The Account Manager project aims to help users manage the (currently manual and tedious) process of signing up/in/out of sites by adding chrome-level status and knobs to give the user a consistent point to view and control of sign-in status to the current site.
The project has two main deliverables:
- A protocol definition that sites can use to define their account-and-session management features in a format a web browser can understand. (Check out the latest draft of the specification, or older versions).
- An implementation of this protocol in Firefox.
This project is a reboot of the Account Manager Labs project, see that page for more background information.
Drivers
- Dan Mills (Labs lead)
- Gavin Sharp (Firefox lead)
- Alex Faaborg (UX)
- You!
Status
- IN FLIGHT: Early porting stages (primary focus on bug 571411)
We're keeping track of sites that support Account Manager, see this list.
Goals
Non-Goals
- Greasemonkey-like hacks that work only on one site, except as needed only to demonstrate the potential for the feature.
- Creating new and interesting authentication/authorization schemes.
- Extensive hacking on Password Manager-like heuristics to make it only sort of work on more sites.
Timeline/Milestones
- Tracking bug: bug 571409
| Core Features | ||||
| Priority | Target | Item | Bug | Status |
| P1 | M1 | Account Manager service | bug 571413 | |
| P1 | M1 | Realm detection engine | bug 571411 | |
| Profiles | ||||
| Priority | Target | Item | Bug | Status |
| P1 | M1 | Username + password forms: sign in/sign out | bug 571414 | |
| P1 | M2 | Username + password forms: registration | bug 571418 | |
| P1 | M2 | HTTP Auth: sign in/sign out | - | |
| P2 | M3 | HTTP Auth: registration | - | |
| P1 | M2 | OpenID: connect/disconnect | - | |
| P2 | M2 | Proprietary federated: connect/disconnect | - | |
| P3 | M2 | OAuth: connect/disconnect | - | |
| Synth Realms | ||||
| Priority | Target | Item | Bug | Status |
| P1 | M3 | Synth realm API for addons | ||
| P3 | M3 | Synth realm demo add-on, Fb support | ||
Requirements
- Status display
- Unregistered, signed-out, and signed-in for supported sites [P1]
- Notifications of site requests for sign-in [P3]
- Sign-up support
- New id+secret pair negotiation [P1]
- Automatic password generation [P1]
- Optional feature to allow user-defined passwords [P1]
- Remember preferred email and username(s) [P1]
- Sign-in support
- Request existing user credentials for new/unknown sites [P1]
- Two-click sign-in [P1]
- Optional automatic sign-in on next session [P2]
- Support for multiple accounts [P1]
- Sign-out support
- Two-click sign-out [P1]
- Password change
- User-initiated password change [P2]
- To a new random password [P3]
- To a new user-defined password [P2]
- User-initiated password change [P2]
- Support for various authentication types
- Form submission/cookie [P1]
- HTTP Basic auth [P1]
- HTTP Digest auth [P2]
- Client certs [P3]
- Supports sync if installed [P1]
- Disables itself during private browsing mode [P1]
Dependencies
Generally speaking:
- Password manager
- Theme work, site button in particular
- Notifications, to a lesser extent
Mockups
Testing
Related Projects / Other Links
We held an in-person meetup on May 21st, see:
- The meetup page (with notes).
- Distilled analysis from discussions at the meetup.
- Google Group