Identity/Features/Firefox-native Verified Email Client
Status
| Firefox-native Verified Email Client | |
| Stage | Shelved |
| Status | In progress |
| Release target | TBD |
| Health | Blocked |
| Status note | Scoping new work after VEP changes. |
Team
| Product manager | Dan Mills |
| Directly Responsible Individual | David Dahl |
| Lead engineer | David Dahl |
| Security lead | Curtis Koenig |
| Privacy lead | Sid Stamm |
| Localization lead | ` |
| Accessibility lead | ` |
| QA lead | James Bonacci |
| UX lead | Zhenshuo Fang |
| Product marketing lead | ` |
| Operations lead | ` |
| Additional members | Diane Loviglio (user research) |
Open issues/risks
`
Stage 1: Definition
1. Feature overview
Ability to sign into web sites using Verified Email, integrated with our (secondary authority) ID service.
Related features:
- Verified Email Service
- Web-based Verified Email Client
- Verified Email Service Admin Interface
- Sign into the browser
2. Users & use cases
Note: you may wish to read the use-case for the Web-based Verified Email Client as well
Anne is a Firefox user. She has an iPhone too, and uses Firefox Sync to get to her bookmarks from her phone.
While browsing the Web, Anne sees a notification bar in Firefox asking her to verify the email address she uses to sign into Firefox Sync. Anne decides to go ahead, clicks a button to send a verification message, and is told to check her inbox for a message.
Anne finds the message in her inbox and clicks the link. She is taken back to Firefox and a message thanks her for verifying the email address. Firefox also tells her that she can now use her verified email address to sign into any supported Web site without any extra passwords.
While talking to her friend Mark, Anne learns about a site called SaladFans.com. Excited to try it out, she browses to the site on her desktop, and when she clicks the "sign in" button, Firefox asks her if it's OK to disclose her verified email address with SaladFans.com. Anne clicks OK, SaladFans.com refreshes and she is now signed in!
Key points:
- Site API triggers enhanced chrome dialogs in Firefox
- The same API triggers HTML pop-ups on other browsers (see Web-based Verified Email Client)
- Firefox reuses Sync credentials for Verified Email
- Firefox can verify the email proactively before first-use
3. Dependencies
`
4. Requirements
Content APIs in place for web sites to:
- Request a verified email from the browser
- Support for signing new identity assertions in-browser
- Be proactively given a verified email
- Advertise active/passive sign-in user sessions and sign-out method
- Register a verified email certificate (primary/secondary authority API)
- Support for keeping certificates in the browser
- Support for refreshing certificates as needed
Browser UI in place to:
- Create a Firefox Account
- Sign into a Firefox Account
- Add an email address to a Firefox Account, and verify it
- Sign into a site by disclosing an email, whether the process is started from chrome or content
- Display active session(s) with the site, and sign-out
Non-goals
- Integrating with/implementing non-Verified Email auth protocols
- including HTTP Auth, forms-based sign-in, OpenID, OAuth, etc.
- Multiple accounts per-site (plus fast-user switching)
- Expanding "sign into the browser" role to allow multiple user support, profile switching support, master password support
- Integrating account information into site-prefs
Stage 2: Design
5. Functional specification
API docs:
- Verified Email Protocol
- Client API (obsolete?)
6. User experience design
Mockups:
- Verified Email (various)
- Firefox Account
- HTML client mockups (for reference)
Stage 3: Planning
7. Implementation plan
`
8. Reviews
Security review
`
Privacy review
`
Localization review
`
Accessibility
`
Quality Assurance review
- Basic Identity items test plan
Operations review
`
Stage 4: Development
9. Implementation
Next Steps
- Scope engineering work [David Dahl]
- UX Research [Diane Loviglio]
- Session API Draft [Dan Mills]
- flesh out test plan with test case summaries [Tracy Walker]
- Security review [?]
- Engineering work [David Dahl]
Related Bugs
Stage 5: Release
10. Landing criteria
`
Feature details
| Priority | P2 |
| Rank | 999 |
| Theme / Goal | ` |
| Roadmap | Mozilla Identity |
| Secondary roadmap | ` |
| Feature list | Desktop |
| Project | ` |
| Engineering team | Desktop front-end |
Team status notes
| status | notes | |
| Products | ` | ` |
| Engineering | ` | ` |
| Security | sec-review-active | sstamm |
| Privacy | ` | ` |
| Localization | ` | ` |
| Accessibility | ` | ` |
| Quality assurance | ` | ` |
| User experience | ` | ` |
| Product marketing | ` | ` |
| Operations | ` | ` |
