Privacy/Reviews/Verified Email
Contents
Document Overview
Feature/Product: | Verified Email (Mozilla ID) |
Projected Feature Freeze Date: | - |
Product Champions: | Dan Mills |
Privacy Champions: | Sid Stamm |
Security Contact: | Michael Coates |
Document State: | [DROPPED] reviewing products, not protocols |
Timeline:
Architectural Overview: | (date TBD) |
Recommendation Meeting: | (date TBD) |
Wrap-up Meeting: | (if necessary) |
Architecture
In this section, the product's architecture is described. Any individual components or actors are identified, their "knowledge" or what data they store is identified, and data flow between components and external entities is described.
The main objective of this feature/product is: browserid uses a simple protocol (verified email) to implement sign-ins on sites that is secure, password-free, and very easy to use.
The browserid.org project has several components:
- A protocol specification
- A Mozilla-hosted service
- Clients for Firefox, Firefox Mobile, and a pure-HTML client with support for a variety of browsers
Project highlights:
- Single-click sign-up/sign-in/sign-out. No need to remember passwords for each site
- Browser integration, for maximum convenience and protection from phishing attacks
- Mobile Firefox support, making it easy to sign up and use sites on mobile phones
- Support for current-generation browsers, no special add-ons required (using HTML pop-ups)
- Provides an on-ramp towards a fully decentralized system, with the user agent as ID mediator.
Design Documents: Link to any design or architectural documents here.
Feature pages:
- Identity/Features/Verified_Email_Service
- Identity/Features/Verified_Email_Service_Admin_Interface
- Identity/Features/Web-based_Verified_Email_Client
- Identity/Features/Firefox-native_Verified_Email_Client
- Identity/Features/Mobile_Firefox_Verified_Email_Client
Components
- Mozilla-hosted service
- VE Clients: for Firefox, Firefox Mobile, and a pure-HTML client with support for a variety of browsers
Component X
This component does A, B and C and interacts with component Y to do D.
The tables below simply summarize the data encountered by this component.
Stored Data:
What | Where |
---|---|
data type | where stored |
Communication with Component Y
Direction | Message | Data | Notes |
---|---|---|---|
In: | message 1 | types of data received from component Y with the message | |
Out: | message 2 | types of data sent to component Y with the message |
User Data Risk Minimization
In this section, the privacy champion will identify areas of user data risk and recommendations for minimizing the risk.
Alignment with Privacy Operating Principles
In this section, the privacy champion will identify how the feature lines up with Mozilla's privacy operating principles.
See Also: Privacy/Roadmap_2011#Operating_Principles:
Principle: Transparency / No Surprises
(How the feature addresses this)
Recommendations: (what can be improved)
Principle: Real Choice
Recommendations:
Principle: Sensible Defaults
Recommendations:
Principle: Limited Data
Recommendations:
Follow-up Tasks and tracking
What | Who | Bug | Details |
---|---|---|---|
[NEW] Initial Overview Discussion | ? | Meeting time TBD |