Identity/WeeklyMeeting/2013-10-14

From MozillaWiki
Jump to: navigation, search

AGENDA

  • Who is Firefox Accounts?
  • Q4 Goals
  • Desktop/picl workweek this week in SF
  • TEF engineering workweek next week (Firefox Accounts in FirefoxOS)
    • Jed, Zach, Sam, Shane
  • Merit Reviews in progress...

General Reminders:

Meeting Notes

  • Firefox Accounts definition [ckarlof]
    • [ A simple system for providing account service to Mozilla and other services]
    • First two services: Sync, FxOS itself at unboxing -> MarketPlace
  • FxA Server:
    • sync keys; simple way to disconnect all devices
  • MarketPlace:
    • track age verification
    • [lloyd]
      • force authentication
      • forever sessions
      • email optional (? missed this; anyone?) maybe
      • disable federation maybe
      • identify self with phone number
  • [ckarlof]
    • "Don't we have Persona accounts?"
    • No, there is no account, just a protocol, but many people confused on this point. Multiple concepts, but they mostly mean the fallback server, which I think is not great
    • FxA: address the needs we have for Mozilla services. Not a replacement for Persona; Persona will help us build it, but people think Persona is an account system.
  • [callahad]: when you use Persona at [an RP], you create an account *with that RP.* This is basically the same thing, except Mozilla services are sharing an account backend.
  • [ckarlof] yes, though lots of tricky bits with how it fits together
    • I know there's a lot of anxiety
    • New direction: keep Persona clean, put burden on FxA
    • fallback server responsibilities -> legacy
  • [stomlinson]
    • Re assumption that federation on FTU terrible idea. Asked UX why/if tested. They said no. That feels "kinda crap".
    • Are these tightly integrated services? To expose to external RPs, feels like we're creating another silo, locking users into Mozilla's stack
    • These things pressing on me, not finding answers in Etherpad.
  • [lloyd]
    • I was also uncomfortable with federation issue. [... missed ...] I would like us to commit to opening our minds to trying federated email confirmation for FxA. Does anyone feel strongly that it is dead in water -- I haven't heard so yet.
  • [callahad]
    • re 2nd: silo concern orthogonal to [providing FxA (?)]. Independently of Persona, we would create a unified Moz account service for multiple Moz services. Question is how do we do it in a way that respects users. Persona is just stepping in and doing the BrowserID protocol. Therefore FxA is no threat to Persona. Make sense? [ckarlof] To me: yes, FxA server looks a lit like an IdP. You could say that FxA federates out, but you could also say that it federates in. There are not many that do that, except Yahoo! [Bi-directional OpenID use.] Shane?
  • [lloyd] For me not a silo because we're going to get O(10M) users signed up, and we're going to give them service options. Exchange point is an email. They don't have to use FxA, but sharing our user base w/ service providers AND letting users choose feels better
  • [stomlinson]
    • I like part that it lets service providers [opt in?]. What happens if user wants to access service in different browser [Shane I messed this up; please correct]
  • [ckarlof]: [use of vanilla Persona for phone apps]
  • [lloyd] For our sites, US laws require age verification and other crappy UX issues. That's a nut to crack; callahad and I talked about two potential flows. External service will have own set of checks, no reason they would use FxA in web context.
  • [jgruen] [asking what we aka ckarlof want for basic UX approach]
  • [ckarlof] rfeeley and I discussed [taking offline]
  • [rlord] FxA: Mozilla's solution for id and auth. Not sure if what comes out would be perceived as potential Persona RP. If we do this, is it accurate to say that we have O(10M) Persona users.
  • [lloyd] If desktop users create their FxA using Persona, then yes else no.
  • [jgruen] we do need to user test this area quite a bit. There is a cognitive jump. Will log-int-browser be understood as also getting them into web services. Difficult to understand IMHO, but we're looking at ways to test.
  • [rlord] Possibility that when I sign up for sync in desktop, I'm not a Persona user.
  • [lloyd] engineering milestone for sync on desktop does not involve Persona, nor does XXX milestone. So if we add Persona, would be in 3-5 months.
    • [... missed, I believe llloyd said we might be supporting both Persona and non-federated]
  • [ckarlof] what does it mean to be a Persona user
  • [rlord] someone whose email address is associated with a Persona signin
    • mostly concerned w/ success of Persona as protocol, whether FxA is aiding or inhibiting
  • [callahad] I believe answer hinges on whether we use Persona in FxA
  • [lloyd] not waiting for user testing, we're going to leverage 40M FxA to drive Persona adoption
  • [jgruen] unclear on user value of Persona-awareness in FxA context
    • If we're going to evangelize, will require a lot of user testing. [concerned] we're using users to push something on them they don't care about
  • [rlord] PiCl spun up over this very same issue, no? Is this the same schism, lloyd?
  • [lloyd] what's new: we have a plan and direction and better use case knowledge
  • [ckarlof] the discussion has changed. Initially: how do we relate to sync? Now: once word is out on FxA, everyone will want to get in, have to think more broadly
  • [lloyd] FxA was tucked inside sync, now is out and may be more interesting
  • [lloyd] Q4 goals. jedp callahad ckarlof toxborrow me discussing how to get through goals process. Targets coming this week, will discuss on list and in team meetings. 2 weeks in, need to codfiy some targets.
  • Desktop PiCL workweek now in SF
  • jedp-> Sofia this week, Telefonica workweek next week.
  • Merit reviews to be done in next 1-2 weeks.

Team Status

Native (B2G)

Signin to the Web

  • Quarterly goals happening / happened: "Final" design for APIs + data formats
  • First of several metrics PRs are IN.
  • Google OAuth flow is awaiting review.

Profile in the Cloud (PiCL)

WebRTC

Libraries

UX

Business Development

Product Marketing

Docs & Engagement

Product

QA

  • Sync/Picl: working on some Bug fixes (Elm Build!), upgrading VMs for testing, debugging FFos issues with QA team, prepping for another round of load testing on picl-idp and scrypt-helper...

Blog Schedule

  • We are working on launching a new blog series. Stay tuned for more information soon

PTO/OOO (kept in the Identity calendar for everyone's reference)

  • JedP: 7 - 15 Oct - PTO
  • Ozten: 7 - 15 Oct : PTO
  • Francois: 9-14 Oct PTO
  • Brian: 7-16 Oct : PTO
  • Shane 21 Oct - coming back from Amsterdam
  • Shane: 28 Oct - 1 Nov : PTO
  • Brian: 8 - 11 Nov : OOO conference
  • Katie: 23 Dec - 2 Jan: PTO
  • Katie: 27-28 March: PTO