Privacy/Reviews/Verified Email

From MozillaWiki
Jump to: navigation, search

Document Overview

Feature/Product: Verified Email (Mozilla ID)
Projected Feature Freeze Date: -
Product Champions: Dan Mills
Privacy Champions: Sid Stamm
Security Contact: Michael Coates
Document State: [DROPPED] reviewing products, not protocols


Timeline:

Architectural Overview: (date TBD)
Recommendation Meeting: (date TBD)
Wrap-up Meeting: (if necessary)

Architecture

In this section, the product's architecture is described. Any individual components or actors are identified, their "knowledge" or what data they store is identified, and data flow between components and external entities is described.

The main objective of this feature/product is: browserid uses a simple protocol (verified email) to implement sign-ins on sites that is secure, password-free, and very easy to use.

The browserid.org project has several components:

  • A protocol specification
  • A Mozilla-hosted service
  • Clients for Firefox, Firefox Mobile, and a pure-HTML client with support for a variety of browsers

Project highlights:

  • Single-click sign-up/sign-in/sign-out. No need to remember passwords for each site
  • Browser integration, for maximum convenience and protection from phishing attacks
  • Mobile Firefox support, making it easy to sign up and use sites on mobile phones
  • Support for current-generation browsers, no special add-ons required (using HTML pop-ups)
  • Provides an on-ramp towards a fully decentralized system, with the user agent as ID mediator.

Design Documents: Link to any design or architectural documents here.

Feature pages:

Components

  • Mozilla-hosted service
  • VE Clients: for Firefox, Firefox Mobile, and a pure-HTML client with support for a variety of browsers

Component X

This component does A, B and C and interacts with component Y to do D.

The tables below simply summarize the data encountered by this component.

Stored Data:

What Where
data type where stored

Communication with Component Y

Direction Message Data Notes
In: message 1 types of data received from component Y with the message
Out: message 2 types of data sent to component Y with the message

User Data Risk Minimization

In this section, the privacy champion will identify areas of user data risk and recommendations for minimizing the risk.

Alignment with Privacy Operating Principles

In this section, the privacy champion will identify how the feature lines up with Mozilla's privacy operating principles.

See Also: Privacy/Roadmap_2011#Operating_Principles:

Principle: Transparency / No Surprises

(How the feature addresses this)

Recommendations: (what can be improved)


Principle: Real Choice

Recommendations:


Principle: Sensible Defaults

Recommendations:


Principle: Limited Data

Recommendations:

Follow-up Tasks and tracking

What Who Bug Details
[NEW] Initial Overview Discussion  ? Meeting time TBD