On 5/13/14 4:48 PM, Chris Karlof wrote: > Here's the rub: phone numbers are treated as disposable to some users > and are often recycled by providers. This raises a lot of questions > about how to design a portable identity system around phone numbers.
Let's break it down further.. we could use any of the following as pointers to the account: * phone number (MSISDN) * SIM card * the phone itself * control over an email address and then optionally require a password in addition to any of those. To prove control of a phone number, we'd send you a code via SMS, and you'd either type that code into a form, or some magic program on your phone would snarf the SMS before it gets displayed. Phone numbers migrate over time, sometimes following people from one SIM or phone to another, sometimes being recycled. For the SIM card, we could store a token in the SIM card (as a magic contact record, if absolutely necessary, but hopefully in some more structured way: I hear SIMs can behave like smartcards and generate/store keys for you). Each SIM card has an unspoofable IMSI number, and can use it to sign challenges, but I suspect it'd be hard to take advantage of this from the OS layer. Sometimes people take their SIM with them to a new phone, but sometimes they get a new SIM (maybe the new phone has a different SIM-slot form-factor, or the SIM was locked to a specific phone, or vice versa, or maybe the new phone comes with a new SIM anyways). Some phones can use multiple SIMs at the same time. To use the phone itself as the account identifier, you just store a token in flash somewhere the OS can get to it. Phone handsets have a unique IMEI number, and the OS can probably read it, but they aren't as unspoofable as the IMSI.. not sure it'd be appropriate to use it as an account ID. To prove control over an email address, you click on a link in an email, as usual. The first step is probably to figure out what mental model would work well in this world: can we get people to imagine that their apps/email/whatever "lives" in the SIM card, so you're supposed to move it from one place to another to retain access to that stuff? Do phones get shared/lost/traded frequently, making them an unsuitable place to hold secrets? Could we introduce some sort of IdP (with or without email) and establish the convention of getting an account there to access your stuff? cheers, -Brian _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
