Identity/Features/Firefox-native Verified Email Client: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
(link to sign in to browser feature)
 
(21 intermediate revisions by 8 users not shown)
Line 1: Line 1:
{| class="fullwidth-table"
{{FeatureStatus
|-
|Feature name=Firefox-native Verified Email Client
| style="font-weight: bold; background: #DDD;" | Feature
|Feature stage=Shelved
| style="font-weight: bold; background: #DDD;" | Status
|Feature status=In progress
| style="font-weight: bold; background: #DDD;" | ETA
|Feature version=TBD
| style="font-weight: bold; background: #DDD;" | Owner
|Feature health=Blocked
|-
|Feature status note=Scoping new work after VEP changes.
<section begin="status" />
}}
| [[Identity/Features/Firefox-native Verified Email Client|Firefox-native Verified Email Client]]
{{FeatureTeam
| {{StatusBlocked|status=Blocking on certificate flow (protocol)}}
|Feature product manager=Dan Mills
| 2011.05.10
|Feature feature manager=David Dahl
| Dan Mills
|Feature lead engineer=David Dahl
<section end="status" />
|Feature security lead=Curtis Koenig
|-
|Feature privacy lead=Sid Stamm
|}
|Feature qa lead=James Bonacci
 
|Feature ux lead=Zhenshuo Fang
== Summary ==
|Feature additional members=Diane Loviglio (user research)
Ability to sign into web sites using Verified Email, integrated with our ID service.
}}
{{FeaturePageBody
|Feature overview=Ability to sign into web sites using [[Identity/Verified Email Protocol|Verified Email]], integrated with our (secondary authority) ID service.


Related features:
Related features:
Line 22: Line 24:
* [[../Web-based Verified Email Client|Web-based Verified Email Client]]
* [[../Web-based Verified Email Client|Web-based Verified Email Client]]
* [[../Verified Email Service Admin Interface|Verified Email Service Admin Interface]]
* [[../Verified Email Service Admin Interface|Verified Email Service Admin Interface]]
 
* [[../Sign_into_the_browser|Sign into the browser]]
== Team  ==
|Feature users and use cases=''Note: you may wish to read the [[../Web-based_Verified_Email_Client#Use_Cases|use-case]] for the Web-based Verified Email Client as well''
 
Who's working on this?
 
*'''Feature Manager''': Dan Mills
*'''Lead Developer''': David Dahl
*'''Product Manager''': Dan Mills
*'''QA''': Tracy Walker
*'''UX''': Alex Faaborg
*'''Security''': Curtis Koenig
*'''Privacy''': Sid Stamm
 
== Release Requirements ==
Content APIs in place for web sites to:
* Request a verified email from the browser
* Be proactively given a verified email
* Advertise active/passive sign-in user sessions and sign-out method
 
Browser UI in place to:
* Create a Firefox Account
* Sign into a Firefox Account
* Add an email address to a Firefox Account, and verify it
* Sign into a site by disclosing an email, whether the process is started from chrome or content
* Display active session(s) with the site, and sign-out
 
== Next Steps ==
* Finalize UX mockups [Alex Faaborg]
* Finalize session API [Team-wide]
* Create test plan [?]
* Security review
* Engineering work (see bugs linked below) [David Dahl]
 
== Open Issues ==
 
== Related Bugs & Dependencies ==
 
* [https://bugzilla.mozilla.org/show_bug.cgi?id=652026 Tracking bug]
** [https://bugzilla.mozilla.org/show_bug.cgi?id=652021 Tracking bug: email disclosure APIs]
** [https://bugzilla.mozilla.org/show_bug.cgi?id=652023 Tracking bug: Firefox account & email verification UI]
** [https://bugzilla.mozilla.org/show_bug.cgi?id=652024 Tracking bug: Session discovery & chrome UI]
 
== Designs ==
API docs:
* [[MozillaID/Spec|Verified Email Protocol]]
* [[MozillaID/InternalSpec|Client API]]
 
Future API spec (for reference):
* [[Labs/Identity/VerifiedEmailProtocol|Verified Email Protocol (Labs)]]
 
Mockups:
* [http://people.mozilla.com/~faaborg/files/projects/accountManager/ Are We Pretty Yet? - Account Manager]
* [[MozillaID#UX_Mockups|HTML client mockups]]
 
== Use Cases ==
 
''Note: you may wish to read the [[../Web-based_Verified_Email_Client#Use_Cases|use-case]] for the Web-based Verified Email Client as well''


