On Aug 17, 2013, at 2:24 AM, Chris Karlof <[email protected]> wrote: > > On Aug 12, 2013, at 6:55 AM, Lloyd Hilaiel <[email protected]> wrote: > >> Now that some of the other challenging threads have died down, let's have >> another one. >> >> As I think deeply (at least as deeply as I am capable of) about how users >> will log into different firefox products, and how we can really achieve a >> high level of integration, I am reminded just how challenging this problem >> is. I'm at the point in my meditation where I have distilled things down to >> a single most important question. >> >> What are the cons of reducing the security of recoverable class A data such >> that it could be accessed with a persona assertion asserting ownership of >> the email address stored in your account? >> >> Note: >> I realize that we've taken some shortcuts in email verification, and that a >> verified email address in firefox accounts isn't as rigorously verified as >> one in persona. Ignore that for now. Think just about the security delta >> from competing products and our current design. >> >> /me braces self >> lloyd >> > > Why do you want to do this? Federated access to your FA? > > In our current plan, you need your FA password to access your class A data, > but anyone that can access your email can also access class A data via the > "forgot password" flow. Anyone that can access your email can also get a > BrowserId assertion for you. So allowing BrowserId assertions for primary > access to class A data is nearly equivalent to the current plan.
Got it. That was my belief. > We lose the ability to track failed login attempts, etc. > > What's the use case? Use case would an environment that uses persona having access to your firefox account data (class A data types and whatever meta-data stored there). Assuming we could solve authorization in a reasonable manner... All I wanted to understand here was how much flexibility we have in the future to reshape and refine authentication in different environments, running under the belief that as we start iterating forward, we're going to learn a lot from user testing and real users. The fact that from a security architecture point of view, authentication with persona assertion is equivalent to authentication with fxa password gives us an immense amount of flexibility, that I believe is going to really help us. Not proposing any change of direction, just trying to understand constraints and flexibility in our current path. Lloyd > -chris > _______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
