Identity/Features/Web-based Verified Email Client
| Feature | Status | ETA | Owner |
| Web-based Verified Email Client | Scoping new work after VEP changes | TBD | JR Conlin |
Summary
Pure HTML client of the Verified Email Service.
Related features:
Team
Who's working on this?
- Feature Manager: Dan Mills
- Lead Developer: Rob Miller
- Product Manager: Dan Mills
- QA: Tracy Walker
- UX: Chris Howse
- Security: Michael Coates
- Privacy: Sid Stamm
Release Requirements
| Item | Bug | Status |
| Core VEP client implementation (can handshake w/ server register an email, generate keys, receive a cert, generate assertion; no UI, no cert refresh) | 664598 | - |
| Relying party wrapper implementation (can handle getVerifiedEmail call and interact w/ core VEP client in a popup window; still no UI nor cert refresh) | 664597 | - |
| Identity authority wrapper implementation (can handler registerVerifiedEmail and registerVerifiedEmailCertificate calls and can interact w/ core VEP client in parent window, still no UI nor cert refresh) | 669455 | - |
| UI interaction through account creation / login / release of one email address (most UI will be generated by the server) | 664594 | - |
| Email selection UI (mostly generated by UA) and integration into VEP process | 664599 | - |
| Certificate refresh, successful only | 668620 | - |
| Certificate refresh w/ failure | 668625 | - |
| ========= OLDER (OBSOLETE?) MILESTONES BELOW ========== | ||
| Relying party API | - | - |
| Sign-in pop-up | - | - |
| Email disclosure pop-up | - | - |
| Email verification pop-up | - | - |
| Account creation pop-up | - | - |
| Account creation UX polish[1] | - | - |
| HTML client popups support multiple emails | - | - |
| HTML client allows adding a new email to an existing account | - | - |
[1] e.g., password strength meter, pop-up auto-closes upon email verification
Next Steps
Open Issues
Related Bugs & Dependencies
Designs
API Docs
Obsolete?
Mockups
Older mockups:
Use Cases
Mark gets a tip from a friend about SaladFans.com, a place to review and share your favorite salad bars. Mark visits the site and is eager to contribute his own reviews as well as connecting with friends to find out which salad bars they like.
Mark sees a "sign in" button on the SaladFans site, and when he clicks on it a Mozilla ID pop-up dialog comes up telling him that the site is asking for a verified email address to sign-in. Mark hasn't used Mozilla ID before, so he clicks the "register" button.
Mark now types in his email address, and chooses a password for his account. After he's done, Mozilla ID tells him that a verification message has been sent to his email, and he needs to click on a link there before proceeding. Mark checks his email and clicks on the link in the message Mozilla ID sent him. The link opens up a new pop-up replacing the previous one, which welcomes him to Mozilla ID and asks him if it's OK to disclose the email address to SaladFans.com. Mark clicks OK, the dialog closes, SaladFans.com reloads, and Mark is now signed into SaladFans.com!
Key Points:
- Easy set-up from scratch
- All HTML flow, works on a variety of browsers
- Flow centered around verified email disclosure
Test Plans
Basic Identity items test plan
Goals
- Implement the JS API for sites to support Verified Email
- Not to interfere when native browser support is present
- Directly interface with the Mozilla Verified Email service for all functionality
- Support Verified Email on current-generation browsers: Firefox 4, IE 8, Chrome 10, Safari 5, Opera
Non-Goals
- Integrating with/implementing non-Verified Email auth protocols
- including HTTP Auth, forms-based sign-in, OpenID, OAuth, etc.
- Support for other profile information
Other Documentation
Legend (remove if you like)
| Healthy: feature is progressing as expected. | |
| Blocked: feature is currently blocked. | |
| At Risk: feature is at risk of missing its targeted release. | |
| ETA | Estimated date for completion of the current feature task. Overall ETA for the feature is the product release date. |