What Is Firefox Accounts?

Firefox Accounts is consumer account system which provides access to services run by Mozilla, such as Firefox Marketplace and the next version of Firefox Sync. A user can sign in with a Firefox Account to all her "Foxes": Firefox on Desktop, Firefox for Android, and Firefox OS. Signing into a Firefox browser or device gives the user access to integrated Mozilla Services on that browser or device that requires authentication (e.g., Firefox Sync). Longer term we envision that non-Mozilla services and applications will be able to delegate authentication to Firefox Accounts.

Firefox Accounts also functions as a key server for applications that encrypt data, such as the next version of Firefox Sync.

FAQ

Will I be required to create a Firefox Account to use Firefox?

No, of course not! Firefox Accounts will only be required for Mozilla Services that require authentication, such as Firefox Sync and Firefox Marketplace.

How do I create and sign in to a Firefox Account?

Firefox Accounts will work much like authentication works on the rest of the web. You create a Firefox Account with a verified email and password. You sign in to Firefox Accounts with your email and password. Password reset works by responding to an email challenge.

We are currently evaluating creating and logging in to a Firefox Account with a mobile number.

What's the difference between Persona and Firefox Accounts?

Persona is an awesome federated identity protocol, not an account system.

Mozilla needs an account database to deliver a fantastic, integrated experience across all its products. Unfortunately, delivering awesome services involves some less exciting, but still important aspects, like making sure users have had a chance to inspect our terms of service and privacy policies. We must also comply with local laws and regulations, e.g., COPPA. It would be inconvenient for users to have to verify a terms of service, a privacy policy, and COPPA at each individual Mozilla service. We believe that users should only have to inspect our terms of service, privacy policy, and go through COPPA verification once for all our services. Firefox Accounts enables us to do that.

What information does Firefox Accounts store about the user? Can I use it to store user data for my application or service?

Firefox Accounts stores limited user information, and only stores information that will deliver significant user value across applications or is tightly related to the user's identity. It will not store user data for relying services. Relying Mozilla services can use Firefox Accounts for authentication, but application data storage is the responsibility of the individual applications.

Currently, Firefox Accounts stores the user's email address, a unique identifier, sync encryption key material, and whether you user has read and accepted the terms of service, privacy policy, etc. The existence of a Firefox Account also indicates the user has passed COPPA verification.

Possible future plans:

• "screen name"
• avatar
• mobile number

Can I use Persona to log in to my Firefox Account?

Not initially, but it's something we're investigating to add in the future.

Can I use my Firefox Account to log in to non-Mozilla services?

Not initially, but it's something we're investigating to support in the future.

Does Firefox Accounts provide email?

No.

What services will use Firefox Accounts?

Here's a (probably incomplete) list of services we anticipate you'll be able to log into with your Firefox Account:

• Firefox Sync
• Firefox Marketplace
• Where's My Fox?
• crazy future ideas

What do these terms mean?

• FTU, FTE: First Time Experience on Firefox OS
• FxA : Firefox Accounts
• Jelly: A confusing term that refers to a hosted web page that is injected into more native-looking browser UI. An example of this is about:healthreport.
• Doughnut: The browser code that wraps the "Jelly" and enables it to interact with chrome code in the browser.
• RP : Relying Party. Services that use Firefox Accounts for authentication and identity. Currently these are limited to services run by Mozilla.
• PiCL : Profile in the Cloud. This is a deprecated term that was used to refer to Firefox Accounts + attached services (i.e., relying parties).

Architecture

https://mana.mozilla.org/wiki/display/SVCOPS/Firefox+Accounts+Architecture

Services

Firefox Account Services is composed of several sub-services, an API server, a content server, and a crypto helper.