Anne is a Firefox user. She has an iPhone too, and uses Firefox Sync to get to her bookmarks from her phone.
Anne is a Firefox user. She has an iPhone too, and uses Firefox Sync to get to her bookmarks from her phone.
Line 93: Line 40:
* Firefox reuses Sync credentials for Verified Email
* Firefox reuses Sync credentials for Verified Email
* Firefox can verify the email proactively before first-use
* Firefox can verify the email proactively before first-use
|Feature requirements=Content APIs in place for web sites to:
* Request a verified email from the browser
** Support for signing new identity assertions in-browser
* Be proactively given a verified email
* Advertise active/passive sign-in user sessions and sign-out method
* Register a verified email certificate (primary/secondary authority API)
** Support for keeping certificates in the browser
** Support for refreshing certificates as needed


== Test Plans ==
Browser UI in place to:
Any and all test plans and strategies.  Either inline or linked to.
* Create a Firefox Account
 
* Sign into a Firefox Account
== Goals ==
* Add an email address to a Firefox Account, and verify it
* Provide a convenient way for users to sign-in and sign-out of web sites by using their verified email address
* Sign into a site by disclosing an email, whether the process is started from chrome or content
* Anchor signed-in status & functionality to a consistent location in browser chrome
* Display active session(s) with the site, and sign-out
* Integrate with the Firefox Account, the same account used for Firefox Sync
|Feature non-goals=* Integrating with/implementing non-Verified Email auth protocols
* Provide an on-ramp to a fully distributed verified email system down the road (see Labs' Verified Email protocol)
 
== Non-Goals ==
* Integrating with/implementing non-Verified Email auth protocols
** including HTTP Auth, forms-based sign-in, OpenID, OAuth, etc.
** including HTTP Auth, forms-based sign-in, OpenID, OAuth, etc.
* Multiple accounts per-site (plus fast-user switching)
* Multiple accounts per-site (plus fast-user switching)
* Expanding "sign into the browser" role to allow multiple user support, profile switching support, master password support
* Expanding "sign into the browser" role to allow multiple user support, profile switching support, master password support
* Integrating account information into site-prefs
* Integrating account information into site-prefs
* Implementing fully de-centralized Verified Email support
|Feature functional spec=API docs:
* [[Identity/Verified Email Protocol|Verified Email Protocol]]
* [[MozillaID/InternalSpec|Client API]] (obsolete?)
|Feature ux design=Mockups:
* [http://people.mozilla.com/~faaborg/files/projects/accountManager/ Verified Email (various)]
* [http://people.mozilla.com/~faaborg/files/projects/firefoxAccount/ Firefox Account]
* [[MozillaID#UX_Mockups|HTML client mockups]] (for reference)
|Feature qa review=* Basic Identity items [https://wiki.mozilla.org/Identity/QA test plan]
|Feature implementation notes===== Next Steps ====
* Scope engineering work [David Dahl]
* UX Research [Diane Loviglio]
* Session API Draft [Dan Mills]
* flesh out test plan with test case summaries [Tracy Walker]
* Security review [?]
* Engineering work [David Dahl]


== Other Documentation ==
==== Related Bugs ====
 
* [https://bugzilla.mozilla.org/show_bug.cgi?id=652026 Tracking bug]
== Legend (remove if you like) ==
** [https://bugzilla.mozilla.org/show_bug.cgi?id=652021 Tracking bug: email disclosure APIs]
{| class="fullwidth-table"
** [https://bugzilla.mozilla.org/show_bug.cgi?id=652023 Tracking bug: Firefox account & email verification UI]
|-
** [https://bugzilla.mozilla.org/show_bug.cgi?id=652024 Tracking bug: Session discovery & chrome UI]
| {{StatusHealthy|status=&nbsp;}}
}}
| Healthy: feature is progressing as expected.
{{FeatureInfo
|-
|Feature priority=P2
| {{StatusBlocked|status=&nbsp;}}
|Feature roadmap=Mozilla Identity
| Blocked: feature is currently blocked.
|Feature list=Desktop
|-
|Feature engineering team=Desktop front-end
| {{StatusAtRisk|status=&nbsp;}}
}}
| At Risk: feature is at risk of missing its targeted release.
{{FeatureTeamStatus
|-  
|Feature security status=sec-review-active
| '''ETA'''
|Feature security health=Assigned
| Estimated date for completion of the current feature task. Overall ETA for the feature is the product release date.
|Feature security notes=sstamm
|}
}}
 
__NOTOC__
 
[[Category:Features]]
[[Category:Firefox]]
[[Category:Services]]

Latest revision as of 23:36, 26 May 2012

Please use "Edit with form" above to edit this page.

