__ | __NOTOC__ | ||
The Account Manager project aims to help users manage the (currently manual and tedious) process of signing up/in/out of sites by adding chrome-level status and knobs to give the user a consistent point to view and control of sign-in status to the current site. | The Account Manager project aims to help users manage the (currently manual and tedious) process of signing up/in/out of sites by adding chrome-level status and knobs to give the user a consistent point to view and control of sign-in status to the current site. | ||
| Line 12: | Line 11: | ||
= Drivers = | = Drivers = | ||
* [mailto:thunder@mozilla.com Dan Mills] | * [mailto:thunder@mozilla.com Dan Mills] | ||
* [mailto: | * [mailto:mardak@mozilla.com Ed Lee] | ||
* [mailto:faaborg@mozilla.com Alex Faaborg] | * [mailto:faaborg@mozilla.com Alex Faaborg] | ||
* [mailto:thunder@mozilla.com?subject=I%20want%20to%20help! You!] | * [mailto:thunder@mozilla.com?subject=I%20want%20to%20help! You!] | ||
= Status = | = Status = | ||
;Overview | |||
<onlyinclude>See {{bug|571409}}</onlyinclude>. | |||
Account Manager is currently a patch to mozilla-central, and is being targeted at the first release post 4.0. | |||
Note that there is an add-on prototype (the result of the Labs exploration), but it is buggy and speaks an older version of the Account Manager protocol. It is not recommended for testing, use try-server builds instead. | |||
;Performance Impact | |||
Currently around 1.3% on average: | |||
linux: 1.7% | |||
lin64: 2.4% | |||
macos: 0.2% | |||
mac64: 2.0% | |||
winxp: 1.3% | |||
win 7: 0.5% | |||
;[[Firefox/Projects/AccountManager/SecurityReview|Security Review]] | |||
In progress on Sept 1 3pm | |||
= Helping Out = | |||
First, see [[Firefox/Projects/AccountManager/CodeOverview|here]] for a quick walk-through of the code. That will tell you what's what and help you get started. | |||
Then see the TODO section on this page for open items to work on. | |||
= | Thanks! | ||
= TODO = | |||
;User facing features | |||
* autoconnect [~2d] | |||
* multi-profile sign-in bubbles [~1d] | |||
* federated profile [~3d] | |||
* HTTP Auth profile | |||
* right click menu (fast user switching) | |||
* basic in-content registration [a few days' work] | |||
* | ;Backend features | ||
* | * cookie-watching (refresh status on cookie changes) [~1day] | ||
* | * per-method static parameters (for forms that use a hidden param to determine action) | ||
* per-method dynamic parameters (for e.g. CSRF protection) | |||
;Password manager integration | |||
* {{bug|589362}} | |||
* use new password manager columns for account lookup/saving | |||
** migration (set account realm for existing saved logins) [~1 day] | |||
** also on password manager end (when saving new password) [~1 day (dolske?)] | |||
* | ;Security fixes | ||
* shouldn't support http form auth transparently without more warning | |||
* explicitly only allow http/https realm uri (and not ftp, etc) | |||
* only allow https realms from https requests | |||
* login csrf: amcd enforces where it can be used on which sites | |||
* login csrf: link header URI needs to be restricted to the site | |||
* make sure Link header URI and host-meta URI aren't conflicting if header is missing ? | |||
* STS support - should Just Work, but test that requests get upgraded correctly | |||
* ensure that SSL cert errors are handled appropriately | |||
= Requirements = | = Requirements = | ||
| Line 70: | Line 115: | ||
* Disables itself during private browsing mode [P1] | * Disables itself during private browsing mode [P1] | ||
= Non-Goals = | |||
* Greasemonkey-like hacks that work only on one site, except as needed only to demonstrate the potential for the feature. | |||
* Creating new and interesting authentication/authorization schemes. | |||
* Extensive hacking on Password Manager-like heuristics to make it only sort of work on more sites. | |||
= Dependencies = | = Dependencies = | ||
| Line 80: | Line 131: | ||
= Mockups = | = Mockups = | ||
[[File:Account manager i2.png|200px|thumb|left| | [[File:Account manager i2.png|200px|thumb|left|Iteration 2]] | ||
[https://wiki.mozilla.org/images/e/e2/Account_manager_i6.png Iteration 6] (direct link - doesn't thumbnail correctly). | |||
<br clear="all"/> | <br clear="all"/> | ||
= Related Projects / Other Links = | = Related Projects / Other Links = | ||
* [[Firefox/Projects/SiteIdentity|Site Identity]] | |||
* [[Labs/Weave/Identity/Account_Manager|Account Manager Labs project]] | * [[Labs/Weave/Identity/Account_Manager|Account Manager Labs project]] | ||
* [https://groups.google.com/group/mozilla-labs-online-identity?pli=1 Google Group] | |||
We held an in-person meetup on May 21st, see: | We held an in-person meetup on May 21st, see: | ||
* [[Firefox/Projects/AccountManager/Meetup|The meetup page]] (with notes). | * [[Firefox/Projects/AccountManager/Meetup|The meetup page]] (with notes). | ||
* [[Firefox/Projects/AccountManager/Meetup/Analysis|Distilled analysis]] from discussions at the meetup. | * [[Firefox/Projects/AccountManager/Meetup/Analysis|Distilled analysis]] from discussions at the meetup. | ||