|
|
| (18 intermediate revisions by 4 users not shown) |
| Line 1: |
Line 1: |
| | =NOTE: This page is defunct and retained for historical purposes only. See the current [[Identity]] page for actively-maintained info on the current Identity team and project status.= |
| | |
| <section begin=summary />{{RoadmapSummary | | <section begin=summary />{{RoadmapSummary |
| |icon=Identityicon.png | | |icon=Identityicon.png |
| Line 4: |
Line 6: |
| |pagetitle=Mozilla Identity Roadmap | | |pagetitle=Mozilla Identity Roadmap |
| |owner=Dan Mills | | |owner=Dan Mills |
| |updated=Feb 2011 | | |updated=Mar 2011 |
| |status=Draft | | |status=Draft |
| |description=Mozilla ID (final name TBD) will be a Mozilla-operated service that provides a safe and simple to use federated ID system for Web developers and users. | | |description=Mozilla ID (final name TBD) will be a Mozilla-operated service that provides a safe and simple to use federated ID system for Web developers and users. |
|
| |
|
| Signing into sites is a common pain point on Web sites today, and this service will be one piece of a larger effort to fix that pain. We've made an effort to bring a 'single sign-on'-like experience to the Web, to provide hooks for browser integration, to make sure the system works on current-generation browsers, to give users the ability to choose their ID provider and use their preferred provider on any Web site, and to protect user privacy while at the same time facilitating an exchange of profile data with sites. | | Signing into sites is a common pain point on Web sites today, and this service will be one piece of a larger effort to fix that pain. We've made an effort to bring a 'single sign-on'-like experience to the Web, to provide hooks for browser integration, to make sure the system works on current-generation browsers, to give users the ability to choose what identity they choose to disclose to any Web site, and to protect user privacy while at the same time facilitating an exchange of profile data with sites. |
| }}<section end=summary /> | | }}<section end=summary /> |
|
| |
|
| Line 29: |
Line 31: |
| = Get Involved = | | = Get Involved = |
|
| |
|
| We'll have a mailing list set up soon. In the meantime you can reach us on IRC:
| | Subscribe to our mailing list / Google group / newsgroup: |
| | |
| | * [https://groups.google.com/forum/?pli=1#!forum/mozilla.dev.identity Our Google group] |
| | * [https://lists.mozilla.org/listinfo/dev-identity Our mailing list] |
| | * Our newsgroup (nntp): |
| | |
| | Server: news.mozilla.org<br> |
| | Group: mozilla.dev.identity |
| | |
| | Reach us on IRC here: |
|
| |
|
| irc.mozilla.org, #identity | | irc.mozilla.org, #identity |
| Line 64: |
Line 75: |
| * Firefox reuses Sync credentials | | * Firefox reuses Sync credentials |
| * Firefox can verify the email proactively before first-use | | * Firefox can verify the email proactively before first-use |
|
| |
| = Requirements =
| |
|
| |
| ;Service
| |
| * Service shares user DB with Firefox Sync
| |
| * Supports multiple email addresses per account
| |
| * Email addresses must be verified before they can be used for sign-in
| |
| * Service implements verified email protocol [todo: link to protocol spec]
| |
|
| |
| ;HTML Client-side Implementation
| |
| * Implements verified email protocol JS API with a library
| |
| * Supports IE 8+, Chrome, Firefox 4+, Safari 5
| |
| * JS library must disable itself if the browser natively implements the API
| |
| * Allows user to sign-in to Mozilla service, using an email and password
| |
| * Allows user to register a new Mozilla account
| |
| * Implements email disclosure flow once signed in
| |
| * Communication with the user is done via pop-ups (to prevent clickjacking)
| |
|
| |
| ;Admin Interface
| |
| * List and manage email addresses (verified and unverified)
| |
| ** Add, remove address
| |
| ** Re-send verification mail
| |
| * List sites where Mozilla ID has been used to sign in
| |
| ** Include a timestamp for the last time a sign-in occurred