API Server

The API Server provides an HTTP API that:

• authenticates the user
• enables the user to authenticate to other services via BrowserID assertions
• enables change and reset password operations

Links:

• Code: https://github.com/mozilla/picl-idp
• API documentation: https://github.com/mozilla/picl-idp/blob/master/docs/api.md
• API design document: Identity/AttachedServices/KeyServerProtocol
• Dev deployment: https://idp.dev.lcip.org/

Content Server

The Content Server hosts static assets (HTML, Javascript, CSS, etc.) that support user interactions with the Firefox Accounts. The responsibilities of the Content Server include:

• hosting Gherkin, a Javascript library that supports interactions with the API server
• hosting login and create account pages
• hosting password reset pages
• hosting landing pages for email verification links

Links:

• Code: https://github.com/mozilla/firefox-account-bridge
• Dev deployments:
  • Desktop: https://accounts.dev.lcip.org/flow
  • Android: https://accounts.dev.lcip.org/mobile

Gherkin

Gherkin is Javascript client library for the Web that supports operations with Firefox Accounts. In addition to communicating with the API Server, it also performs local key stretching (PBKDF2 and scrypt) on the user's password before it's used in the API. Gherkin is hosted by the Content Server.

Links:

• Code: https://github.com/mozilla/picl-gherkin
• Future rewrite: https://github.com/mozilla/gherkin
• Key stretching details: https://wiki.mozilla.org/Identity/AttachedServices/KeyServerProtocol#Client-Side_Key_Stretching
• Key stretching performance tests: https://wiki.mozilla.org/Identity/AttachedServices/Key_Stretching_Performance_Tests

scrypt Helper

A portion of the key stretching process uses scrypt, a password-based key derivation function that uses significant amounts of memory. On memory constrained devices, Firefox Accounts provides a helper service for this portion of the key stretching process.

Links:

• Code: https://github.com/mozilla/scrypt-helper
• Dev deployment: http://scrypt.dev.lcip.org/

Desktop

Firefox Accounts integration on Firefox for Desktop is happening in the "elm" project branch. We are also working out of a github repo for "pre-elm" experimentation.

Tracking bug:

• https://bugzilla.mozilla.org/showdependencytree.cgi?id=905997&hide_resolved=1

Android

Firefox Accounts integration on Firefox for Android is happening in the "elm" project branch.

Tracking bug:

• https://bugzilla.mozilla.org/showdependencytree.cgi?id=799726&hide_resolved=1

Firefox OS

We are currently focused on how to implement Firefox Accounts in FirefoxOS. This is a collaborative effort working closely with TEF engineers.

Tracking bug:

• https://bugzilla.mozilla.org/showdependencytree.cgi?id=920135&maxdepth=4&hide_resolved=1

Our current line of thought is below and a work-in-progress:

• High level document with background and goals: https://id.etherpad.mozilla.org/fxa-on-fxos
• Lower level document with concrete distinct components: https://id.etherpad.mozilla.org/fxa-on-fxos-madrid
• Architectural diagram:

• UX: https://wiki.mozilla.org/Identity/UX#FXOS

Operations

For now, here are some useful links about Firefox Accounts Operations:

• Q3 load testing results: https://id.etherpad.mozilla.org/fxa-q3-load-testing-summary
• Deployment planning: https://wiki.mozilla.org/Identity/AttachedServices/DeploymentPlanning/
• Traffic model: https://wiki.mozilla.org/Identity/AttachedServices/DeploymentPlanning/TrafficModel
• Notes on the operational costs of the API server: https://mail.mozilla.org/pipermail/sync-dev/2013-July/000043.html

Resources

Mailing Lists

• Firefox Accounts development: https://mail.mozilla.org/listinfo/dev-fxacct
• Sync development: https://mail.mozilla.org/listinfo/sync-dev

Contacts

• Leads: Chris Karlof, Jed Parsons
• IRC: #picl (general FxA, and FxA on Desktop and Android), #native_identity (for FxA on FxOS)
• List: dev-fxacct@mozilla.org
• Engineering: Brian Warner, Danny Coates, Ryan Kelly, Zach Carter, Nick Alexander, Sam Penrose, Shane Tomlinson
• UX: John Gruen, Ryan Feeley
• QA: Edwin Wong, James Bonacci, Peter Dehaan

Related

• Firefox Sync.next
• Identity and PiCL
• FxA UX/UI
• QA Team Test Plan

Demos

• Firefox Accounts + Firefox Sync on Android: https://vimeo.com/77667079
• Firefox Accounts + Firefox Sync on Desktop: https://vimeo.com/77717494