Summary

We'll replace email + password authentication with a BrowserID based solution for login and registration.

Changes

We will add the sasl-browserid plugin to our LDAP server.

We will tweak the Django code simplifying ldap libraries, adding django-browserid, and writing new bits to enable BrowserID.

Code

This is being developed in a branch.

Technical Benefits

• Deep security improvements related to signed cookie useage
• We can remove django-auth-ldap code (which doesn't fit well with our architecture)
• We can remove forgot password, email confirmation, and other flows
• We can test the OpenLDAP plugin sasl-browserid before deploying it in the internal Mozilla environment

Project Management

• Tracking bug
• sasl-browserid security review
• bug 700781 Security review of this patch
• Deployment to stage
• bug 687094 UX work session schedule for 9/26
• Ops deployment bug