11.22.13 Engineering Progress Report for Firefox Accounts and Sync.next

Chris Karlof ckarlof at mozilla.com
Fri Nov 22 16:29:10 PST 2013

Firefox Accounts wiki: https://wiki.mozilla.org/Identity/FirefoxAccounts
Sync.next wiki: https://wiki.mozilla.org/User_Services/Sync
IRC: #fxa, #native_identity

Firefox Accounts Cloud Services and Client libraries (Danny Coates, Ryan Kelly, Zach Carter, Andy Chilton)
- Discussion of separating auth and key fetch protocols:
  - https://github.com/mozilla/fxa-auth-server/issues/344
- Continuing hot issues:
  - Designing "forceAuthentication" support for FxOS: https://github.com/mozilla/fxa-auth-server/issues/307
  - Discussion on whether FxA should run its own BID verifier: https://github.com/mozilla/fxa-auth-server/issues/292
  - Defined what the "principal" is on assertions backed by FxA auth server: https://github.com/mozilla/fxa-auth-server/pull/275
  - How password reset interacts with WMF: https://github.com/mozilla/fxa-auth-server/issues/338
- Initial server milestone to support FxOS Dec 9 deadline: https://github.com/mozilla/fxa-auth-server/issues?milestone=4&page=1&state=open
- Work on a new independent BrowserID verifier: https://github.com/lloyd/browserid-local-verify
- New dev deployments, proposed stage and prod urls: https://wiki.mozilla.org/Identity/Firefox_Accounts#Deployments
- Documented basic backoff protocol: https://github.com/mozilla/fxa-auth-server/pull/323
- Metrics plan: https://wiki.mozilla.org/Identity/Firefox_Accounts/Minimum_Viable_Metrics
- DRAFT: How SSO might work for FxA: https://wiki.mozilla.org/Identity/Firefox_Accounts/SSO
- Some discussion of security and abuse monitoring: https://github.com/mozilla/fxa-auth-server/issues/222
- We reverted this: https://github.com/mozilla/fxa-auth-server/pull/275 because it broke our Sync integration effort (the assertions failed verification with the existing verifier)
- Next steps: continue to work on Q4 production ready goals for FxA Cloud Services and support FxOS Dec 9 deadline

NEW: Firefox Accounts for the Web (Shane Tomlinson, Nick Chapman, Zach Carter, Vlad Filippov, Ryan Feeley)
- Initial meeting happened this week
- Some UX thoughts from Ryan and John:
  - https://www.lucidchart.com/documents/edit/4f34-ef24-52695ddf-8057-72580a00d543
  - http://jsfiddle.net/52VtD/652/
  - https://www.dropbox.com/s/wn4gw3ebmz4o7ke/settings.m4v

Android (Nick Alexander, Richard Newman)
- started pushing Bug 918012 into review queue: https://github.com/mozilla-services/android-sync/pull/372
- sec-review scheduled on Wednesday for a few tickets Android tickets: Bugs 799732, 799734

Desktop (Mark Hammond, Tim Taubert, Brian Warner, Chris Karlof) 
- FxA signed in module under review: https://bugzilla.mozilla.org/show_bug.cgi?id=909967
  - also supports FxOS effort
- FxA client under review: https://bugzilla.mozilla.org/show_bug.cgi?id=935232
  - also supports FxOS effort
- Next steps: land the above patches, plan for Milestone 1 Sync.next evaluation release, land FxA+Sync work on elm

FxOS (Jed Parsons, Zach Carter, Sam Penrose, Shane Tomlinson)
Our efforts this week were focused on producing a functional integration build for our partners (WMF, Marketplace)
This was delivered on the 19th, with follow-up bug fixes through the 21st
- Tracking bug: https://bugzilla.mozilla.org/showdependencytree.cgi?id=920135&hide_resolved=1
- Current integration build supports sign-up, sign-in, and getAssertion
 - gecko patches: https://bugzilla.mozilla.org/show_bug.cgi?id=936688
 - gaia branch: https://github.com/shane-tomlinson/gaia/tree/all-fxa-things-02
 - This build should be usable for testing by partners (WMF, Marketplace)
- Everybody did lots of clean-up; here are some highlights of work for the week:
 - (jgruen, rfeeley) UI updates
 - (stomlinson, olav, ferjm, jgruen) fixing details in UI and front-end API
 - (sergi, borja) Breaking gaia patch into PRs for gaia master
 - (all) Adding tests for all the things, gaia and gecko
 - (zaach, spenrose) Fixes for reviews of FxAccounts and Client modules
 - (zaach, warner, jedp) Investigate and fix broken client api calls to server
 - (toxborrow, arog) Kick off 1.4 product talks with WMF and Mkt
 - (ckarlof) Kick off SSO product discussion (state management, logout)
 - (kparlante, jedp, dcoates) Plan for MVM (minimum viable metrics) collection
 - (all) Documentation (internal code documentation and public API docs; in progress)
- Next milestones
 - (dec 2) End-to-end metrics for one event
 - (dec 2) Work week in SF begins
 - (dec 9) All patches ready to land; Test build with all flows available for clients
   - Not sure forceAuthentication will be ready for dec 9

Firefox Accounts Devops (Benson Wong, Gene Wood, James Bonacci, Peter Dehaan)
- RPMS built for fxa-content-server, fxa-auth-server, fxa-scrypt-helper
- CloudFormations being formed
- Puppet deployment scripts being created (mostly done)
- Looks good for a Dec 2nd stage env, cloudformation deployable stacks for content, auth and scrypt 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/sync-dev/attachments/20131122/78768341/attachment.html>

More information about the Sync-dev mailing list