We'll replace email + password authentication with a BrowserID based solution for login and registration.
We will add the sasl-browserid plugin to our LDAP server.
We will tweak the Django code simplifying ldap libraries, adding django-browserid, and writing new bits to enable BrowserID.
This is being developed in a branch.
- Deep security improvements related to signed cookie useage
- We can remove django-auth-ldap code (which doesn't fit well with our architecture)
- We can remove forgot password, email confirmation, and other flows
- We can test the OpenLDAP plugin sasl-browserid before deploying it in the internal Mozilla environment