Identity/AttachedServices/Architecture: Difference between revisions

Identity/AttachedServices/Architecture (view source)

Revision as of 18:02, 4 June 2013

1,252 bytes added , 4 June 2013

start to replace with our current design

Warner

Confirmed users

471

edits

@@ Line 1: / Line 1: @@
 == Overview ==
-Profile In The Cloud (PICL) is a mechanism for attaching services to the browser with built-in authentication. Ideally, a user "logs into their browser", which automatically applies all customizations and re-attaches all relevant services. Possible PICL services include: bookmarks/history/tabs/passwords backup/syncing, social API preferences, sharing providers, WebRTC bridge provider, file-storage service, etc.
+Profile In The Cloud (PICL) is a mechanism for synchronizing browser state between a user's various devices. The user attaches a given local profile to a remote account by "logging into their browser", which then uploads and downloads data as necessary to bring the local profile into harmony with the server-held data. Possible PICL services include: bookmarks/history/tabs/passwords backup/syncing, social API preferences, sharing providers, WebRTC bridge provider, file-storage service, etc.
+== Architectural Overview ==
+There are roughly five areas of concern in the PICL system:
+* 1: Signup/Signin: How does the user attach a new device to their account? This area involves passwords, usernames, email addresses, recovery options, revocation, and device management.
+* 2: Conversion: How do we extract (and inject) data from the various native data sources (PlacesDB for bookmarks and history, the Password Manager, etc)? This data should be converted into a neutral format so the synchronization code doesn't need to know the details. This code must also merge conflicting data when necessary.
+* 3: Synchronization: the neutral data must be encrypted, signed, batched, and delivered to/from a storage server. This process must tolerate dropped messages, interrupted connections, overload conditions, and arbitrarily-long periods of server unreachability.
+* 4: Storage Server Authorization: The browser code must prove to the Storage Server that it has a right to read/write the encrypted records.
+* 5: Storage Server Format: The storage server must store large quantities of data reliably, and provide fast access.
+[[File:PICL-archmap.png|Architecture Map]]
 == Authentication ==