Identity/Architecture/SignIntoBrowser

From MozillaWiki
Jump to navigation Jump to search

DRAFT
The content of this page is a work in progress intended for review.

Please help improve the draft!

Ask questions or make suggestions in the discussion
or add your suggestions directly to this page.


Use Case

Check out the Feature Page.

Brief version: Alice signs into her Firefox with Persona credentials, and her Firefox is immediately customized with her theme, bookmarks, passwords, history, add-ons, apps, and identities. She can use her identities to sign into websites, and her signin preferences (which web sites to automatically log into, etc.) are present in this new device.

Technical Goals

Reusable but Flexible Identity

If Alice logs into her browser as alice@example.com, she should be able to easily use that identity to log into web sites. She should also be able to use her other preferred identities.

Pluggable Services

Alice should be able to use the services of her choice, e.g. store her bookmarks with Google, her passwords and apps with Mozilla, and her contacts with her cell phone operator.

User-Selectable Browsing Context Provider

Alice should be able to select the server that performs the initial signin-to-the-browser authentication and setup of her preferred services. E.g., this may be a corporate directory server.

Components

SigninToFirefoxComponents.png

Browsing Context Provider (BCP)

A Browsing Context Provider is the service that, upon user login, provides the context for the user's Web experience, specifically the user's set of identities and additional ID-connected services. A BCP is implemented as a BrowserID IdP with an additional discovery service. Thus, a BCP provides BrowserID parameters:

  • a public key that is the root of trust for that domain
  • a login content page where users authenticate in whatever way the BCP chooses
  • a provisioning content page where authenticated users receive a certificate of their identity

In addition, to this, the BCP provides:

  • a directory service that indicates the user's personalized services.

ID-connected Services

An ID-connected service is a web service that provides data and/or functions based on the user's identity. A service that stores a user's bookmarks (or passwords, or apps, or contacts) is one example of an ID-connected service.

ID-connected services may authenticate users via Persona or any other authentication mechanism. Persona-authenticated services are easier to integrate into browser functionality, given the standard presentation of a Persona login assertion.

User-Agent

Flow

Retrieved from "https://wiki.allizom.org/index.php?title=Identity/Architecture/SignIntoBrowser&oldid=422961"