Status

Firefox-native Verified Email Client
Stage Shelved
Status In progress
Release target TBD
Health Blocked
Status note Scoping new work after VEP changes.

{{#set:Feature name=Firefox-native Verified Email Client

|Feature stage=Shelved |Feature status=In progress |Feature version=TBD |Feature health=Blocked |Feature status note=Scoping new work after VEP changes. }}

Team

Product manager Dan Mills
Directly Responsible Individual David Dahl
Lead engineer David Dahl
Security lead Curtis Koenig
Privacy lead Sid Stamm
Localization lead `
Accessibility lead `
QA lead James Bonacci
UX lead Zhenshuo Fang
Product marketing lead `
Operations lead `
Additional members Diane Loviglio (user research)

{{#set:Feature product manager=Dan Mills

|Feature feature manager=David Dahl |Feature lead engineer=David Dahl |Feature security lead=Curtis Koenig |Feature privacy lead=Sid Stamm |Feature localization lead=` |Feature accessibility lead=` |Feature qa lead=James Bonacci |Feature ux lead=Zhenshuo Fang |Feature product marketing lead=` |Feature operations lead=` |Feature additional members=Diane Loviglio (user research) }}

Open issues/risks

`

Stage 1: Definition

1. Feature overview

Ability to sign into web sites using Verified Email, integrated with our (secondary authority) ID service.

Related features:

2. Users & use cases

Note: you may wish to read the use-case for the Web-based Verified Email Client as well

Anne is a Firefox user. She has an iPhone too, and uses Firefox Sync to get to her bookmarks from her phone.

While browsing the Web, Anne sees a notification bar in Firefox asking her to verify the email address she uses to sign into Firefox Sync. Anne decides to go ahead, clicks a button to send a verification message, and is told to check her inbox for a message.

Anne finds the message in her inbox and clicks the link. She is taken back to Firefox and a message thanks her for verifying the email address. Firefox also tells her that she can now use her verified email address to sign into any supported Web site without any extra passwords.

While talking to her friend Mark, Anne learns about a site called SaladFans.com. Excited to try it out, she browses to the site on her desktop, and when she clicks the "sign in" button, Firefox asks her if it's OK to disclose her verified email address with SaladFans.com. Anne clicks OK, SaladFans.com refreshes and she is now signed in!

Key points:

  • Site API triggers enhanced chrome dialogs in Firefox
  • The same API triggers HTML pop-ups on other browsers (see Web-based Verified Email Client)
  • Firefox reuses Sync credentials for Verified Email
  • Firefox can verify the email proactively before first-use

3. Dependencies

`

4. Requirements

Content APIs in place for web sites to:

  • Request a verified email from the browser
    • Support for signing new identity assertions in-browser
  • Be proactively given a verified email
  • Advertise active/passive sign-in user sessions and sign-out method
  • Register a verified email certificate (primary/secondary authority API)
    • Support for keeping certificates in the browser
    • Support for refreshing certificates as needed

Browser UI in place to:

  • Create a Firefox Account
  • Sign into a Firefox Account
  • Add an email address to a Firefox Account, and verify it
  • Sign into a site by disclosing an email, whether the process is started from chrome or content
  • Display active session(s) with the site, and sign-out

Non-goals

  • Integrating with/implementing non-Verified Email auth protocols
    • including HTTP Auth, forms-based sign-in, OpenID, OAuth, etc.
  • Multiple accounts per-site (plus fast-user switching)
  • Expanding "sign into the browser" role to allow multiple user support, profile switching support, master password support
  • Integrating account information into site-prefs

Stage 2: Design

5. Functional specification

API docs:

6. User experience design

Mockups:

Stage 3: Planning

7. Implementation plan

`

8. Reviews

Security review

`

Privacy review

`

Localization review

`

Accessibility

`

Quality Assurance review

Operations review

`

Stage 4: Development

9. Implementation

Next Steps

  • Scope engineering work [David Dahl]
  • UX Research [Diane Loviglio]
  • Session API Draft [Dan Mills]
  • flesh out test plan with test case summaries [Tracy Walker]
  • Security review [?]
  • Engineering work [David Dahl]

Related Bugs

Stage 5: Release

10. Landing criteria

` {{#set:Feature open issues and risks=` |Feature overview=Ability to sign into web sites using Verified Email, integrated with our (secondary authority) ID service.

