767276 - UX for Signin-to-Website on Fennec

Status: RESOLVED WONTFIX

(Core Graveyard :: Identity, defect)

Comment 1

[Matthew N. [:MattN]]

Morphing this to SITW since SITB on Fennec is already bug 767276 and has more dependencies.

Comment 2

[Matthew N. [:MattN]]

I meant bug 749072

Comment 3

[Richard Newman [:rnewman]]

I *think* this'll have some overlap with the system-wide Persona account we've started building for AITC and Sync (as well as third-party Persona-using apps) on Android. (See Bug 768549 for that work.)

I don't know if it would appear schizophrenic, or actually makes sense for user activities, to have two sets of Persona accounts on the phone -- one inside Fennec for signing into websites, and one in Android-land to control AITC, browser Sync, third-party apps, and notifications.

zfang/madhava, any thoughts on that?

MattN, do you have a mobile-specific doc for this feature? It'd be great to get a better understanding of what the experience is supposed to be like.

Comment 4

[Matthew N. [:MattN]]

Yes, it would overlap.  My understanding is that if you are logged into your device and/or browser (bug 749072), then the list of identities used for signing into a website is synced between devices.  The email address used to sign-in to the device/browser would also appear in the list.

UX Mockup from Zhenshuo: http://people.mozilla.com/~zfang/SignInMobile/Mobile.html 

This feature page covers multiple platforms: https://wiki.mozilla.org/Identity/Features/Sign_into_the_browser

Comment 5

[Richard Newman [:rnewman]]

(In reply to Matthew N. [:MattN] from comment #4)
> Yes, it would overlap.  My understanding is that if you are logged into your
> device and/or browser (bug 749072), then the list of identities used for
> signing into a website is synced between devices.  The email address used to
> sign-in to the device/browser would also appear in the list.

I actually meant the other way around.

(If syncing Persona identities within Firefox between browsers is desired, and it's not implemented through a username/password/hostname/etc. entry in Password Manager, then please set up some time to chat with me and gps so we can discuss requirements!)

Some back story:

We're going to ship an Android account authenticator for Persona, just as we do now for Sync; underneath "Google" and "Facebook" in Settings > Accounts & sync, you'll see "Mozilla Persona" (instead of "Firefox Sync", which is what's there right now).

This mechanism is how Android allows apps to do background syncing activities, as well as managing authentication relationships between applications.

This account object will be the key location for managing your Persona account and its features: syncing the various profiles and browsers you have installed on your phone, enabling or disabling notifications, turning on app sync. You can do all this -- both interacting with the account and having it sync and provide background services -- without the browser running.

My question is how this integrates with SITW in Fennec. (And it's fine if the answer is "I don't know yet"!)

You just installed Fennec and set up browser sync, which required you to log in with a Persona account. And you've got third-party apps asking if they can use your Persona account for authentication, just as Android apps do today with your Google credentials. So what happens during your browsing experience when you're given the option to sign in to a website inside Fennec? Do we want to offer the system-wide Persona accounts (that you just set up for all of Mozilla's Persona-driven Android services)? Is it a separate list, because we anticipate users having lots of Persona accounts? Some combination of both?

Whatever we decide to do, I'd like it to be deliberate, rather than accidentally shipping two completely separate ways of managing your Persona accounts on the device!

The one choice that's *not* on the table, for technical reasons, is to completely delegate handling of Persona accounts to Firefox (by which I mean "inside the browser"). They have to be first-class Android accounts so that we can sync.

Thoughts?

Comment 6

[Matthew N. [:MattN]]

(In reply to Richard Newman [:rnewman] from comment #5) 
> (If syncing Persona identities within Firefox between browsers is desired,
> and it's not implemented through a username/password/hostname/etc. entry in
> Password Manager, then please set up some time to chat with me and gps so we
> can discuss requirements!)

My dated understanding is that this would be a functionality of the BCP/IDP++ and not sync itself.  See https://wiki.mozilla.org/Identity/Architecture/SignIntoBrowser#Use_Case for those details (related to bug 763992).  It's possible this is no longer the plan and Ben would the right person to talk to about that.
 
> My question is how this integrates with SITW in Fennec. (And it's fine if
> the answer is "I don't know yet"!)

It sounds like this authenticator would have to be the BCP/IDP++ connector.

> So what happens during your browsing
> experience when you're given the option to sign in to a website inside
> Fennec? Do we want to offer the system-wide Persona accounts (that you just
> set up for all of Mozilla's Persona-driven Android services)? Is it a
> separate list, because we anticipate users having lots of Persona accounts?
> Some combination of both?

My understanding is a user would usually have one primary persona account that is used with the BCP/IDP++ and therefore their ID-attached services (ie. bookmarks, apps, etc.).  They may many more identities (email addresses) that they want to login to websites/apps with.  These would be stored on the BCP/IDP++ server so they are shared everywhere the user is logged-in to the browser/device with their primary persona account.  Does this align with the Android model?

