Identity/Firefox Accounts: Difference between revisions

Jump to navigation Jump to search

Identity/Firefox Accounts (view source)

Revision as of 07:16, 15 June 2015

1,841 bytes removed ,  15 June 2015
Use the present tense, drop some old-and-irrelevant details
(Include testing notes.)
(Use the present tense, drop some old-and-irrelevant details)
Line 1: Line 1:
{{LastUpdated}}
{{LastUpdated}}


=What Is Firefox Accounts? =
= About Firefox Accounts =


Firefox Accounts is a consumer account system which provides access to services run by Mozilla, such as [https://marketplace.firefox.com/ Firefox Marketplace] and the [https://wiki.mozilla.org/User_Services/Sync next version of Firefox Sync]. A user can sign in with a Firefox Account to all her "Foxes": Firefox on Desktop, Firefox for Android, and Firefox OS. Signing into a Firefox browser or device gives the user access to integrated Mozilla Services on that browser or device that requires authentication (e.g., Firefox Sync). Longer term we envision that non-Mozilla services and applications will be able to delegate authentication to Firefox Accounts. Relying services will manage their own data, but rely on Firefox Accounts for authentication services.
Firefox Accounts is the account system that provides access to services run by Mozilla and select partners.


=FAQ=
A user can sign in with a Firefox Account to any of her "Foxes" -  Firefox on Desktop, Firefox for Android, and Firefox OS - to access integrated services such as [https://wiki.mozilla.org/User_Services/Sync Firefox Sync] and [https://marketplace.firefox.com/ Firefox Marketplace].  She can also sign in to services on the web using a standard OAuth flow.


== Will I be required to create a Firefox Account to use Firefox? ==
Longer term we envision that non-Mozilla services and applications will be able to delegate authentication to Firefox Accounts while managing their own data.


No, of course not! Firefox Accounts will only be required for Mozilla Services that require authentication, such as Firefox Sync and advanced features on Firefox Marketplace like purchasing paid apps, adding app reviews etc.
For information on integrating a service with Firefox Accounts, visit the [https://developer.mozilla.org/en-US/docs/Mozilla/Tech/Firefox_Accounts Firefox Accounts portal on MDN].


==How does a user create and sign in to a Firefox Account?==
For information on contributing to Firefox Accounts development, visit the [https://fxa.readthedocs.org developer documentation].
Firefox Accounts will work much like authentication works just about everywhere else. You create a Firefox Account with a verified email and password. You sign in to Firefox Accounts with your email and password.


==Why does Firefox Accounts require me to choose a password?==
=FAQ=
The first relying service we're targeting with Firefox Accounts is Firefox Sync. Current Firefox Sync encrypts all your data in our servers, and we will continue to do so in the Firefox Accounts backed version of Sync. However, in the FxA backed version of Firefox Sync, we will encrypt your Sync data with a key derived from your Firefox Account password, instead a random key managed by the J-PAKE pairing protocol. This technique of using a password derived sync key is similar to how data protection in [https://support.google.com/chrome/answer/1181035?hl=en&ref_topic=1693469 Chrome Sync] works.


==How do relying Mozilla services authenticate an FxA user?==
== Am I required to create a Firefox Account to use Firefox? ==
https://developer.mozilla.org/en-US/Firefox_Accounts


==How does a user reset her Firefox Account password?==
No.  A Firefox Account is only required for Mozilla Services that require authentication, such as Firefox Sync and advanced features on Firefox Marketplace like purchasing paid apps, adding app reviews etc.
https://support.mozilla.org/en-US/kb/ive-lost-my-firefox-sync-account-information#w_iaove-forgotten-my-sync-password-ae-how-do-i-reset-it_2
 
== Why does Firefox Accounts require me to choose a password? ==
 
One of the primary services that uses Firefox Accounts is Firefox Sync, which encrypts all your data client-side before submitting it to the server. The password is used to securely derive an encryption key.


== What information does Firefox Accounts store about the user? ==
== What information does Firefox Accounts store about the user? ==
https://developer.mozilla.org/en-US/Firefox_Accounts#Firefox_Accounts_user_data
https://developer.mozilla.org/en-US/Firefox_Accounts#Firefox_Accounts_user_data


== Can I use Firefox Accounts to store user data for my application or service? ==
== Can I use Firefox Accounts to store user data for my application or service? ==
In general no.
Firefox Accounts only stores information that will deliver significant user value across applications or is tightly related to the user's identity. It will not store user data for relying services. Relying Mozilla services can use Firefox Accounts for authentication, but application data storage is the responsibility of the individual applications.
Firefox Accounts only stores information that will deliver significant user value across applications or is tightly related to the user's identity. It will not store user data for relying services. Relying Mozilla services can use Firefox Accounts for authentication, but application data storage is the responsibility of the individual applications.