Related features:

|Feature users and use cases=Note: you may wish to read the use-case for the Web-based Verified Email Client as well

Anne is a Firefox user. She has an iPhone too, and uses Firefox Sync to get to her bookmarks from her phone.

While browsing the Web, Anne sees a notification bar in Firefox asking her to verify the email address she uses to sign into Firefox Sync. Anne decides to go ahead, clicks a button to send a verification message, and is told to check her inbox for a message.

Anne finds the message in her inbox and clicks the link. She is taken back to Firefox and a message thanks her for verifying the email address. Firefox also tells her that she can now use her verified email address to sign into any supported Web site without any extra passwords.

While talking to her friend Mark, Anne learns about a site called SaladFans.com. Excited to try it out, she browses to the site on her desktop, and when she clicks the "sign in" button, Firefox asks her if it's OK to disclose her verified email address with SaladFans.com. Anne clicks OK, SaladFans.com refreshes and she is now signed in!

Key points:

  • Site API triggers enhanced chrome dialogs in Firefox
  • The same API triggers HTML pop-ups on other browsers (see Web-based Verified Email Client)
  • Firefox reuses Sync credentials for Verified Email
  • Firefox can verify the email proactively before first-use

|Feature dependencies=` |Feature requirements=Content APIs in place for web sites to:

  • Request a verified email from the browser
    • Support for signing new identity assertions in-browser
  • Be proactively given a verified email
  • Advertise active/passive sign-in user sessions and sign-out method
  • Register a verified email certificate (primary/secondary authority API)
    • Support for keeping certificates in the browser
    • Support for refreshing certificates as needed

Browser UI in place to:

  • Create a Firefox Account
  • Sign into a Firefox Account
  • Add an email address to a Firefox Account, and verify it
  • Sign into a site by disclosing an email, whether the process is started from chrome or content
  • Display active session(s) with the site, and sign-out

|Feature non-goals=* Integrating with/implementing non-Verified Email auth protocols

    • including HTTP Auth, forms-based sign-in, OpenID, OAuth, etc.
  • Multiple accounts per-site (plus fast-user switching)
  • Expanding "sign into the browser" role to allow multiple user support, profile switching support, master password support
  • Integrating account information into site-prefs

|Feature functional spec=API docs:

|Feature ux design=Mockups:

|Feature implementation plan=` |Feature security review=` |Feature privacy review=` |Feature localization review=` |Feature accessibility review=` |Feature qa review=* Basic Identity items test plan |Feature operations review=` |Feature implementation notes===== Next Steps ====

  • Scope engineering work [David Dahl]
  • UX Research [Diane Loviglio]
  • Session API Draft [Dan Mills]
  • flesh out test plan with test case summaries [Tracy Walker]
  • Security review [?]
  • Engineering work [David Dahl]

Related Bugs

|Feature landing criteria=` }}

Feature details

Priority P2
Rank 999
Theme / Goal `
Roadmap Mozilla Identity
Secondary roadmap `
Feature list Desktop
Project `
Engineering team Desktop front-end

{{#set:Feature priority=P2

|Feature rank=999 |Feature theme=` |Feature roadmap=Mozilla Identity |Feature secondary roadmap=` |Feature list=Desktop |Feature project=` |Feature engineering team=Desktop front-end }}

Team status notes

  status notes
Products ` `
Engineering ` `
Security sec-review-active sstamm
Privacy ` `
Localization ` `
Accessibility ` `
Quality assurance ` `
User experience ` `
Product marketing ` `
Operations ` `

{{#set:Feature products status=`

|Feature products notes=` |Feature engineering status=` |Feature engineering notes=` |Feature security status=sec-review-active |Feature security health=Assigned |Feature security notes=sstamm |Feature privacy status=` |Feature privacy notes=` |Feature localization status=` |Feature localization notes=` |Feature accessibility status=` |Feature accessibility notes=` |Feature qa status=` |Feature qa notes=` |Feature ux status=` |Feature ux notes=` |Feature product marketing status=` |Feature product marketing notes=` |Feature operations status=` |Feature operations notes=` }}


Retrieved from "https://wiki.allizom.org/index.php?title=Identity/Features/Firefox-native_Verified_Email_Client&oldid=434681"