Closed Bug 754926 Opened 12 years ago Closed 11 years ago

BigTent tracking - ProxyIdP for Persona

Categories

(Cloud Services :: Server: Identity, defect)

Product:
Cloud Services
Component:
Server: Identity
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: ozten, Unassigned)

References

Details

(Whiteboard: [qa+]) 

This is the tracking bug for
https://wiki.mozilla.org/Identity/BrowserID/BigTent
Depends on: 742809
Whiteboard: [qa+]
The only feature the native ID implementation will need from BigTent is to be able to query for which domains are supported by the ProxyIDP. We need this to restrict navigation to just that domain in the login window (in the secondary case, navigation is tied to browserid.org/persona.org and anything else is disallowed).

If there is some reason not to expose the domain list, we could also simply keep two hardcoded lists in the client & server, but that's a bit more ugly.
Hi :anant, could you clarify exactly what information you need? In particular, I'm thinking that the email domain may not match the domain that gets loaded by BigTent. (Hotmail users, for instance, auth on a subdomain of live.com, not hotmail.com).

We also can't prevent proxied IdPs from arbitrarily redirecting users, and I'm not sure we can fully enumerate valid domains beyond the first redirect. (Windows Live, at the very least, sends the user through two subdomains of live.com, and I'd expect that to change with the retirement of the Windows Live brand.)

I imagine we could either provide a list of proxied email domains, or a list of valid initial redirect domains, but I'm not sure we can put together a comprehensive whitelist.
Depends on: 772686
Should this be closed as a dupe of Bug #757983 or vice versa? There are more bugs hanging off of 757983...
Bug#757983 is for Ops.

This bug is for the overall project.
Depends on: 757983
Depends on: 757985, 775712
Depends on: 773094
Just a status update:

The scope of the first release has been narrowed to Yahoo.com only.

Based on our research, this is the smallest of the 3 providers and will allow us to gain experience with this new architecture before enabling others.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.