Identity/Architecture/SignIntoBrowser: Difference between revisions

Use Cases

Check out the Feature Page.

Brief version: Alice signs into her Firefox with Persona credentials, and her Firefox is immediately customized with her theme, bookmarks, passwords, history, add-ons, apps, and identities. She can use her identities to sign into websites, and all of her signin preferences (which web sites to automatically log into, etc.) are present in this new device.

Goals

Reusable but Flexible Identity

If Alice logs into her browser as alice@example.com, she should be able to immediately use that identity to log into web sites. She should not be limited to that identity alone, however, and she should have her other preferred identities immediately at her disposal without having to retype them on each device.

Pluggable Services

Alice should be able to use the services of her choice, e.g. store her bookmarks with Google, her passwords and apps with Mozilla, and her contacts with her cell phone operator.

Pluggable Browsing Context Provider

Alice should be able to select the server that performs the initial signin-to-the-browser authentication and setup of her preferred services. E.g., this may be a corporate directory server.

Components

Browsing Context Provider (BCP)

A Browsing Context Provider is a BrowserID IdP with additional properties. This means a BCP provides the basic BrowserID IdP items:

• a public key that is the root of trust for that domain
• a login web content page where users authenticate in whatever way the BCP chooses
• a provisioning web content page that provides authenticated users with a certificate of their identity

and, in addition to this:

• a discovery ID-attached-service URL that provides the user's set of personalized service endpoints.

ID-attached Services

User-Agent

Flow