Identity/Features/NativeSignInToWebsite

From MozillaWiki
Jump to navigation Jump to search
Please use "Edit with form" above to edit this page.

Status

Native Sign In to Website
Stage Development
Status In progress
Release target `
Health OK
Status note `

{{#set:Feature name=Native Sign In to Website

|Feature stage=Development |Feature status=In progress |Feature version=` |Feature health=OK |Feature status note=` }}

Team

Product manager `
Directly Responsible Individual `
Lead engineer Austin King (ozten)
Security lead `
Privacy lead `
Localization lead `
Accessibility lead `
QA lead `
UX lead Zhenshuo Fang
Product marketing lead `
Operations lead `
Additional members Matthew Noorenberghe (Desktop)

{{#set:Feature product manager=`

|Feature feature manager=` |Feature lead engineer=Austin King (ozten) |Feature security lead=` |Feature privacy lead=` |Feature localization lead=` |Feature accessibility lead=` |Feature qa lead=` |Feature ux lead=Zhenshuo Fang |Feature product marketing lead=` |Feature operations lead=` |Feature additional members=Matthew Noorenberghe (Desktop) }}

Open issues/risks

`

Stage 1: Definition

1. Feature overview

Implement the UI/UX to allow signing into a website with BrowserID natively in the browser.

2. Users & use cases

See https://wiki.mozilla.org/Kilimanjaro/ProductDraft#All_your_devices_recognize_you_and_enable_access_to_your_ID-attached_services

3. Dependencies

bug 753238 - Core Identity Module

4. Requirements

`

Non-goals

Sign in to the Browser

Stage 2: Design

5. Functional specification

`

6. User experience design

Desktop Ideas:

  • Australis-SignInToSites.jpg
  • PersonaIDNative2.jpg

Stage 3: Planning

7. Implementation plan

  • bug 764213 - Implement provisional Desktop UI for website sign-in with Persona
  • bug 767276 - Implement Fennec UI for website sign-in with Persona

8. Reviews

Security review

`

Privacy review

`

Localization review

`

Accessibility

`

Quality Assurance review

`

Operations review

`

Stage 4: Development

9. Implementation

The UI module should listen for the following observer notifications:

Subject Topic Data Description 
wrappedJSObject: { 
  rpId: 999,
  origin: "https://www.example.com",
  // Properties below may not be provided:
  privacyPolicy: "https://www.example.com/pp",
  termsOfService: "https://www.example.com/tos",
}
 identity-request 
null
 The user has requested to login to the site with the given origin on the frame with outerWindowId = rpId. Show an identity selector using RP.getIdentitiesForSite(origin) and provide a way to choose a new identity (requiring a valid email address). The origin of the RP should be shown in the UI along with privacy policy and terms of service links (if URLS are provided). Call selectIdentity(rpId, identity) with the identity the user selected. The should not close immediately upon identity selection as there may be errors which should be shown to the user (ie. NXDOMAIN). Error delivery mechanism TBD soon. 
wrappedJSObject: { 
  provId: 999,
}
 identity-auth https://www.example.com/auth (Authentication URI) The user needs to authenticate with their IDP. Open UI with a content frame displaying the content at the authentication URI so that the user can authenticate with their IDP. The origin and any security indicators (ie. mixed content) should be present. IDP.setAuthenticationFlow(outerWinId, provId) must be called with the outerWindowId (= the authentication ID) for the frame before starting to load the authentication URL so that the DOM API knows that calls from that frame are for the authentication flow. That is: open the frame, call setAuthenticationFlow, then load the URI in that frame. 
null
 identity-auth-complete Authentication ID Authentication (initiated from identity-auth) is now complete. Destroy the frame created to display the authentication page. 
wrappedJSObject: { 
  rpId: 999,
}
 identity-login-state-changed The identity (ie. user@example.com) for the specified origin or null if the user logged out. If data is provided, the user is now logged in as that identity:
  • Remove any request UI (leftover from an incomplete identity-request
  • Show UI indicating that the user is logged into the website with the given rpId. UI to logout via RP.logout(rpId) may also be provided.

Otherwise, the user has logged out:

  • Update UI to reflect the logged out state.


