Identity/Features/Web-based Verified Email Client
Status
| Web-based Verified Email Client | |
| Stage | Complete |
| Status | ` |
| Release target | ` |
| Health | ` |
| Status note | Scoping new work after VEP changes. |
Team
| Product manager | Dan Mills |
| Directly Responsible Individual | Dan Mills |
| Lead engineer | Rob Miller |
| Security lead | Michael Coates |
| Privacy lead | Sid Stamm |
| Localization lead | ` |
| Accessibility lead | ` |
| QA lead | James Bonacci |
| UX lead | Chris Howse |
| Product marketing lead | ` |
| Operations lead | ` |
| Additional members | ` |
Open issues/risks
`
Stage 1: Definition
1. Feature overview
Pure HTML client of the Verified Email Service.
Related features:
Goals:
- Implement the JS API for sites to support Verified Email
- Not to interfere when native browser support is present
- Directly interface with the Mozilla Verified Email service for all functionality
- Support Verified Email on current-generation browsers: Firefox 4, IE 8, Chrome 10, Safari 5, Opera
2. Users & use cases
Mark gets a tip from a friend about SaladFans.com, a place to review and share your favorite salad bars. Mark visits the site and is eager to contribute his own reviews as well as connecting with friends to find out which salad bars they like.
Mark sees a "sign in" button on the SaladFans site, and when he clicks on it a Mozilla ID pop-up dialog comes up telling him that the site is asking for a verified email address to sign-in. Mark hasn't used Mozilla ID before, so he clicks the "register" button.
Mark now types in his email address, and chooses a password for his account. After he's done, Mozilla ID tells him that a verification message has been sent to his email, and he needs to click on a link there before proceeding. Mark checks his email and clicks on the link in the message Mozilla ID sent him. The link opens up a new pop-up replacing the previous one, which welcomes him to Mozilla ID and asks him if it's OK to disclose the email address to SaladFans.com. Mark clicks OK, the dialog closes, SaladFans.com reloads, and Mark is now signed into SaladFans.com!
Key Points:
- Easy set-up from scratch
- All HTML flow, works on a variety of browsers
- Flow centered around verified email disclosure
3. Dependencies
`
4. Requirements
| Item | Bug | Status |
| Core VEP client implementation (can handshake w/ server register an email, generate keys, receive a cert, generate assertion; no UI, no cert refresh) | 664598 | - |
| Relying party wrapper implementation (can handle getVerifiedEmail call and interact w/ core VEP client in a popup window; still no UI nor cert refresh) | 664597 | - |
| Identity authority wrapper implementation (can handler registerVerifiedEmail and registerVerifiedEmailCertificate calls and can interact w/ core VEP client in parent window, still no UI nor cert refresh) | 669455 | - |
| UI interaction through account creation / login / release of one email address (most UI will be generated by the server) | 664594 | - |
| Email selection UI (mostly generated by UA) and integration into VEP process | 664599 | - |
| Certificate refresh, successful only | 668620 | - |
| Certificate refresh w/ failure | 668625 | - |
| ========= OLDER (OBSOLETE?) MILESTONES BELOW ========== | ||
| Relying party API | - | - |
| Sign-in pop-up | - | - |
| Email disclosure pop-up | - | - |
| Email verification pop-up | - | - |
| Account creation pop-up | - | - |
| Account creation UX polish[1] | - | - |
| HTML client popups support multiple emails | - | - |
| HTML client allows adding a new email to an existing account | - | - |
[1] e.g., password strength meter, pop-up auto-closes upon email verification
Non-goals
- Integrating with/implementing non-Verified Email auth protocols
- including HTTP Auth, forms-based sign-in, OpenID, OAuth, etc.
- Support for other profile information
Stage 2: Design
5. Functional specification
API Docs
Obsolete?
6. User experience design
Older mockups:
Stage 3: Planning
7. Implementation plan
`
8. Reviews
Security review
`
Privacy review
`
Localization review
`
Accessibility
`
Quality Assurance review
Basic Identity items test plan
Operations review
`
Stage 4: Development
9. Implementation
`
Stage 5: Release
10. Landing criteria
`
Feature details
| Priority | P1 |
| Rank | 999 |
| Theme / Goal | ` |
| Roadmap | Mozilla Identity |
| Secondary roadmap | ` |
| Feature list | Services |
| Project | ` |
| Engineering team | Services |
Team status notes
| status | notes | |
| Products | ` | ` |
| Engineering | ` | ` |
| Security | sec-review-unnecessary | 2-Dec-2011: notified project canceled/shelved, removing security tags and closing out feature page per discussion with Rob Miller. Project superseded by BrowserID |
| Privacy | ` | ` |
| Localization | ` | ` |
| Accessibility | ` | ` |
| Quality assurance | ` | ` |
| User experience | ` | ` |
| Product marketing | ` | ` |
| Operations | ` | ` |