| |
|
| |
|
| = Operational Requirements = | | = Operational Requirements = |
| Line 99: |
Line 86: |
| = Releases / Roadmap = | | = Releases / Roadmap = |
|
| |
|
| [to be updated - requirements have changed]
| | * [https://mail.mozilla.com/home/dmills@mozilla.com/MozID.html Calendar] |
| | |
| [https://intranet.mozilla.org/Projects/MozillaID/Schedule Schedule of Deliverables] | |
| | |
| == Milestone 1 ==
| |
| | |
| ;Overview
| |
| | |
| * Sites implement OpenID 2 RP support
| |
| * Sites use a JS library to build a sign-in button on their pages
| |
| * Users can sign in using their Sync password using any web browser
| |
| | |
| ;Timing
| |
| | |
| tbd
| |
| | |
| ;Details
| |
| | |
| {| width="100%" cellpadding="3"
| |
| |-
| |
| | style="background-color: #efefef; width: 20px"| '''Priority'''
| |
| | style="background-color: #efefef;"| '''Item'''
| |
| | style="background-color: #efefef;"| '''Bug'''
| |
| | style="background-color: #efefef;"| '''Status'''
| |
| |-
| |
| | P1 || OpenId 2.0 Provider endpoint || - || code complete
| |
| |-
| |
| | P1 || Sign in page takes email and password || - || code complete
| |
| |-
| |
| | P1 || Sign in matches against Sync user DB || - || code complete
| |
| |-
| |
| | P1 || JS API & Library to create a button and initiate login || - || not started
| |
| |-
| |
| | P1 || Claimed IDs are unique per each user/site combination || - || not started
| |
| |-
| |
| | P2 || Temp artwork || - || not started
| |
| |}
| |
| | |
| == Milestone 2 ==
| |
| | |
| ;Overview
| |
| | |
| * Sites add attribute exchange support to get email
| |
| * Sites can get different button options
| |
| * Users can sign up for a Mozilla Account using any browser
| |
| * User will be prompted when a site requests their email address
| |
| | |
| ;Timing
| |
| | |
| tbd
| |
| | |
| ;Details
| |
| | |
| {| width="100%" cellpadding="3"
| |
| |-
| |
| | style="background-color: #efefef; width: 20px"| '''Priority'''
| |
| | style="background-color: #efefef;"| '''Item'''
| |
| | style="background-color: #efefef;"| '''Bug'''
| |
| | style="background-color: #efefef;"| '''Status'''
| |
| |-
| |
| | P1 || Attr. exchange support; email only, content disclosure form || - || not started
| |
| |-
| |
| | P1 || In-content account creation flow || - || not started
| |
| |-
| |
| | P2 || Single Sign on pilot program || - || not started
| |
| |-
| |
| | P2 || Martell artwork v1 || - || not started
| |
| |-
| |
| | P2 || Various display options for buttons (e.g. sizes) || - || not started
| |
| |}
| |
| | |
| == Milestone 3 ==
| |
| | |
| ;Overview
| |
| | |
| * Firefox users will see chrome
| |
| ** prompting them to sign in, disclose their email, or create a Mozilla account
| |
| ** displaying their current signed in state on the current site
| |
| * Users can sign into Mozilla ID using an OpenID or GoogleID
| |
| * Users can alias a GoogleID or OpenID into their Sync account
| |
| * Sites can request account strength details (captcha'd, last profile change, etc.)
| |
| | |
| ;Timing
| |
| | |
| tbd
| |
| | |
| ;Details
| |
| | |
| {| width="100%" cellpadding="3"
| |
| |-
| |
| | style="background-color: #efefef; width: 20px"| '''Priority'''
| |
| | style="background-color: #efefef;"| '''Item'''
| |
| | style="background-color: #efefef;"| '''Bug'''
| |
| | style="background-color: #efefef;"| '''Status'''
| |
| |-
| |
| | P1 || Account Manger integration (sign-in, email disclosure, active identity) || - || not started
| |
| |-
| |
| | P2 || Attr. exchange for other account metadata (e.g., captcha'd, etc.) || - || not started
| |
| |-
| |
| | P1 || CAS server integration (SSO) || - || not started
| |
| |-
| |
| | P1 || Google sign-in, linked to an existing account || - || not started
| |
| |-
| |
| | P1 || OpenID sign-in, linked to an existing account || - || not started
| |
| |-
| |
| | P2 || Stand-alone Google ID / OpenID sign-in || - || not started
| |
| |}
| |
| | |
| == Milestone 4 ==
| |
| | |
| ;Overview
| |
| | |
| ;Timing
