Identity/Features/Sign into the browser

From MozillaWiki
Jump to: navigation, search
Please use "Edit with form" above to edit this page.


Sign into the browser
Stage On hold
Status `
Release target `
Health OK
Status note `


Product manager Dan Mills
Directly Responsible Individual Dan Mills
Lead engineer Ben Adida
Security lead `
Privacy lead Sid Stamm
Localization lead `
Accessibility lead `
QA lead `
UX lead Zhenshuo Fang
Product marketing lead `
Operations lead `
Additional members David Dahl, Anant N., Matthew Noorenberghe, Frank Yan

Open issues/risks

Requires coordination with services infrastructure to support BrowserID-based authentication, as well as a key-wrapping feature in BrowserID.

Stage 1: Definition

1. Feature overview

Being able to sign into the browser is a key feature in our identity roadmap. It serves two main purposes:

  1. To connect the user to services in the cloud. By signing in to the browser, the user connects to a Persona account, which provides a discovery points for cloud-based services.
  2. To enable at least basic support for user (profile) switching in multi-user/shared-device situations.

2. Users & use cases

As a user, I want to know at a glance whether I am signed into the browser, or if someone else is.

As a user, I want to be able to easily find the sign in button/link/option.

As a new user, I want to be able to create an account by providing my email address and choosing a new password.

As a new user, I want to be able to verify my email asynchronously, so that I can use the browser immediately.

As an existing user on a new device, I want to be able to sign into my account using my email address and password.

As an existing user returning to a device, I need to use my password (but not my email) to sign back in.

As an existing user, I want to be able to reset my password if I forget it.

As a new signed-in user, I want to know about the services and features now available to be by having signed in.

As a returning signed-in user, I want to quickly get back to my personalized browser profile.

As a signed-in user, I want to see my list of email addresses (and not a sign-in screen) when I click "sign in" at a Persona-supporting site.

3. Dependencies


4. Requirements

  • Ability for user to sign in via UI option somewhere (e.g., menu)
  • Ability to sign out (stopping any feature that requires sign-in)
  • Ability for the user to recognize the currently signed-in account at a glance (or at least with very minimal effort)
  • Ability for other Firefox features to trigger sign-in flow
  • Email-based authentication using accounts
  • Should match BrowserID flow except where absolutely necessary (e.g., ask for email first, decide what to do based on the email)
  • Ability to create accounts
    • Ask for password up-front, but allow deferred verification (see: BrowserID "unverified" flow/feature)
  • UI should be unambiguous that the user is interacting with the *browser* (not content)


  • master password integration / modal sign-in screen on browser startup

Stage 2: Design

5. Functional specification

Types of users:

  • New user come from Mobile first run
  • New user come from desktop
  • Existing user who use Sync (1 or more device; our server vs. own server)
  • Existing Persona ID user

6. User experience design

Stage 3: Planning

7. Implementation plan


8. Reviews

Security review


Privacy review


Localization review




Quality Assurance review


Operations review


Stage 4: Development

9. Implementation


Stage 5: Release

10. Landing criteria


Feature details

Priority P2
Rank 999
Theme / Goal BrowserID
Roadmap Mozilla Identity
Secondary roadmap Security
Feature list Other
Project `
Engineering team `

Team status notes

  status notes
Products ` `
Engineering ` `
Security sec-review-needed bug 744948
Privacy ` `
Localization ` `
Accessibility ` `
Quality assurance ` `
User experience ` `
Product marketing ` `
Operations ` `