Mozillians/Releases/1.2/BrowserID: Difference between revisions
< Mozillians | Releases | 1.2
Jump to navigation
Jump to search
(Adding security bug) |
|||
| Line 11: | Line 11: | ||
== Technical Benefits == | == Technical Benefits == | ||
* Deep security improvements related to signed cookie useage | |||
* We can remove django-auth-ldap code (which doesn't fit well with our architecture) | * We can remove django-auth-ldap code (which doesn't fit well with our architecture) | ||
* We can remove forgot password, email confirmation, and other flows | * We can remove forgot password, email confirmation, and other flows | ||
Latest revision as of 21:01, 8 November 2011
Summary
We'll replace email + password authentication with a BrowserID based solution for login and registration.
Changes
We will add the sasl-browserid plugin to our LDAP server.
We will tweak the Django code simplifying ldap libraries, adding django-browserid, and writing new bits to enable BrowserID.
Code
This is being developed in a branch.
Technical Benefits
- Deep security improvements related to signed cookie useage
- We can remove django-auth-ldap code (which doesn't fit well with our architecture)
- We can remove forgot password, email confirmation, and other flows
- We can test the OpenLDAP plugin sasl-browserid before deploying it in the internal Mozilla environment
Project Management
- Tracking bug
- sasl-browserid security review
- bug 700781 Security review of this patch
- Deployment to stage
- bug 687094 UX work session schedule for 9/26
- Ops deployment bug