From MozillaWiki
Jump to: navigation, search

The Account Manager meet-up is an in-person gathering to discuss the upcoming Firefox Account Manager, in particular the protocol specification behind it.

If you are planning on coming, please RSVP so we can have enough drinks/snacks/chairs for everyone.

When and Where

When: May 21st, 2010 @ 1PM
Where: 650 Castro Street, Mountain View


Schedule may change

1:00 Account Manager overview and demo
1:30 Breakout sessions/tbd
2:30 Break - coffee & cookies
2:45 Breakout group presentations
4:00 Cantina (drinks & snacks)


Mozilla is located in Mountain View (see it on a map). There is street parking available, and Mountain View has plenty of public parking available. If you'll be taking CalTrain, get off at the Mountain View stop and walk down Castro street (around 10 mins).

Take the elevators to the 2nd floor and take a right, look for the big dino (can't miss it!).

Meeting Notes

General feedback

During the first part of the meet-up (the combined session) we had some discussions including:

  • Cookies already define a scoping mechanism: Could we simply use that scope to define the authentication realm? (Breno)
    • Replies: Yes, though there are authentication schemes that are not based on cookies
    • And how do we get started?
    • sessionstatus, for cookie-based mechanisms, could provide a cookie-map instead of using headers or probes
  • Registration completion markup (as an alternative to the current proposal in the spec).
Breakout sessions

We then divided into 4 breakout sessions, click each one to see the notes for each session:

  1. Session status techniques - independent of any profile
  2. Federated login profile - what does the site need to tell the user agent to enable connect-in-the-browser?
  3. Security, Privacy implications
  4. HTTP Auth / Other Stateless / future proofing
Open questions

We identified two other categories that need discussion, but did not get to them this time:

1. Problems with realm changes / out of band changes

  • Password changes/resets outside the AM flow
    • Markup hints - what can/should we do in content?
  • Domain name/ownership changes
    • Mergers, splits (e.g. acquisitions that result in federation of IDs)
    • Changing profiles over time (e.g., site implements new awesome profile X, how do users migrate?)

2. Registration

  • Is what we have now sufficient?
  • What about "incognito mode"?

Post-Meetup Analysis

This is in its own document, here.