Identity
Get Involved
- Reach out to us
- on IRC at irc.mozilla.org, #identity
- on our mailing list
- by tuning in to our short weekly meetings
- Learn more about Persona
- Follow us on
- our blog
- Twitter or Identica
- our announcement list
- Help us out by
- hacking on the code
- writing a plugin or a library
- spreading the word
- translating Persona in your language
Vision
Central to a people-centered ecosystem is an identity system that is under the control of the individual, and enables information sharing on the users own terms with no take-it-or-leave-it policies. To this end, Mozilla is building an identity system for the Web that has these properties.
The first service we're building, Persona, enables users to easily sign into websites using their existing email address in a secure and privacy-protecting way, with no additional passwords. For developers, it offers a very easy to implement API, and a verified email address they can use to communicate with the user.
User identities encompass much more than just an email address, of course, and so the next components of the Mozilla identity system will include payments, profile and data sharing on the users terms and more.
Identity Design Principles
draft 01 APR 2013
Account as relationship, not mechanism
We've used the metaphor of a lock and key for passwords. This is too cold and impersonal. It is an abstraction that serves the cold metal of hardware, but does nothing to help you build a relationship with the person. A more useful way to think about an account is that it allows a computer to identify this person, much like a doorman who can recognize a familiar face and recall their shared history to have a meaningful conversation.
Hierarchy of Needs
These are presented in order from lowest to highest level of user needs. They start with basic and move to more complex.
Reliability
I want access to my information 100% of the time, wherever I am. And don't blame me for unreliable service! The service should be percieved to be reliable.
- Can access when and where needed.
- Data is safe from unintentional loss.
- In-browser password manager is allowed to function normally, not disabled.
Safety
At all points of centralization, the service should be resistant to attack. The service should be perceived as secure/protected.
- Passwords stored securely.
- If I lose my device and attacker cannot remotely wipe another machine.
- Information from one account cannot be used to hack another site
Proportionality
The approach you use should be appropriate to the threat.
- Password character requirements should be reasonable. Don't ask for 72chars, capital + number that rotates every 90 days unless you are a high-risk target.
- Keep user logged in for long sessions unless you are a high-risk target.
Creating a supportive environment
Don't treat me as an intruder in my own house. Tone should be human and recognize that remembering credentials is a difficult thing to do. Be polite and forgiving of imperfect memory.
- Error messages should have positive tone. Shaming language around forgetting password only create unnecessary stress.
- After login it redirect user to where there intended to go.
- Remember my configurations.
- Clear how to access self help documents and forums.
Be the user's trusted agent
Provide a safe and secure way to take your information around the web
- Easy access to contacts, contents of your "wallet."
Responsibilities of Relying Party sites
There are several issues which are directly related to accounts which are outside the scope of Persona. These are guidelines for relying party sites implementing Persona.
- Site reflects whether the user is logged in or not.
- Rules are clear when and why I need to log in or out
- Usernames should only be used if you have public-facing content that needs to be anonymous.
- Site has clear policies about who has access to and who owns user data.
- Site employs ethical practices around what they do with user data and data portability.
- Changes to terms and privacy policies are presented with clear language.
2013 Identity Goals
- Sign into websites
- PiCL (a.k.a. Profile In the Cloud)
- PiCL is pronounced 'pickle'
- Details on this project can be viewed on the Attached Services page.
- Demos are posted regularly on the Attached Services page.
