Firefox OS App Accounts Managed By Firefox Accounts

Lloyd Hilaiel lloyd at mozilla.com
Thu Oct 10 23:48:27 PDT 2013


On Oct 11, 2013, at 4:35 AM, Gareth Aye <gareth.aye at gmail.com> wrote:

> That's very much what I was thinking of. I assumed that account management built on top of sync would be built into firefox accounts, but I gather that's not [yet?] general consensus.

The way I like to think about this, is Firefox Accounts is a fairly thin layer.  You authenticate to firefox accounts from (i.e) the device, and then you have a way to authenticate to any number of services.

You can check out the current firefox accounts api here, which I hope would give you a fairly visceral understanding of the scope of the accounts piece:  https://github.com/mozilla/picl-idp/blob/master/docs/api.md

(Note: this REST API on the device will be accessed via firefox accounts which will provide a much higher level (inter-app) API - so this can define the scope of core firefox accounts, but isn't complexity you need to directly engage)

Sync is one of these services that will be accessible via Firefox Accounts, and it is currently limited to the data types that the existing sync supports (in fact, our first iteration is to use the existing sync back end).

We may then go and replace the sync backend, or we may find it's faster and more interesting to build new data-type specific backends for high value stuff.  To a degree, to the user, this is irrelevant.  They're not going to understand how many distinct services they're using, it's going to feel like a seamless single cloudy happy place to them.  

So the way I see it, is Firefox Accounts will be a module running on the device.  It will have an API that any service or application can invoke.  The interface to that module probably includes the following functionality:

1. Is firefox account set up?
2. Can you please run the firefox account set up?
3. Can you please give me credentials to authenticate to the account management service?

As far as what is built right now specific to FirefoxOS - the firefox account server is running and being scaled up now.  Simultaneously we've got and initial design of Firefox Accounts *on* firefox os, and we're going to be aggressively building that over the coming months leading up to 1.3 (jedp and sam penrose are leading on this, zaach is participating because he's everywhere).

If you wanted to jump in the fray and start sketching out account management, I think you could, and I think it would be useful.  Guessing at requirements, it sounds like you need a new service that users authenticate to with firefox accounts.  Further, you need to be able to communicate to the firefox accounts module running on device to get an assertion to authenticate to that service.

If you don't sync external account passwords, just usernames and other required data, then you might have something that gives users convenience and sufficiently insensitive information that you've sidestepped the need for encryption.

We can talk more about how this will look, and we can see if we can start modeling a "generic storage service" that could make it so people with use cases like yours can quickly stand up a rest service that stores specific data types (hey, that would be fun).  But given time constraints, our first focuses are landing firefox accounts on all three platforms, and then grafting sync onto firefox accounts on mobile and desktop.

Is this clarifying?  Confusing?

lloyd


> I feel like I should at least put a thumbs up in for account management that syncs between browsers/devices. Is this a question that the persona and sync groups are working through?



> On Thu, Oct 10, 2013 at 9:20 PM, Richard Newman <rnewman at mozilla.com> wrote:
>> * What kinds of accounts do we intend for firefox accounts to support?
> 
> Hi Gareth!
> 
> Stepping back a tiny bit: I think you might be conflating "service account management" with "Firefox Account".
> 
> Chris will have a much more thorough description of the latter coming, but in short a Firefox Account is what we plan to use to allow users to sign in to (Mozilla, at first) services on their devices. You can think of this — in current but inaccurate terms — as a replacement for your Sync account: something you log into to get access to services.
> 
> Arguably one of the more useful services we could build on top is account management: when you've signed in with your Firefox Account on a device, it would be great to have access to some set of descriptors of other services, along with credentials (above and beyond what password sync provides). That is: having access to your Firefox Account would give access to other things that don't directly use your Firefox Account for auth.
> 
> It sounds like what you want is this kind of service/credential sync/storage. Is that a fair statement?
> 
> This might well tie into the service discovery/description/management layer that will ride alongside FxA to support Sync and our other services, but perhaps not.
> 
> I'll leave the rest of your questions for people a little closer to the coal face.
> 
> Hope that helps!
> 
> -R
> 
> 
> 
> -- 
> Best,
> Gareth
> 
> _______________________________________________
> Sync-dev mailing list
> Sync-dev at mozilla.org
> https://mail.mozilla.org/listinfo/sync-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/sync-dev/attachments/20131011/0c124c05/attachment-0001.html>


More information about the Sync-dev mailing list