I just realized that I never sent this to the list: So the last few days I've been thinking about this issue (I'm a newbie here from Germany, by the way). Especially about the "what services can profit from mobile-based authentication" bit.
Well for starters we have the Marketplace, and I can only assume that it not only enables paid-apps, but at least also tracks what Apps a user used so she can install the same apps on other mobile devices she owns. In other words, per user settings. Also FindMyFox, which may even be easier on a mobile-based authenticated phone. It is obvious to me that on FirefoxOS, FxAccounts becomes mandatory once you want to do more than just browse the internet with the default installed apps (that's at least how Google does it). Everything beyond Firefox-related services (say some DropBox thing, Social Media, etc.) I am doubtful that Mozilla should worry about them, unless they want to host something like that themselves (like cloud-hosting and end up closing it later just like Canonical did recently). Let's think it this way, say Dropbox jumps on the mobile-only market, they will market it as something like mobile-to-mobile file-sharing, similar to the times when kids shared their midi-ringtones. What Dropbox would want would be a guarentee that the files being accessed belong to the owner of the phone and her only. Relying then on FxAccounts or even FirefoxOS would be very welcomed I guess. Let's go further and say that Persona gets rebooted as a FxAccounts-based service. If I'd want to log into a web-store, I could simply use FxAccounts/Persona. The shop immediately knows that I am a mobile only customer, so it sends its order-receipt by SMS or something (legal and practical rammifications of this musing put aside). Point being that whatever services will be mobile-focussed, those services would want to rely on the mobile device and its OS to handle the unspoofable identity of the user. This leads to the question of security. No one uses devices as long as e-mail-addresses. The phone itself is outdated, dead, broken and/or stolen in maybe 2 years on average. The SIM-card will be replaced when a better offer from a provider comes. And phone numbers get recycled. So we need something like pairing (account <-> device), which also means that a FxAccount is not identical to its device. Thus we need the ability to unpair an old device and pair a new device. That means three things: 1) How to pair? Well that should by easy. From what I understand not only the IMEI but also the IMSI should be readable by the OS. Drop in the phone number and we can create a signed key as a token, saved onto the device (heavily read/write protected). After all it IS the device that gets paired to the account. 2) What IS my account? From what I understand FxAccounts stores some unique identifier in the database. We cannot give that to the user to write down and remember: what if I cannot write? (which isn't condescending: recent elections in many countries have been made with pictograms and fingerprints) So we must take it from somewhere else. What would be my mental model of my phone? Well my phone-number is directly associated with my phone. Of course it is insecure, but what do I know? To me it is unique. So when I create an account, it seems obvious that my phone number is my unique identifier. (This is all biased. Mostly: what if the average mental model is that my device is my account and that my number could change? Only very good UX could make this clear!) 3) What if I lose my phone or get a new one? Since my phone is not my account, we need multi-factor authentication. IMEI + IMSI + phone number is one factor, information about myself would be another. Of course, a password would be nice, but thats dubious: too insecure, too hard to remember. Challenge questions (e.g. mother's maidens name) are crappy on so many levels. Real-world addresses could change too fast or are ambigous (think about farm workers, who live in shacks entertained by their employee: what would you write down? Your bed number?) and again: what if I can't write (such things)? So biometrical information. a) different devices handle these things differently and b) (of course) data privacy! What if I want to unpair my lost phone from an internet cafe? So what else is there? I think THIS is the big question here. Right now I can only think of secondary devices, say the number of a friend (what if he gets a new one and you don't change it?) or maybe you have other devices (which I think holds true for many users of the target markets). But then how do I update those phones in my account? If my device gets stolen and my adversary can simply update the secondary device to his own phone number, wouldn't that render everything moot? Well at least that's what I've been thinking about. best, alex. _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