The UI should call the following methods:

  • IdentityService.RP.getIdentitiesForSite(origin);
  • IdentityService.selectIdentity(rpId, identity);
  • IdentityService.RP.logout(rpId);
  • IdentityService.IDP.setAuthenticationFlow(authId, provId);

Stage 5: Release

10. Landing criteria

` {{#set:Feature open issues and risks=` |Feature overview=Implement the UI/UX to allow signing into a website with BrowserID natively in the browser. |Feature users and use cases=See https://wiki.mozilla.org/Kilimanjaro/ProductDraft#All_your_devices_recognize_you_and_enable_access_to_your_ID-attached_services |Feature dependencies=bug 753238 - Core Identity Module |Feature requirements=` |Feature non-goals=Sign in to the Browser |Feature functional spec=` |Feature ux design=Desktop Ideas:

  • Australis-SignInToSites.jpg
  • PersonaIDNative2.jpg

|Feature implementation plan=* bug 764213 - Implement provisional Desktop UI for website sign-in with Persona

  • bug 767276 - Implement Fennec UI for website sign-in with Persona

|Feature security review=` |Feature privacy review=` |Feature localization review=` |Feature accessibility review=` |Feature qa review=` |Feature operations review=` |Feature implementation notes=The UI module should listen for the following observer notifications:

Subject Topic Data Description 
wrappedJSObject: { 
  rpId: 999,
  origin: "https://www.example.com",
  // Properties below may not be provided:
  privacyPolicy: "https://www.example.com/pp",
  termsOfService: "https://www.example.com/tos",
}
 identity-request 
null
 The user has requested to login to the site with the given origin on the frame with outerWindowId = rpId. Show an identity selector using RP.getIdentitiesForSite(origin) and provide a way to choose a new identity (requiring a valid email address). The origin of the RP should be shown in the UI along with privacy policy and terms of service links (if URLS are provided). Call selectIdentity(rpId, identity) with the identity the user selected. The should not close immediately upon identity selection as there may be errors which should be shown to the user (ie. NXDOMAIN). Error delivery mechanism TBD soon. 
wrappedJSObject: { 
  provId: 999,
}
 identity-auth https://www.example.com/auth (Authentication URI) The user needs to authenticate with their IDP. Open UI with a content frame displaying the content at the authentication URI so that the user can authenticate with their IDP. The origin and any security indicators (ie. mixed content) should be present. IDP.setAuthenticationFlow(outerWinId, provId) must be called with the outerWindowId (= the authentication ID) for the frame before starting to load the authentication URL so that the DOM API knows that calls from that frame are for the authentication flow. That is: open the frame, call setAuthenticationFlow, then load the URI in that frame. 
null
 identity-auth-complete Authentication ID Authentication (initiated from identity-auth) is now complete. Destroy the frame created to display the authentication page. 
wrappedJSObject: { 
  rpId: 999,
}
 identity-login-state-changed The identity (ie. user@example.com) for the specified origin or null if the user logged out. If data is provided, the user is now logged in as that identity:
  • Remove any request UI (leftover from an incomplete identity-request
  • Show UI indicating that the user is logged into the website with the given rpId. UI to logout via RP.logout(rpId) may also be provided.

Otherwise, the user has logged out:

  • Update UI to reflect the logged out state.


The UI should call the following methods:

  • IdentityService.RP.getIdentitiesForSite(origin);
  • IdentityService.selectIdentity(rpId, identity);
  • IdentityService.RP.logout(rpId);
  • IdentityService.IDP.setAuthenticationFlow(authId, provId);

|Feature landing criteria=` }}

Feature details

Priority `
Rank 999
Theme / Goal Connect
Roadmap Mozilla Identity
Secondary roadmap Mozilla Identity
Feature list Desktop
Project `
Engineering team Identity

{{#set:Feature priority=`

|Feature rank=999 |Feature theme=Connect |Feature roadmap=Mozilla Identity |Feature secondary roadmap=Mozilla Identity |Feature list=Desktop |Feature project=` |Feature engineering team=Identity }}

Team status notes

  status notes
Products ` `
Engineering ` `
Security sec-review-needed `
Privacy ` `
Localization ` `
Accessibility ` `
Quality assurance ` `
User experience ` `
Product marketing ` `
Operations ` `

{{#set:Feature products status=`

|Feature products notes=` |Feature engineering status=` |Feature engineering notes=` |Feature security status=sec-review-needed |Feature security health=` |Feature security notes=` |Feature privacy status=` |Feature privacy notes=` |Feature localization status=` |Feature localization notes=` |Feature accessibility status=` |Feature accessibility notes=` |Feature qa status=` |Feature qa notes=` |Feature ux status=` |Feature ux notes=` |Feature product marketing status=` |Feature product marketing notes=` |Feature operations status=` |Feature operations notes=` }}


Retrieved from "https://wiki.mozilla.org/index.php?title=Identity/Features/NativeSignInToWebsite&oldid=732244"