Hi All,
As the new quarter gets underway, I wanted to take a moment to highlight some of the keys focus areas coming up for FxA in Q4. We'll be tracking individual features in Aha under the Firefox 44, 45 and 46 releases, which you can view here: https://mozilla.aha.io/products/FXA/feature_cards The features will be organized around three key themes: * Connected Devices * Device Handshake * OpenID Connect Other things will come up of course, and we'll schedule them appropriately, but these are the three things that I'd really like us to have in place by the start of the new year. Connected Devices ----------------- The groundwork for this is already underway, with the idea being that "signing in to Firefox" should join your device to an ongoing connected experience rather than a one-off handoff to the Sync service. >From the user's point of view, they'll be able to see and manage all the devices connected to their account, and send data between them in a more explicit and timely manner. >From a technical point of view, devices will have an explicit identity, making it easier to build experiences like "tabs from other devices". Devices will also register a push endpoint for timely updates, meaning we can improve the responsiveness of sync, give a better experience on password change, and probably other things we haven't through of yet. If we get this right, we'll enable other teams within Mozilla to build rich device-aware connected experiences on top of the FxA ecosystem. Device Handshake ---------------- Being "signed in to Firefox" should also mean that you get a seamless experience when interacting with Mozilla services, being able to e.g. sign in to Pocket or the upcoming AMO site with a single click. Unfortunately the current integration between browser login state and FxA web content is quite fragile. Let's build a more robust protocol to let Firefox share the signed-in state of the browser with web content, ensuring users can quickly-but-securely access FxA authenticated services from their device. OpenID Connect -------------- We've learned a lot about running an identity ecosystem since FxA was first conceived. The value of using standard protocols like OAuth has been repeatedly proven, and we've also seen the potential for confusion when we offer reliers multiple, non-standard ways to do things. Before we bring on additional reliers in 2016, let's consolidate our infrastructure and protocols around a single way of authenticating to reliers, and let's double down on using standards where they exist. Let's do OpenID Connect. We will formally deprecate the use of browserid-style identity assertions, and make OAuth part of the core accounts server API. We will add support for OpenID Connect profile information APIs, service discovery mechanisms, and dynamic relier registration. New sites that want to authenticate with FxA will be able to plug our details into an existing OpenID Connect relier library and be off and running. If we do this right, we should have every confidence in opening up FxA authentication to third-party reliers on the web in 2016. This will also put us in a position to start talking about identity more broadly, to try to influence the way identity works on the web at large rather than just within the Mozilla ecosystem. Plenty of open questions around how that might look, but I know it's something many on this team are passionate about. So with all that said...let's go make it happen! :-) Cheers, Ryan _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
