Closed Bug 941079 Opened 11 years ago Closed 10 years ago

Security Review: [Program] FxA on FxOS (v1.4)

Categories

(mozilla.org Graveyard :: Security Assurance: FxOS Review, task)

Product:
mozilla.org Graveyard
Component:
Security Assurance: FxOS Review
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: toxborrow, Assigned: cr)

References

(
URL
)

Details

(Whiteboard: u= c= p=5 s=ready) 

Initial Questions:

Project/Feature Name: [Program] FxA on FxOS (v1.4)
Tracking  ID:
Description:
The goal of this release is that on the device by signing into WheresMyFox or Marketplace, you're signed into both. This is really SSO on the device. 
Additional Information:
FxA Wiki: https://wiki.mozilla.org/Identity/FirefoxAccounts
FxA Roadmap: https://wiki.mozilla.org/Identity/Roadmap
Key Initiative: Firefox OS
Release Date: 2014-03-03
Project Status: development
Mozilla Data: Yes
Mozilla Related: FxA on FxOS, Where's My Fox, Marketplace
Separate Party: No

Security Review Questions:

Affects Products: 
Review Due Date: 2014-01-31
Review Invitees: Jed Parsons, Chris Karlof, Tauni Oxborrow
Extra Information:
Whiteboard: [triage needed]
Assignee: nobody → ptheriault
Whiteboard: [triage needed] → u= c= p=5 s=ready
Assignee: ptheriault → stephouillon
Does the security review of FxA for FxOS need to be marked as confidential ? (I though this project was public, at least most information is already on https://wiki.mozilla.org/Identity/FirefoxAccounts). Or is this just confidential by default (Imnot familiar with the project kick-off process).
Flags: needinfo?(toxborrow)
Flags: needinfo?(curtisk)
all bugs from kick off are MoCo flag by default, we should remove the flag if it's not needed
Flags: needinfo?(curtisk)
since there was a mail to everyone@moz I will assume this is public
Group: mozilla-corporation-confidential
Flags: needinfo?(toxborrow)
Blocks: 941723
Assignee: stephouillon → fbraun
Assignee: fbraun → cr
Component: Security Assurance: Review Request → Security Assurance: FxOS Review
Flags: sec-review?(ptheriault)
Hey there Paul - 
When you have a moment, is the sec review for FxA on FxOS scheduled?
Am I assuming this sec review covers FxA on Marketplace and in payments as well?

Caitlin
Flags: needinfo?(ptheriault)
This review was FxA in 2.0. I don't believe cr looked at FxA in marketplace or payments so we should have a seperate review for that. The documentation is here: 

https://wiki.mozilla.org/Security/Reviews/B2G/FirefoxAccounts

I'll create a separate bug for FxA on Marketplace and in payments.
URL: https://wiki.mozilla.org/Security/Rev...
Status: NEW → RESOLVED
Closed: 10 years ago
Flags: needinfo?(ptheriault)
Resolution: --- → FIXED
Flags: sec-review?(ptheriault)
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.