Identity/WeeklyMeeting/2013-07-29
From MozillaWiki
< Identity | WeeklyMeeting
Contents
AGENDA
- Feeling crazy? This too shall pass
- Sec review needs for the quarter: PiCl, Firefox Persona integration, anything else?
- Tauni will generate an etherpad list to track requests
- Have you signed up for note taking?
- Monday meeting:
- etherpad: https://id.etherpad.mozilla.org/weekly-moco-updates
- Content deadline: 5 pm PDT every Thursday
- volunteer for next week (5 Aug) :: Zaach
- Do you have a 1:1 scheduled?
- Don't forget freaky! Fun, Pair, & Share
Meeting Notes
- Things are feeling pretty crazy right now. Lots of changes. Lots of important projects. It's uncomfortable, but it's feeling better. We should fix the things. Way in and speak up. [lloyd]
- Yvan needs us to identify needed sec reviews for this quarter so that they can schedule them in. So far he knows about PiCl and Firefox Persona integration.
- Jared suggests an updated security review of Persona itself. We could help them out by updating the current docs (following https://blog.mozilla.org/security/2012/05/08/speeding-up-security-reviews/). We should mention the redirect flow to Yvan because that changes the flow significantly.
- Monday project meeting updates: Vlad did it this morning. He did a glorious job. This seems to be going well.
- You should have an opportunity to talk to someone every week. Please schedule a 1:1 if you don't have one scheduled.
- We should double down on Freaky Fridays. That day is not for meetings, it's for fun. For things you enjoy doing. Things you're feeling guilty you're not doing. It should be vaguely related to what we do or what you want to learn technically. You should ideally let people know the day before to get a contributor jamming with you.
- Ryan Seys wants to work on a Facebook IdP experiment. Jed says that it's good to remind people that writing IdP enables a lot of possibilities. Jed points out that security people love the fact that Persona doesn't have to make their email account a SPOF and that they can instead write their own IdP and use whatever login mechanism they want.
- We've had a lot of interest from a number of startups in the "alternate auth" space. If Persona were more widely adopted, it would give them all they need to base their product own.
- Should we add an API to have the IdP tell the RP whether or not the user account can receive emails? We should take that discussion to the list.
- Shane gives a big shout out to Ryan. It was the most productive week he's had for a while.
- Crystal wants to highlight the good stuff that we do. What we do well. We should rework our documentation to make the case of "why you should implement Persona" by using what our fans tell us. Everyone should do an RP interview (with John or Ryan helping). It's coming up next week. Ask Crystal if you have any questions.
- If anyone wants to take the MySQL thing forward, replication etc, it's fallen off Jared's plate (been doing more reviews etc). The upgrade to MySQL 5.6 might fix it though!
Team Status
Native (B2G)
- Sign in to Device vs Sign in to Web is next big question
- Progress on door hanger firing Cancel
- Working on Desktop roadmap
Signin to the Web
- Lots of stuff landing in the 7/31 train, including:
- Chrome on iOS is COMING (#2034)
- siteLogo HTTPS restrictions will be lifted, almost ready (yay Sam!) (#3705)
- Give .onmatch a try, we've fixed many bugs (#3649)
- New, helpful error messaging if 3p cookies disabled (#3520, #3690)
- SPOF on hold - want to help?
- Jared toobusy() writing/reviewing codez
- MySQL upgrade may be enough of an improvement
- We need to measure this
- Details coming to dev-identity later today
- We'll be announcing the GMail bridge this week. Blog post going out Thursday.
- Users with an uppercase character in the domain can't use the Identity Bridge. The work around of lowercasing it doesn't work because we store the original case in the fallback IdP's DB. More work/discussion on this after the meeting.
Profile in the Cloud (PiCL)
Firefox Accounts dev server with current API will be live soon
Sync storage proposal to deliver to Fx client teams is WIP Big discussion on sync-dev about CouchDB. Some suggestions include using CouchDB directly and writing a wrapper around it. Others suggest that we use it in other ways. A number of people are exploring that on the list. This is not the final solution and the dust has yet to settle.
WebRTC
- we need to simplify and remove persona stuff from native code - should be a quick fix
- Ryan has been writing an awesome Chat/Skype-like demo. It shows you what Persona gets you that other auth systems don't. [see: https://github.com/mozilla/tincan]
QA
- working on browserid train-2013.07.17 for push this week.
UX
- All UX information for Identity now has a home.
Business Development
Product Marketing
Docs & Engagement
- [jed] Talked at DevCon5: https://groups.google.com/d/msg/mozilla.dev.identity/r9OQzlLWLso/a6Ui7Oa70ioJ
- [francois] Talked at WDCNZ: https://groups.google.com/d/msg/mozilla.dev.identity/V7dFG0kkzR4/0orfhKyY7qkJ
- [francois] Submitted a proposal to OWASP Day NZ: https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2013
Product
Blog Schedule
- We are working on launch on new blog series. Stay tuned for more information soon
PTO/OOO (kept in the Identity calendar for everyone's reference)
- [ryan f] PTO Jul 29 - Aug 2
- [shane] PTO Jul 31 - Aug 9
- [jared] PTO Aug 7 - 9
- [warner] conference (USENIX Security) aug 12-16
- [tauni] PTO Aug 12