<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Wed, Feb 5, 2014 at 11:26 AM, Richard Newman <span dir="ltr"><<a href="mailto:rnewman@mozilla.com" target="_blank">rnewman@mozilla.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Can you clarify what you mean by "profile" here?<br></blockquote><div><br></div><div>Shared common profile data. Example data fields: name, avatar, phone number, age, gender, location, etc. My thinking is that an RP could ask for a couple of them, and a UI would prompt for user permission before sending over this data.<br>
</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div class="im"><br>
</div>My proposal is this:<br>
<br>
• Don't do it during login. The account server should manage accounts, and we already have this deployed and working. Have another box right next to it that does metadata storage.<br></blockquote><div><br></div><div>
It will be a separate server: <a href="https://github.com/mozilla/fxa-profile-server">https://github.com/mozilla/fxa-profile-server</a><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
• Have a single 'magic' service associated with your account endpoint. (Right now our magic service is Sync's token server — we hard-code the Mozilla token server URI, so there's no real discovery process.)<br>
• Have that service accept ordinary FxA-authenticated requests.<br>
• REST, JSON in, JSON out, conflict detection and versioning. Very simple.<br>
• Clients talk exclusively to that other service to find out and manage the services associated with your account.<br>
<br>
You could almost think of this as a simple version of Sync 1.5 exclusively for storing service descriptors.<br>
<br></blockquote><div><br></div><div>That's the crux of this discussion: how does an RP request and receive data from an attached service? Does an RP request specific data identified by a URI (like <a href="https://profiles.accounts.firefox.com#avatar">https://profiles.accounts.firefox.com#avatar</a>)? Or do they use a more generic URI, identifying a type of data (<a href="https://accounts.firefox.com#profile/avatar">https://accounts.firefox.com#profile/avatar</a>), and the user would have to have associated an FxA Profile (or an independent provider of the <a href="http://accounts.firefox.com#profile/avatar">accounts.firefox.com#profile/avatar</a> data type) with their account beforehand, as their provider for this data type?<br>
<br></div><div>It feels right to request some of this data at login, and other parts later, when the app needs it. Either way, it seems we could standardize how to request this data, and an RP could only ever talk to the users Firefox Account in order to request more of the data, instead of an RP talking to several different services. We can do the hard work once, instead of each RP doing it every time.<br>
</div></div><br></div></div>