Identity/AttachedServices/Architecture: Difference between revisions

Jump to navigation Jump to search

Identity/AttachedServices/Architecture (view source)

Revision as of 18:19, 5 August 2013

1,271 bytes removed ,  5 August 2013
no edit summary
No edit summary
Line 67: Line 67:


The workload will be pretty write-heavy. Accounts with just a single device (i.e. just backup, not sync) are pretty common, and these will be almost entirely writes. Some datatypes are more "hot" than others (e.g. open-tabs are updated with every click, while bookmarks only change when the user specifically creates or modifies one), so we might want to mark the collections with hints that tell the server how to best manage the records.
The workload will be pretty write-heavy. Accounts with just a single device (i.e. just backup, not sync) are pretty common, and these will be almost entirely writes. Some datatypes are more "hot" than others (e.g. open-tabs are updated with every click, while bookmarks only change when the user specifically creates or modifies one), so we might want to mark the collections with hints that tell the server how to best manage the records.
== (OLD) Authentication ==
Authentication to PICL Services is done via Persona. This means that a browser needs to be natively logged into Persona, so that it can generate the Persona assertions it needs to connect to individual services without user intervention every time the browser reconnects to an existing service. Specifically, if a PICL service runs at https://bookmarks.example.com, the browser gets an assertion for that audience, without prompting the user every time it needs one.
The flow for logging into the browser is more user-agent centric than the typica Persona signin-to-web flow. Redirecting to an IdP is too jarring. Thus, even if we allow different IdPs, the login UI must be consistent and feel like it's part of the browser.
These requirements (and the next Data Security section) call for a design where the browser locally captures the user's email and password, then engages in a protocol with the IdP – persona.org or otherwise – to obtain a certificate. One way to implement this immediately is to embed the invisible persona.org communication IFRAME and call into its internal API, which we recently augmented to include login() and accountExists() calls to support this implementation path.
[[Image:Iframe-login-embedding.png]]
Ckarlof
Confirmed users
282

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/690071"

Navigation menu