Identity/EngPlan/wVEC
Overview
Identity Engineering plan.
This document addresses the build portions of the Identity service, including the Verified Email Protocol (VEP), Verified Email Service (VES), Web Based Verified Email Client (wVEC), Firefox Native Verified Email Client (fVEC)
Key People
| Technical Lead: | Rob Miller |
| Additional Developers: | JR Conlin, Dave Dahl |
| Project Manager: | Dan Mills |
| Product Manager: | Dan Mills |
| UX: | TBD |
Work Items
Web Verified Email Client (wVEC)
Local crypto implementation, (notably Random Number Generator)
| Assigned to: | rmiller |
| Bug: | 664593 |
| Assumes/Depends On: | InfraSec sign off on secure javascript crypto library |
| Working Estimate: | 2 days
Best case: 1 day |
The plan here is to use the twu-rsa library for the RSA implementation, but to replace the ArcFour-based PRNG that it includes w/ the Fortuna-derived PRNG that comes w/ the SJCL. This will be seeded w/ entropy from the user actions and from the server.
UI responsibilities (IOW: what UI elements live on the server vs. what are presented from inside the library)
| Assigned to: | rmiller |
| Bug: | 664594 |
| Assumes/Depends On: | UX fully defined. |
| Working Estimate: | 2 days
Best case: 0.5 days |
| Assigned to: | rmiller |
| Bug: | 664597 |
| Assumes/Depends On: | |
| Working Estimate: | 1.5 days
Best case: 1.5 days |
Using jschannel to handle the inter-frame communication for now, pending review of the jschannel code by multiple Services engineers. This is 100% complete save for code review and any changes that may come as a result.
Create iframe containing actual client implementation, along with RP handshake
| Assigned to: | rmiller |
| Bug: | 664598 |
| Assumes/Depends On: | |
| Working Estimate: | 4.5 days
Best case: 3 days |
The non-UI parts of this are about 90% complete, minus code review and any resulting changes.
UI for displaying / selecting verified email addresses
| Assigned to: | rmiller |
| Bug: | 664599 |
| Assumes/Depends On: | UI finalized |
| Working Estimate: | 3 days
Best case: 1.5 days |
Jasmine test coverage
| Assigned to: | rmiller |
| Bug: | 664601 |
| Assumes/Depends On: | |
| Working Estimate: | 5 days
Best case: 3 days |
Documentation
| Assigned to: | rmiller |
| Bug: | 664600 |
| Assumes/Depends On: | |
| Working Estimate: | 4 days
Best case: 2 days |
External Dependencies
Security Review
| Assigned to: | |
| Bug: | TBD |
| Assumes/Depends On: | requires InfraSec |
| Working Estimate: | 5 days?
Best case: |
Packaging and Deployment
| Assigned to: | |
| Bug: | TBD |
| Assumes/Depends On: | |
| Working Estimate: | 5 days?
Best case: |
UX design / signoff
| Assigned to: | |
| Bug: | TBD |
| Assumes/Depends On: | |
| Working Estimate: | '
Best case: |
Timeline
Expected Completion
Milestones
Milestone 1: Resolve client based Crypto concerns
There are several concerns regarding a javascript based crypto library. One of the larger is how the library can acquire a proper level of entropy. At this milestone, we will have resolved these issues and determined an appropriate approach to provide adequate RSA encryption.
- Associated Bugs: 664593
- Working Estimate: 4 days
- Completion Date: TBD
Milestone 2: Complete interface elements
The library needs to communicate with the server. At this milestone, the client library will be able to communicate securely to the server and the Requesting Party site.
- Associated Bugs: 664597, 664598
- Working Estimate: 6 days
- Completion Date: TBD
Milestone 3: UI Finalized
The library needs to present to the user various actionable elements. At this milestone, the client library will present those items to the user in a clear manner. NOTE: This will require working with UX and UI, which may impact deliverable date.
- Associated Bugs: 664594, 664599
- Working Estimate: 4 days
- Completion Date: TBD
Milestone 4: Wrapup
The library needs to have full test cases working, documentation, and packaged for deployment and testing At this milestone, the library will be in a beta consumer ready state. Documentation and packaging may not be finalized, but they should be at a point where an external developer can set up and use the system with no prior knowledge of the system and minimal assistance.
- Associated Bugs: 664601, 664600
- Working Estimate: 5 days
- Completion Date: TBD