- Native sign into websites & apps (FxOS, FxDesktop, FxAndroid, and others)
2013 Projects and Roadmap
Firefox OS
Milestones | Overview | Target | Crew |
---|---|---|---|
FXOS code merge for phone launch | Q2 | Jed, Team Signin | |
FXOS performance | Q2 | Jed | |
Persona on first-run | Q3 | Jed | |
Age verification | Q4 | Jed | |
Silent SMS support for marketplace | Q4 | Jed |
Profile in the Cloud (PiCL)
Milestones | Overview | Target | Crew |
---|---|---|---|
[Attached Services] | When a user logs into the browser using a Persona identity, they likely want to connect a number of services, including passwords, bookmarks and tabs backup, contacts in the cloud, apps, etc. The PiCL project will be publishing updates on a regular basis. Details on our milestone schedule can be viewed at: PiCL engineering milestones | Ben (Project Lead), Jed (Contacts Lead), Chris K (Password Lead), Crystal (UX), Brian W, Ryan K, Dan W, Zach | |
Desktop & Android initial platform-level features landed in FX | Q2 | ||
Define FXOS PiCL product requirements | Working with FXOS product management | Q2 | |
Landed feature in Nightly | Q3 | ||
FXOS development planning | Q3 | ||
Release to Public | Q4 | ||
FFOS: land code | Q4 | ||
FXOS: Set up Servers & Partnerships | Q1 2014 | ||
FXOS: Ship | Q2 2014 |
Signin to Web
Project | Overview | Target | Crew |
---|---|---|---|
Train Schedule | Details on our train schedule is live and on demand | Lloyd (Project Lead), Francois, Shane, Dan C, Jared, Gene | |
Finalize FXOS production code merge | Q2 | ||
AWS move 2 datacenters | Q2 | ||
Identity Bridging Google | Q2 | ||
Identity Bridging Google Apps for your Domain | Q3 | ||
Security (2FA, active monitoring, phishing defenses) | Q4 |
Identity Speaks: Upcoming Conference Schedule
Interested in Persona? Check out Dan Callahan's presentation at PyCon 2013 Beyond Passwords: Secure Authentication with Mozilla Persona
Conference | Presentation Details | Date | Location | Presenter |
---|---|---|---|---|
Fórum Internacional Software Livre | User logins: can we do better than passwords and avoid centralized services? | July 5, 2013 | Porto Alegre, Brazil | Francois Marier |
Libre Software Meeting | Passwords and freedom: can we lose the former and retain the latter? | July 8, 2013 | Brussels, Belgium | Francois Marier |
Libre Software Meeting | Mozilla Persona for your domain | July 10, 2013 | Brussels, Belgium | Francois Marier |
WDCNZ | Taking the pain out of signing users in | July 25, 2013 | Wellington, New Zealand | Francois Marier |
- Adding a talk? Don't forget to add it to the Mozilla Events Calendar too.
- Removing a talk? Please move it to Identity/Spread Persona.
Meet the Identity Team
Name | Title | Location |
---|---|---|
Austin King | Developer | Washington |
Ben Adida | Director, Identity | California |
Brian Warner | Developer | California |
Chris Karlof | Developer | California |
Crystal Beasley | Lead UX Designer | Oregon |
Dan Callahan | Developer Relations and Documentation | Minnesota |
Danny Coates | Developer | California |
Edwin Wong | QA | California |
Francois Marier | Developer | New Zealand |
Gene Wood | Operations | California |
Hannah Quay-de la Vallee | Intern 2013 | San Francisco |
James Bonacci | QA | California |
Jared Hirsch | Developer | California |
Jed Parsons | Developer | California |
John Morrison | QA | California |
Karl Thiessen | QA | California |
Katie Parlante | Developer | California |
Lloyd Hilaiel | Lead Developer | Colorado |
Ryan Feeley | UX Designer | Toronto |
Ryan Kelly | Developer | Australia |
Ryan Seys | Intern 2013 | San Francisco |
Sean McArthur | Developer | California |
Shane Tomlinson | Developer | United Kingdom |
Tauni Oxborrow | Program Manager | California |
Vlad Filippov | Intern 2013 | San Francisco |
Zach Carter | Developer | California |
Archive
Archive: Quarterly Goals and Project Summary |
---|
2013 Q1 Goals
Project | Description | Status | Contact |
---|---|---|---|
[FFOS] FXOS Identity Service in production | |||
[Desktop, Android] PICL (Profile In Cloud) alpha1 add-on for Firefox and FX Android (Sync replacement) | |||
[Special] Persona Sign-In Beta 2 | |||
[FFOS, Desktop, Android] Persona Service one data-center deployed on AWS | |||
[FFOS, Desktop, Android] Improved Metrics | |||
[Special] Mozilla IdP [STRETCH] |
2012 Q4 Goals
Project | Description | Status | Contact |
---|---|---|---|
B2G Identity Integration |
|
Completed | Ben Adida |
Continuous Improvement of Persona Service: |
|
Team Signin | |
Design and Prototyping of Significant New Persona Features: |
|
2012 Q4 Project Summary
Project | Description | Status | Notes |
---|---|---|---|
Gombot | On-Hold | Post-Mortem Notes can be reviewed at: |
Features on ice (or dropped):
Old / Archived | |||||||
---|---|---|---|---|---|---|---|
|
Name | Description | Status | When | Who |
---|---|---|---|---|
Key-wrapping | Support for key wrapping and wrapped key storage. This allows other sites to encrypt data with a key that is unlocked (locally) with the user's BrowserID password. | Designing & planning | Q1 | Ben Adida |
navigator.id.share() prototype | Developer API to allow users to easily share content with others | Not started | Prototype in Q2 | Dan Mills |
Remote storage API prototype | Developer API to store data (files) in the user's preferred storage provider | Not started | Prototype in Q3 | Dan Mills |
API to me | Developer API to access extended profile data for the user | Not started | Prototype in Q3 | Dan Mills |
Name and photo | Providing the user's name and photo to RPs | Not started |