On 16/10/2013 8:25 PM, Lloyd Hilaiel wrote: > Jedp and I are spending time together in Bulgaria, and the topic is how > do we implement Firefox Accounts in FirefoxOS. > We wanted to figure out enough of an architectural direction to unleash > folks in madrid.
To add my own +1 here: super excited to see this coming together, go team! > Initial concrete target: logging into 123done.org <http://123done.org> > on device should use firefox accounts. Can you run through what this would mean in concrete terms, from a user-experience point of view and in terms of information flow? I *think* I can intuit it from the details in the high-level "fxa-on-fxos" etherpad, but having it spelled out explicitly would be useful. My concern here: in the past we've made a distinction between signin-to-web and signin-to-device, with persona providing the former and fxaccounts providing the latter. But 123done.org is a website :-) So what does it mean for a login here to "use firefox accounts"? My guess is: * User authenticates to FxA on FTU, gets a persistent session as "[email protected]". * User goes to 123done.org, clicks signin button. * Device sees that it's authenticated to FxA, offers to signin with "[email protected]" identity. * User clicks "yes" * Device generates an assertion for "[email protected]", backed by a certificate from FxA, and delivers it to 123done.org. * 123done.org accepts the assertion because it has opted-in to trusting FxA as a secondary authority. Does that match up with your current thinking? Cheers, Ryan _______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