==What's the difference between Persona and Firefox Accounts?==
== What's the difference between Persona and Firefox Accounts? ==
Persona is not intended to provide you with a new account, and it's not a new account system. Persona is a federated login protocol. You use Persona to log in to relying sites, and it's not intended that you need to "sign up" for Persona before you can use it. If you would need to sign up for anything, you would need to create an account at an IdP that supports Persona.


One confusing point about Persona today is a service called the "Persona Fallback", which serves as a proxy IdP if your actual IdP doesn't support Persona (or isn't bridged), which just about every IdP except for Google and Yahoo. In this case, you currently have to sign up for a "Persona Fallback Account" (i.e. choose a password and verify your email) to use Persona.  
Persona is a general-purpose federated login protocol for the web.  It is not intended to provide you with a new account, and it's not a new account system. It's intended that you can use Persona to log in to relying sites without first "signing up" for Persona, but rather using an existing account with a Persona-enabled Identity Provider.


But a Persona Fallback Account is not a Persona Account, it's not the long term vision of Persona, and that's not supposed to be the happy path of the Persona login experience.  
One confusing point about Persona today is a service called the "Persona Fallback", which serves as a proxy Identity Provider if your actual IdP doesn't support Persona (or isn't bridged), which just about every IdP except for Google and Yahoo. In this case, you currently have to sign up for a "Persona Fallback Account" (i.e. choose a password and verify your email) to use Persona.  


More importantly, for the purposes of this question, a Persona Fallback Account is definitely not a Firefox Account.
But a Persona Fallback Account is not a Persona Account, it's not part of the long term vision of Persona, and that's not supposed to be the happy path of the Persona login experience.  And it's definitely not a Firefox Account.


So why Firefox Accounts and what will one do?
Independently of Persona, Mozilla needs an account database to deliver a fantastic, integrated experience across all its products and on all the user's devices. Unfortunately, delivering awesome services involves some less exciting, but still important aspects, like making sure users have had a chance to inspect our terms of service and privacy policies. We must also comply with local laws and regulations, e.g., [http://www.coppa.org/ COPPA]. It would be inconvenient for users to have to verify a terms of service, a privacy policy, and COPPA at each individual Mozilla service. We believe that users should only have to inspect our terms of service, privacy policy, and go through COPPA verification '''once''' for all our services.


Mozilla needs an account database to deliver a fantastic, integrated experience across all its products. Unfortunately, delivering awesome services involves some less exciting, but still important aspects, like making sure users have had a chance to inspect our terms of service and privacy policies. We must also comply with local laws and regulations, e.g., [http://www.coppa.org/ COPPA]. It would be inconvenient for users to have to verify a terms of service, a privacy policy, and COPPA at each individual Mozilla service. We believe that users should only have to inspect our terms of service, privacy policy, and go through COPPA verification '''once''' for all our services. Firefox Accounts enables us to do that. One we get the basics down and enable single sign-on for relying Mozilla Services with your Firefox Account, we hope integrate Firefox Accounts with Persona on the Web and Firefox user agents to make logging in everywhere as painless as it should be.
We also need more than just a login sysem, e.g. Firefox Sync requires the ability to derive an encryption key to protect the user's data. Firefox Accounts enables us to do that without adding all those complications to the simple-and-effected Persona protocol.


== Can I use Persona to log in to my Firefox Account? ==
== Can I use Persona to log in to my Firefox Account? ==
Not initially, but it's something we're investigating to add in the future.
 
No.


== Can I use my Firefox Account to log in to non-Mozilla services? ==
== Can I use my Firefox Account to log in to non-Mozilla services? ==
Not initially, but it's something we're investigating to support in the future.
 
Not initially, but it's something we'd like to support in the future.


== Does Firefox Accounts provide email? ==
== Does Firefox Accounts provide email? ==
No.
No.


== What services will use Firefox Accounts? ==
== Is it possible to host your own Firefox Accounts service, like with Firefox Sync? ==
https://developer.mozilla.org/en-US/Firefox_Accounts#Services_that_use_Firefox_Accounts
 
== What do these terms mean? ==
* FTU, FTE: First Time Experience on Firefox OS
* FxA : Firefox Accounts. It may also refer to a user's particular Firefox Account.
* RP : Relying Party. Services that use Firefox Accounts for authentication and identity. Currently these are limited to services run by Mozilla.
* PiCL : Profile in the Cloud. This is a deprecated term that was used to refer to Firefox Accounts + attached services (i.e., relying parties).
 


== Is it possible to host your own Firefox accounts, like with Firefox Sync? ==
[https://docs.services.mozilla.com/howtos/run-fxa.html Yes.]
[https://docs.services.mozilla.com/howtos/run-fxa.html Yes.]


== Have a question not covered here? Add it in this section and we'll answer it! ==
=Architecture=
 
Where is the FxA for Web addition to the Arch section below?
 
What are the similarities/differences between FxA for Web and the Dev work already being done for desktop and android?


=Architecture=
[[File:Firefox_Accounts_Architecture.png]]
[[File:Firefox_Accounts_Architecture.png]]


Rfkelly
Confirmed users
358

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1079991"

Navigation menu