Mozilla Listens to IIW
Session Topic: Mozilla Listens to IIW
Wednesday 3A
Convener: Sean Bohan & Brian Warner
Notes-taker(s): Sean Bohan
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Agenda: Mozilla has been to IIW before, but this is Sean and Brian’s first time. We want to engage the community and start discussions around what Mozilla is doing in Privacy/Identity and what the community needs. Brian had deck slides and they will be posted.
Notes:
- Mozilla is an Ecosystem of multiple platforms (desktop, android browser, $25 smartphone OS)
- We are working on Persona, Accounts, Sync
- Marketplace for apps and small-scale storage are also a part of that and critical needs
- Mozilla is using symmetric encryption keys
- Not an not an Identity Provider for 3rd party services, our work right now is aimed at mozilla services
- We need to know browser has rights to modify or read and the auth mechanisms as well
- sync/storage accept browser id insertions
- Client creating data -using KeyB because server should not see it
- Use case - Firefox marketplace to buy html applications
- run from any desktop browser
- receipts tied to Firefox account
- greet you by name
Crowd:
- Have we looked at UMA?
- UMA on top of OAuth
Mozilla:
- We dont know much about UMA - and will look into it
- User Managed Access - more for user controlling policies for access to the data
- We are thinking of whitelisting specific apps and the marketplace can learn without asking
- 3rd parties have to get permission
Crowd:
- UMA for the person to control
- good opportunity - who wouldn't want to use PDS for some requirement
- wonderful opportunity
- mechanisms like that - share specific data - separate keys
- share keys with diff recipients
Adrian -
- MIT has 2 camps looking at oAuth
- one camp - pds users must use it as part of the big data thing
- second camp -make sure the server, encrypt, so server can't be controlled and keys to the server are handed out specific to the query
- service based system - payment serv or shipping serv
- legal recourse if it's required
Crowd:
doing purpose built value add vert integrated verison of YAS?
Mozilla:
- Firefox accounts - our intention right now is to solve the needs that we have, to solve for issues we have - also to get to be a bigger player in this space by bringing more to the space
- Right now the only rps supported would be mozilla services
- The Profile stuff we are working on is new
- User Personalization is related
Drummond:
- Gen question - whole ecosystem, interop, doesn't it make sense for that what we are building be an interoperable personal cloud
- These questions are the questions for all uses of personal clouds: encryption, how to encrypt? etc.
- If best pract/interop are developed and Firefox is a user agent - then it seems we cross into new space
Brian:
- what features you want in the browser to support it?
- things we thought of - before Accounts was "profile int he cloud" - should be retrievable from any device - interesting ways to combine 2 factor stuff, kiosks, flight, etc.
- "pickle" - get browser profile to be cloud and not local drive
- extend from that - other things kept in synch with other cloud services
- bookmarks synch with other cloud services
bookmark synch - provide better framework - synch server one choice
adrian:
- Wants to see on the slide is a cert authotity –
- agrees with asa and drummond - if moz would use it's leverage to put the 3 things together - demand issues desire to evolve consistent steppingstone and the splice point into the reality of pki with all of it's faults
- wants mozilla to solve user experience prob for PKI
Drummond:
- adoption of pclouds and user recogntion of clouds
- mozilla listening - big deal
Asa:
- Uses chrome - because it has users he can switch from and testing
- If Firefox were not conflating concepts of accounts and who I am that would be great
- Better: there would be a hard and fast - this cand that can learn and see how behavior models diff personalities that would be grt
- ideal - go to banking site and not worry cookies or connections would be needed
- dont need a plugin or ridiculous chrome profiles
Brian:
- Big thing to fix and nail down the UI for that
- Thinks we need to have aspects of Firefox Accounts that afect the behavior of the browser - ties to Sync
- website signing into withother identities
- remembers set of emails you have control over
- remembers last email - defaults to that
- set of addresses persona knows about
- mapping rp to address
- ID given to a given website - enables within that profile
Ping Identity person:
- killer feature to be secure discovery service
- introduce to the right services (federation or somethign else) pds - if we can be central place that stores pointers but gives usability and ability to plug things in
- not just an ask for PDS integration - ask for this to be a theme and a system others can plug into
- BETTER IF browser delivered privacy exp they want
Drummond:
- Early features - ironic "what can browser do for me"
- from his perspective - privacy prob
- private browsing modes one aspect
- new aspect control over info and releasing - lot picking up on it
- html 5 meta referrer none
Brian thinks it's great
Sean says Mozilla is definitely coming back to IIW