| |
| | |
| ;Details
| |
| | |
| {| width="100%" cellpadding="3"
| |
| |-
| |
| | style="background-color: #efefef; width: 20px"| '''Priority'''
| |
| | style="background-color: #efefef;"| '''Item'''
| |
| | style="background-color: #efefef;"| '''Bug'''
| |
| | style="background-color: #efefef;"| '''Status'''
| |
| |-
| |
| | P1 || Admin API & Dashboard || - || not started
| |
| |-
| |
| | P2 || Dashboard: transaction log || - || not started
| |
| |-
| |
| | P1 || Dashboard: connected accounts (OPs) || - || not started
| |
| |-
| |
| | P1 || Dashboard: RPs & granted permissions || - || not started
| |
| |-
| |
| | P1 || Dashboard: Change email/password || - || not started
| |
| |-
| |
| | P2 || Admin API meets Account Manager needs for site prefs/acct details || - || not started
| |
| |}
| |
|
| |
|
| [[Category:Roadmaps]] | | [[Category:Roadmaps]] |
| Line 239: |
Line 92: |
| = Design Documents / Dev Notes = | | = Design Documents / Dev Notes = |
|
| |
|
| * [https://wiki.mozilla.org/Services/OpenId OpenID documentation] | | * [[/Spec|Verified Email Protocol]] |
| * [[Projects/MozillaID/ServerProtocol|Server protocol notes]] | | * [[/InternalSpec|Client API]] |
| | | * [[/HTML_Client|Pure HTML Client]] |
| ;M1
| |
| | |
| Things to think about in the M1 time-frame:
| |
| | |
| * Abuse mitigation | |
| * JS API needs to allow for sites to customize the button they embed
| |
| * Need to sketch out what admin API will look like
| |
| | |
| | |
| == Open Questions ==
| |
| | |
| ;M1
| |
| | |
| * Who will create the js api?
| |
| ** what actions will the js api need to provide?
| |
| ** how will the library be invoked?
| |
| * Where will sign-in page be hosted?
| |
| * How will claimed id's be hashed & associations stored?
| |
| * Is site customization of the login button compatible with restricting introspection of the inserted page elements?
| |
| | |
| ;M2
| |
| | |
| * Will we be accepting Google sign-ins (iow. are we proxying google or are we accepting Google as a OP?)
| |
| | |
| OpenID has no concept of proxying. Sites will be RPs to us, and we will be RP to Google (as well as other OpenID providers).
| |
| | |
| * Is there an api for sync account creation flow?
| |
| * Can we create Sync accounts in this way and still allow the Sync UI in the browser to connect to that account? Sync UI currently expects you to either (a) create a new account, or (b) know the details, including the sync key.
| |
| * Captcha mechanism to use?
| |
| | |
| Accounts created on our service directly (i.e., not federated OpenID/GoogleID accounts) will be regular accounts like the Sync service makes, and should use the same CAPTCHA service (ReCaptcha at the moment).
| |
| | |
| * Is content disclosure per partner or global?
| |
| | |
| Disclosure is for each RP.
| |
| | |
| ** where will this preference be stored?
| |
| ** Will user be able to modify/revoke access?
| |
| | |
| Yes, the admin API and the dashboard will provide this functionality.
| |
| | |
| ;M3
| |
| | |
| * Who will be doing chrome work?
| |
| * Where/how will meta data be stored?
| |
| * Who will be the PoC for CAS?
| |
| * How will user be polled for additional attribute exchange?
| |
| * Do we determine signed in state without actively polling remote site (cookies lie)?
| |
|
| |
|
| = QA = | | = QA = |
| Line 296: |
Line 101: |
|
| |
|
| = Localization = | | = Localization = |
|
| |
| = UX Mockups =
| |
|
| |
| [[File:WebLogin.jpg|200px|thumb|left|Iteration 1]]
| |
|
| |
| [[File:Sign-In-Single-Email.png|200px|thumb|left|Iteration 2: Single email]]
| |
|
| |
| [[File:Sign-In-and-Site-Identity.png|200px|thumb|left|Iteration 2: Multi email]]
| |
|
| |
| <br clear="all"/>
| |
|
| |
|
| = Security & Privacy = | | = Security & Privacy = |
| Line 341: |
Line 136: |
| ** doesn't provide enough information to RPs (e.g. name, photo, etc.) | | ** doesn't provide enough information to RPs (e.g. name, photo, etc.) |
| ** confusing (I'm a URL?) | | ** confusing (I'm a URL?) |
|
| |
| <br clear="all"/>
| |