From MozillaWiki
Jump to: navigation, search


A ProxyIdP service for bridging major IdPs who lack support for the BrowserID protocol.

No user data is stored, except their email address which is stored in a secure session in a cookie in the user's browser.

Initial launch will target email addresses. Follow up releases can enable other popular email providers.


The BigTent service will be a new service that looks like Vinz Clortho, our Mozilla IdP. BrowserID currently understands *primary* and *secondary* email addresses. A new class *proxyidp* will be added for a whitelist of TLDs.


When a user enters a proxy email address, instead of being processed like a secondary, they will be authenticated via BigTent. The user will see an OpenID, OAuth, or other 3rd party screen hosted by their email provider which asks if they wish to log in to If they agree, we'll get confirmation that they own that email address and we'll issue assertions on their behalf.

The issuer for these certificates will be bigtent.


Play with BigTent! The Persona dev environment is BigTent enabled for and

Test Plan

Test Plan


browserid-bigtent on github

Domain Name

Project Management

Current Status

Project Status Etherpad


  • 4/25 - 5/9 Development Sprint
  • 5/9 - AWSBOX Deployment
  • After AWSBOX Deployment - Skinny to do UX review
  • 5/9 - 5/23 Dev sprint for "First IdP reworked to skinny's satisfaction"
  • 5/9 - 5/23 Dev sprint for all IdP proxies alpha deployed on AWSBOX
  • 5/15 Testing against awsbox deployment
  • 7/16 - Legal review for completed
  • 9/15 - Security Review completed
  • 9/18 - All Legal bugs closed

Around June We hit a bottleneck on Ops resources to focus on Beta launch.

  • TBD Stage deployment
  • TBD Testing against Stage
  • TBD Security testing on Stage
  • TBD Production deployment of all proxied IdPs


See dependent bugs for a complete list of open bugs

Get Involved