Identity/Features/Firefox-native Verified Email Client

From MozillaWiki
Jump to: navigation, search
Please use "Edit with form" above to edit this page.


Firefox-native Verified Email Client
Stage Shelved
Status In progress
Release target TBD
Health Blocked
Status note Scoping new work after VEP changes.


Product manager Dan Mills
Directly Responsible Individual David Dahl
Lead engineer David Dahl
Security lead Curtis Koenig
Privacy lead Sid Stamm
Localization lead `
Accessibility lead `
QA lead James Bonacci
UX lead Zhenshuo Fang
Product marketing lead `
Operations lead `
Additional members Diane Loviglio (user research)

Open issues/risks


Stage 1: Definition

1. Feature overview

Ability to sign into web sites using Verified Email, integrated with our (secondary authority) ID service.

Related features:

2. Users & use cases

Note: you may wish to read the use-case for the Web-based Verified Email Client as well

Anne is a Firefox user. She has an iPhone too, and uses Firefox Sync to get to her bookmarks from her phone.

While browsing the Web, Anne sees a notification bar in Firefox asking her to verify the email address she uses to sign into Firefox Sync. Anne decides to go ahead, clicks a button to send a verification message, and is told to check her inbox for a message.

Anne finds the message in her inbox and clicks the link. She is taken back to Firefox and a message thanks her for verifying the email address. Firefox also tells her that she can now use her verified email address to sign into any supported Web site without any extra passwords.

While talking to her friend Mark, Anne learns about a site called Excited to try it out, she browses to the site on her desktop, and when she clicks the "sign in" button, Firefox asks her if it's OK to disclose her verified email address with Anne clicks OK, refreshes and she is now signed in!

Key points:

  • Site API triggers enhanced chrome dialogs in Firefox
  • The same API triggers HTML pop-ups on other browsers (see Web-based Verified Email Client)
  • Firefox reuses Sync credentials for Verified Email
  • Firefox can verify the email proactively before first-use

3. Dependencies


4. Requirements

Content APIs in place for web sites to:

  • Request a verified email from the browser
    • Support for signing new identity assertions in-browser
  • Be proactively given a verified email
  • Advertise active/passive sign-in user sessions and sign-out method
  • Register a verified email certificate (primary/secondary authority API)
    • Support for keeping certificates in the browser
    • Support for refreshing certificates as needed

Browser UI in place to:

  • Create a Firefox Account
  • Sign into a Firefox Account
  • Add an email address to a Firefox Account, and verify it
  • Sign into a site by disclosing an email, whether the process is started from chrome or content
  • Display active session(s) with the site, and sign-out


  • Integrating with/implementing non-Verified Email auth protocols
    • including HTTP Auth, forms-based sign-in, OpenID, OAuth, etc.
  • Multiple accounts per-site (plus fast-user switching)
  • Expanding "sign into the browser" role to allow multiple user support, profile switching support, master password support
  • Integrating account information into site-prefs

Stage 2: Design

5. Functional specification

API docs:

6. User experience design


Stage 3: Planning

7. Implementation plan


8. Reviews

Security review


Privacy review


Localization review




Quality Assurance review

Operations review


Stage 4: Development

9. Implementation

Next Steps

  • Scope engineering work [David Dahl]
  • UX Research [Diane Loviglio]
  • Session API Draft [Dan Mills]
  • flesh out test plan with test case summaries [Tracy Walker]
  • Security review [?]
  • Engineering work [David Dahl]

Related Bugs

Stage 5: Release

10. Landing criteria


Feature details

Priority P2
Rank 999
Theme / Goal `
Roadmap Mozilla Identity
Secondary roadmap `
Feature list Desktop
Project `
Engineering team Desktop front-end

Team status notes

  status notes
Products ` `
Engineering ` `
Security sec-review-active sstamm
Privacy ` `
Localization ` `
Accessibility ` `
Quality assurance ` `
User experience ` `
Product marketing ` `
Operations ` `