• Dan Mills
• Ed Lee
• Alex Faaborg
• You!

Overview

See bug 571409.

Account Manager is currently a patch to mozilla-central, and is being targeted at the first release post 4.0.

Note that there is an add-on prototype (the result of the Labs exploration), but it is buggy and speaks an older version of the Account Manager protocol. It is not recommended for testing, use try-server builds instead.

Performance Impact

Currently around 1.3% on average:

linux: 1.7%
lin64: 2.4%
macos: 0.2%
mac64: 2.0%
winxp: 1.3%
win 7: 0.5%

Security Review

In progress on Sept 1 3pm

First, see here for a quick walk-through of the code. That will tell you what's what and help you get started.

Then see the TODO section on this page for open items to work on.

Thanks!

User facing features

• autoconnect [~2d]
• multi-profile sign-in bubbles [~1d]
• federated profile [~3d]
• HTTP Auth profile
• right click menu (fast user switching)
• basic in-content registration [a few days' work]

Backend features

• cookie-watching (refresh status on cookie changes) [~1day]
• per-method static parameters (for forms that use a hidden param to determine action)
• per-method dynamic parameters (for e.g. CSRF protection)

Password manager integration

• bug 589362
• use new password manager columns for account lookup/saving
  • migration (set account realm for existing saved logins) [~1 day]
  • also on password manager end (when saving new password) [~1 day (dolske?)]

Security fixes

• shouldn't support http form auth transparently without more warning
• explicitly only allow http/https realm uri (and not ftp, etc)
• only allow https realms from https requests
• login csrf: amcd enforces where it can be used on which sites
• login csrf: link header URI needs to be restricted to the site
• make sure Link header URI and host-meta URI aren't conflicting if header is missing ?
• STS support - should Just Work, but test that requests get upgraded correctly
• ensure that SSL cert errors are handled appropriately

• Status display
  • Unregistered, signed-out, and signed-in for supported sites [P1]
  • Notifications of site requests for sign-in [P3]

• Sign-up support
  • New id+secret pair negotiation [P1]
  • Automatic password generation [P1]
  • Optional feature to allow user-defined passwords [P1]
  • Remember preferred email and username(s) [P1]

• Sign-in support
  • Request existing user credentials for new/unknown sites [P1]
  • Two-click sign-in [P1]
  • Optional automatic sign-in on next session [P2]
  • Support for multiple accounts [P1]

• Sign-out support
  • Two-click sign-out [P1]

• Password change
  • User-initiated password change [P2]
    • To a new random password [P3]
    • To a new user-defined password [P2]

• Support for various authentication types
  • Form submission/cookie [P1]
  • HTTP Basic auth [P1]
  • HTTP Digest auth [P2]
  • Client certs [P3]

• Supports sync if installed [P1]

• Disables itself during private browsing mode [P1]

• Greasemonkey-like hacks that work only on one site, except as needed only to demonstrate the potential for the feature.
• Creating new and interesting authentication/authorization schemes.
• Extensive hacking on Password Manager-like heuristics to make it only sort of work on more sites.

Generally speaking:

• Password manager
• Theme work, site button in particular
• Notifications, to a lesser extent

Iteration 6 (direct link - doesn't thumbnail correctly).

• Site Identity
• Account Manager Labs project
• Google Group

We held an in-person meetup on May 21st, see:

• The meetup page (with notes).
• Distilled analysis from discussions at the meetup.