Security/Reviews/BrowserIDProfiles
From MozillaWiki
Please use "Edit with form" above to edit this page.
Item Reviewed
Profile feature of Mozilla Persona/BrowserID | |||||||||
Target |
1 Total; 0 Open (0%); 1 Resolved (100%); 0 Verified (0%); https://wiki.mozilla.org/Identity/Profile/Proposal https://github.com/mozilla/browserid/issues/880 |
The given value "
ID | Summary | Priority | Status |
---|---|---|---|
756431 | Security Review for Profile feature of Mozilla Persona/BrowserID | P3 | RESOLVED |
1 Total; 0 Open (0%); 1 Resolved (100%); 0 Verified (0%);
https://wiki.mozilla.org/Identity/Profile/Proposal
https://github.com/mozilla/browserid/issues/880" contains strip markers and therefore it cannot be parsed sufficiently.Introduce the Feature
Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
- add basic profile information to BrowserID
- name, avatar photo (the kind of things when you post a comment to a blog) [initial phase & opt in]
- will be from client side initially until we can solve key wrapping
- when solved, we may provide more data and provide it server side (encrypted on client side)
- provider would have to make an explicit request (for what not sure yet, expanded data set for sure)
- the future goal is to have a "contact card" style of information that is associated with a given persona email address
What solutions/approaches were considered other than the proposed solution?
- automatically sending email, name and "photo" (avatar)
- we may want even this to be optional and controlled by users
Why was this solution chosen?
- ability to have an online profile and data that is associated with a given account for a given site
Any security threats already considered in the design and why?
- all those inherent with browserID
- privacy with regards to user choice on what is sent
Threat Brainstorming
- if the user and the site don't agree on what info is required who cancels the transaction?
- we want the user to be able to control this and make decisions
- Concern for photo privacy: embedded EXIF Data, such as thumbnail being an entire photo, while what is displayed as the image cropped, GPS data, etc.
- If we point to external image URLs, we may make site owners angry, as many users will point to photos hosted on sites they don't control or own. Also, site owners could replace an image with a nasty one.
- Property "SecReview feature goal" (as page type) with input value "* add basic profile information to BrowserID
- name, avatar photo (the kind of things when you post a comment to a blog) [initial phase & opt in]
- will be from client side initially until we can solve key wrapping
- when solved, we may provide more data and provide it server side (encrypted on client side)
- provider would have to make an explicit request (for what not sure yet, expanded data set for sure)
- the future goal is to have a "contact card" style of information that is associated with a given persona email address" contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.
- Property "SecReview alt solutions" (as page type) with input value "* automatically sending email, name and "photo" (avatar)
- we may want even this to be optional and controlled by users" contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.
- Property "SecReview threats considered" (as page type) with input value "* all those inherent with browserID
- privacy with regards to user choice on what is sent" contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.
- Property "SecReview threat brainstorming" (as page type) with input value "* if the user and the site don't agree on what info is required who cancels the transaction?
- we want the user to be able to control this and make decisions
- Concern for photo privacy: embedded EXIF Data, such as thumbnail being an entire photo, while what is displayed as the image cropped, GPS data, etc.
- If we point to external image URLs, we may make site owners angry, as many users will point to photos hosted on sites they don't control or own. Also, site owners could replace an image with a nasty one." contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.
Action Items
Action Item Status | In Progress |
Release Target | ` |
Action Items | |
* Who :: What :: By when (Keep in mind all these things will be bugs that block the reivew bug, that blocks the feature bug)
|