Services/Sync/NextGen/ArchivedQuestions
From MozillaWiki
Product Questions
- Are we still planning to ship old and new Sync products in parallel, or are we doing migration on upgrade? (Asa)
- mconnor: This has a non-zero cost, and we're talking about 0.5% of Firefox users. We can do it, but it adds difficult-to-scope time/complexity.
- For how long?
- Assumption: even if shipping in parallel, not simultaneously functional. This would be an undue development and testing burden.
- We're going to ship in parallel until we reduce the users of previous generation Sync to some minimal level at which point we'll EOL the previous version. - A
- J-PAKE as an option for users? (Asa)
- mconnor: Not required for sure, but if we're allowing users to provide their own keys, manual entry really sucks on mobile. NFC could be a future option, making this unnecessary, but we should decide this explicitly. The cost to maintain/preserve is not dramatically high, but is of course more than zero.
- I don't think we should do this. I know typing on some mobile devices is a pain but I don't think the J-PAKE solution conceptually less burden. - A
- mconnor: Not required for sure, but if we're allowing users to provide their own keys, manual entry really sucks on mobile. NFC could be a future option, making this unnecessary, but we should decide this explicitly. The cost to maintain/preserve is not dramatically high, but is of course more than zero.
- Is recovery after password reset a required v1 use-case? (Asa, Karen, mconnor)
- mconnor: Timeline/model for an escrow service is as yet undefined, adding substantial schedule risk. My recommendation is that this is a nice-to-have for v1 of the new service.
- We don't have any recovery system now, right? If that's the case, I think we could make recovery a high priority v2 feature. We should talk about this because I don't know what's involved. - A
- mconnor: Timeline/model for an escrow service is as yet undefined, adding substantial schedule risk. My recommendation is that this is a nice-to-have for v1 of the new service.
- What degree of durability is required for data stored on the service? (Asa, mconnor)
- mconnor: This is going to be a budget question. It needs a cost/benefit tradeoff from mmayo's team. From prior discussions, more than 99.9999999% will be much more expensive, but 1 in a billion feels pretty okay.
- Cost estimates and recommendations coming from Bob soonish.
- I don't know what industry standard is. Does anyone else? I also don't know how to think about durability because at a certain point the numbers get too small/big for my little brain to process intelligently. - A
- What is the user expectation for data availability, above and beyond "the bits in the cloud don't go away"? Durability would mean we don't lose your bookmarks if you do nothing, but beyond that users might want to get back their bookmarks after they accidentally deleted them all. To what extent should backup/versioning etc. feature in our roadmap?
- I hadn't considered versioning so this is just 'off the top of my head'. If we could do a "dated profile backup" every so often, plus before a Firefox upgrade, like a Windows Restore point, that would be pretty swell. - A
- Options discussed: local snapshot of profile directory (because Sync doesn't sync per-machine stuff); snapshots to DropBox; snapshots to a Mozilla service. These are nice because it reduces the cost to the synchronization service.
- Is there a per-user uptime requirement? (Asa, mconnor)
- mconnor: I would propose 99.9% for any given user's data access, at the high end. This is the high end of what is viable with a single datacenter, and multi-datacenter would be prohibitively expensive.
- How would you define uptime requirement? A see many options. At any time N% of users have Sync working for them. Sync is working for any user N% of the time. Sync is available to a particular user N% of the time they attempt to connect to it. etc.
- Can we separate out "uptime" from "times when the service needs to be up"? I mean, for example, if it's always up when I'm setting up a new device but it's somewhat less consistently up when I'm just making incremental updates? As we add "instant" items to this feature, like "send this tab to my phone now" we sure don't want to have a "sorry, couldn't connect, please wait for the service to return" message or anything like that. I'd also ask "what's industry standard" for things like this -- a high-profile consumer service. - A
- How should migration be messaged? Is it sufficient to have a note on the newly set-up device saying that your other devices need to be upgraded? A non-fatal notice on the old devices (requires work on Sync 1.1)? A fatal error on the old devices?
- That sounds pretty good. Could we somehow kick the updater in the other clients if we see that one client has moved forward a version, either triggering the update or prompting for a restart if the update's already staged? - A
- To what extent will we be pushing this feature? Privileged account + durable storage implies backup, and if half a billion users sign up, we need to reflect that in capacity planning! This is very relevant to mmayo's team, and affects the operational timeline.
- From a Product perspective, I want 100% of Firefox users using this service. I don't expect to reach that level of usage any time soon, but I'd say 10x what we currently have is the kind of boost I'm looking for in the short term. - A
- Do we want the PIdP to be featured as browser-wide UX, or only as part of Sync? (Asa, Karen)
- This requires thought for technical delivery on mobile, too.
- I'm not sure I understand this question. Tell me if this answer fits that question. We want users to create a Firefox account. If when they're creating that account, we see they're entering an existing Persona ID, we should prompt them to "upgrade" that ID (adding the Firefox Sync/Backup capability to that Persona ID) by re-typing their Persona password. Similarly, if at a later time the user encounters a site that utilizes Persona ID for logins, and the user starts typing in their Firefox ID, we can offer to "upgrade" their Firefox account to a Persona ID credential. On the backend they're the same thing just with one bit set for Firefox enabled and one bit set for Persona ID enabled. Thunder has this all sorted out -- assuming I'm answering the question you've asked. - A
- Discussion result: PIdP will be a top-level entity; essentially a standalone product/project. A Firefox Account will be surfaced within, say, the Firefox menu. Sync functionality is essentially a checkbox: "oh, now you have a Firefox Account, which browser data do you want to be synchronized?". Need to discuss this with Fx leads.
- This requires thought for technical delivery on mobile, too.
- Un-supporting old clients, migration, EOL of old clients: How does this work? (Asa)
- Open issue with UX.
Technical Questions
- Is the key storage (wrapped master key) service a part of the Preferred Idp API, or is it an Identity Attached Service? (Ben, mconnor)
- Part of FXAP
- What is the timeline for delivering key-wrapping as a capability? (Ben, bwarner)
- Work is a priority in Q4, prototyping first
- Are any further changes required to the 2.0 protocol? (gps, rnewman, rfkelly)
- None known at this time, development progress may shake out issues.
- Are there any further changes required to the v6 storage format? (gps)
- None known at this time, development progress may shake out issues.
- How does the account/PIdP login work on the client -- is this a general feature for the browser, or a Sync-specific feature?
- Answered: general feature.