Now that some of the other challenging threads have died down, let's have another one.
As I think deeply (at least as deeply as I am capable of) about how users will log into different firefox products, and how we can really achieve a high level of integration, I am reminded just how challenging this problem is. I'm at the point in my meditation where I have distilled things down to a single most important question. What are the cons of reducing the security of recoverable class A data such that it could be accessed with a persona assertion asserting ownership of the email address stored in your account? Note: I realize that we've taken some shortcuts in email verification, and that a verified email address in firefox accounts isn't as rigorously verified as one in persona. Ignore that for now. Think just about the security delta from competing products and our current design. /me braces self lloyd _______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
