Identity/BrowserID/TransitioningSites

From MozillaWiki
Jump to: navigation, search

Overview

We're starting to work through the issues involved in transitioning existing Mozilla web properties over to BrowserID. This page has been created to start collecting thoughts, issues, and solutions.

Proposed notions

BrowserID flow with legacy migration

  • The goldenish lines are the "golden path", which should be the most common cases.

BrowserID flow with legacy migration

Mockup source

Safe migration from legacy auth to BrowserID

  • Probably okay to trust a currently-valid BrowserID matched up with the email address of an existing profile
  • But, offer a fallback option to submit legacy credentials after BrowserID sign-in

Many-to-many email to profile relation

  • One BrowserID to many profiles (optional?)
    • On sign-in, if BrowserID matches just one profile, carry on.
    • If multiple profile's emails match the BrowserID, offer a profile selector
    • Or, if supporting multiple profiles is not desired, just punt to the last profile logged in using legacy credentials.
  • Many BrowserIDs to one profile (not-so-optional)
    • On a profile editing page, offer a BrowserID signin button to associate additional IDs with the currently-signed-in profile
    • List currently associated IDs, along with delete buttons
    • No manual email change or edit - all email address changes must be associated with pre-verified BrowserIDs
    • Allows a user to transition between two IDs when a known change is in progress (eg. losing an email address when changing jobs)
    • Also allows a user to set up redundant IDs in case of a change in the future

Edge cases / issues

Localization, or users from locales other than en-US

  • BrowserID is not yet localized into all the locales supported by potential relying sites
  • Need to retain legacy user/pass auth for those locales, for now

Changing email addresses

  • User anticipates losing control of an email address, wants to switch to a different ID
    • Sign-in with address #1, then sign-in again with address #2?
  • User lost control of address and only realizes much later.
    • Out of luck unless they verified it in the past with BrowserID?
    • Retain legacy user/pass auth for last-ditch recovery

Lost or inaccessible email accounts

  • A user may have lost control of the email address they've used with an existing legacy profile.
    • Maybe allow user/pass auth as last-ditch effort for recovery?