Security/AppsProject/IdentityKPIBackend: Difference between revisions

← Older edit

Security/AppsProject/IdentityKPIBackend (view source)

Revision as of 20:35, 23 April 2012

1,475 bytes added , 23 April 2012

no edit summary

Curtisk

canmove, Confirmed users, Bureaucrats and Sysops emeriti

2,776

edits

@@ Line 6: / Line 6: @@
 </ul>
 }}
-{{SecReview}}
+{{SecReview
+|SecReview feature goal= The main objective of this feature is to allow the  BrowserID product team to access how well changes to the service are meeting key performance indicators (KPI). UX will design a feature change, engineering will build it and a KPI Dashboard will give us the  feedback of how successful the change is with real users.
+ We're providing an authenitcation UI for the web, so having the most tested and refined flows is critical to Mozilla's success. (This isn't the auth flow for a single web property).
+ KPI Backend must be built before we build the KPI Dashboard, which will  be built next quarter and have it's own privacy review. KPI Backend  stores the raw data described at https://wiki.mozilla.org/Privacy/Reviews/KPI_Backend#Example_data.
+* Use Cases:
+** https://bugzilla.mozilla.org/show_bug.cgi?id=746231
+**https://bugzilla.mozilla.org/show_bug.cgi?id=746233
+* phase 1 is setting up the backend
+* phase 2 will be setting it all up to actually collect the data
+|SecReview alt solutions=* Web analytics
+* It's very early in design, few major concrete designs to document here.
+|SecReview solution chosen=* Web analytics don't exist and won't be performant for the fine-grained detail we want.
+* Also, see previous question.
+|SecReview threats considered=* Bogus submissions - mitigation via nonce or CSRF token
+* DDOS
+* Bogus data
+}}
 {{SecReviewActionStatus
-|SecReview action item status=None
+|SecReview action item status=In Progress
+|SecReview action items=* code review of JS (when ready)
+* code review of WebService API (when ready)
 }}