I think there should be one list of identities for a user on all devices for apps and websites for the best experience IMO.

Note that desktop may initially ship SITW without SITB and SITW should be usable on all platforms even if Sync is not setup.  Therefore this discussion is a bit tangential to this bug as it's just about the UX to sign into a website.  Populating the list of identities could be done in bug 749072 or a dependency of it which would likely get that list from the Android account authenticator for Persona which you are working on.

All this BCP/IDP++ stuff could have changed since the architecture page was written and so it seems like a discussion with Ben Adida, Dan Mills and/or mozilla.dev.identity would be good.

Comment 7

[Matthew N. [:MattN]]

I've updated https://wiki.mozilla.org/Identity/Features/NativeSignInToWebsite#9._Implementation with details on the observer notifications that will be used to implement this feature.  You can also see the WIP patch for desktop in bug 764213.

Comment 8

[Richard Newman [:rnewman]]

(In reply to Matthew N. [:MattN] from comment #6)

> My dated understanding…

I'll take what I can get! :D

> is that this would be a functionality of the
> BCP/IDP++ and not sync itself.  See
> https://wiki.mozilla.org/Identity/Architecture/SignIntoBrowser#Use_Case for
> those details (related to bug 763992).  It's possible this is no longer the
> plan and Ben would the right person to talk to about that.

That looks like a longer-term vision, rather than enabling/enhancing SITW. (True?)

Taking the short-term view, in a world with Firefox Sync (authenticated with Persona or not), do you expect these Persona identities to propagate between devices?

> My understanding is a user would usually have one primary persona account
> that is used with the BCP/IDP++ and therefore their ID-attached services
> (ie. bookmarks, apps, etc.). They may many more identities (email
> addresses) that they want to login to websites/apps with.  These would be
> stored on the BCP/IDP++ server so they are shared everywhere the user is
> logged-in to the browser/device with their primary persona account.  Does
> this align with the Android model?

(As I understand it, BCP is a draft, and might not ever exist, so I'm speculating!)

It sounds like you're aiming for having two tiers of Persona account: your main account, and a whole bunch of facades that you only use for logging into sites.

That suggests three possibilities:

• An Android system account that corresponds to each Persona you care about, with the others just being implementation details that Fennec cares about, but doesn't export to Android.

• The above, but with some way to select one of these secondary Personas when a third-party app requests authentication from a primary account.

• An Android account object for each Persona account, perhaps with two different account types.

There are tradeoffs for each of these: I don't know if users will have a mental model that matches up to these two tiers ("why can't I sign in to Android Twitternator with my throwaway Persona?!"), but we probably don't want to scatter throwaway accounts around the system.

> I think there should be one list of identities for a user on all devices for
> apps and websites for the best experience IMO.
> 
> Note that desktop may initially ship SITW without SITB and SITW should be
> usable on all platforms even if Sync is not setup.  Therefore this
> discussion is a bit tangential to this bug as it's just about the UX to sign
> into a website.  Populating the list of identities could be done in bug
> 749072 or a dependency of it which would likely get that list from the
> Android account authenticator for Persona which you are working on.

My personal feeling: I think it's really unlikely that SITB will arrive before we've had to deliver AITC on Android (and perhaps even Sync 2.0). I might be wrong, but it looks like a lot of work, so I wouldn't want to count on it!

The goal of my commentary in this bug is to make sure that when Fennec 18 (for the sake of example) ships with an Android Persona account -- but no SITB, and no BCP -- that the SITW UX makes sense. That might mean including the system accounts in the identity list, pushing the identity list into the set of accounts, and/or adding some roadmap items for Sync to provide the same list of identities on all devices without having to build a brand new high-availability high-durability browser content provider service.

At the very least, UX should think about what it means for the current Sync account to morph into something called "Mozilla Persona", and how that will affect the UX for this feature, which also involves handling Persona accounts. The flow you linked is very similar to how the system Persona account will be created, only appearing to be embedded in Fennec.

(There won't be a way to fetch BCP identities from the Persona authenticator unless that feature somehow surfaces as a requirement for us to address, and perhaps not even then -- there are permissions and capabilities that we have to finish hammering out, and of course there's no upstream data source for us to expose. If there are features like that that you need from a system account, I'd love to see them sketched out somewhere!)

> All this BCP/IDP++ stuff could have changed since the architecture page was
> written and so it seems like a discussion with Ben Adida, Dan Mills and/or
> mozilla.dev.identity would be good.

Yeah, I've got a chat with Ben in the pipeline. Still wrapping my head around what other people are thinking about!

Comment 9

[Ryan Kelly [:rfkelly]]

This seems highly specific to Persona; I'm WONTFIXing persona-related bugs now that we've committed to decommissioning in the persona.or service.