Mozilla Listens to IIW

From IIW

Session Topic: Mozilla Listens to IIW

Wednesday 3A

Convener: Sean Bohan & Brian Warner

Notes-taker(s): Sean Bohan

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Agenda: Mozilla has been to IIW before, but this is Sean and Brian’s first time. We want to engage the community and start discussions around what Mozilla is doing in Privacy/Identity and what the community needs. Brian had deck slides and they will be posted.


  • Mozilla is an Ecosystem of multiple platforms (desktop, android browser, $25 smartphone OS)
  • We are working on Persona, Accounts, Sync
  • Marketplace for apps and small-scale storage are also a part of that and critical needs
  • Mozilla is using symmetric encryption keys
  • Not an not an Identity Provider for 3rd party services, our work right now is aimed at mozilla services
  • We need to know browser has rights to modify or read and the auth mechanisms as well
  • sync/storage accept browser id insertions
  • Client creating data -using KeyB because server should not see it
  • Use case - Firefox marketplace to buy html applications
  • run from any desktop browser
  • receipts tied to Firefox account
  • greet you by name


  • Have we looked at UMA?
  • UMA on top of OAuth


  • We dont know much about UMA - and will look into it
  • User Managed Access - more for user controlling policies for access to the data
  • We are thinking of whitelisting specific apps and the marketplace can learn without asking
  • 3rd parties have to get permission


  • UMA for the person to control
  • good opportunity - who wouldn't want to use PDS for some requirement
  • wonderful opportunity
  • mechanisms like that - share specific data - separate keys
  • share keys with diff recipients

Adrian -

  • MIT has 2 camps looking at oAuth
  • one camp - pds users must use it as part of the big data thing
  • second camp -make sure the server, encrypt, so server can't be controlled and keys to the server are handed out specific to the query
  • service based system - payment serv or shipping serv
  • legal recourse if it's required


doing purpose built value add vert integrated verison of YAS?


  • Firefox accounts - our intention right now is to solve the needs that we have, to solve for issues we have - also to get to be a bigger player in this space by bringing more to the space
  • Right now the only rps supported would be mozilla services
  • The Profile stuff we are working on is new
  • User Personalization is related


  • Gen question - whole ecosystem, interop, doesn't it make sense for that what we are building be an interoperable personal cloud
  • These questions are the questions for all uses of personal clouds: encryption, how to encrypt? etc.
  • If best pract/interop are developed and Firefox is a user agent - then it seems we cross into new space


  • what features you want in the browser to support it?
  • things we thought of - before Accounts was "profile int he cloud" - should be retrievable from any device - interesting ways to combine 2 factor stuff, kiosks, flight, etc.
  • "pickle" - get browser profile to be cloud and not local drive
  • extend from that - other things kept in synch with other cloud services
  • bookmarks synch with other cloud services

bookmark synch - provide better framework - synch server one choice


  • Wants to see on the slide is a cert authotity –
  • agrees with asa and drummond - if moz would use it's leverage to put the 3 things together - demand issues desire to evolve consistent steppingstone and the splice point into the reality of pki with all of it's faults
  • wants mozilla to solve user experience prob for PKI


  • adoption of pclouds and user recogntion of clouds
  • mozilla listening - big deal


  • Uses chrome - because it has users he can switch from and testing
  • If Firefox were not conflating concepts of accounts and who I am that would be great
  • Better: there would be a hard and fast - this cand that can learn and see how behavior models diff personalities that would be grt
  • ideal - go to banking site and not worry cookies or connections would be needed
  • dont need a plugin or ridiculous chrome profiles


  • Big thing to fix and nail down the UI for that
  • Thinks we need to have aspects of Firefox Accounts that afect the behavior of the browser - ties to Sync
  • website signing into withother identities
  • remembers set of emails you have control over
  • remembers last email - defaults to that
  • set of addresses persona knows about
  • mapping rp to address
  • ID given to a given website - enables within that profile

Ping Identity person:

  • killer feature to be secure discovery service
  • introduce to the right services (federation or somethign else) pds - if we can be central place that stores pointers but gives usability and ability to plug things in
  • not just an ask for PDS integration - ask for this to be a theme and a system others can plug into
  • BETTER IF browser delivered privacy exp they want


  • Early features - ironic "what can browser do for me"
  • from his perspective - privacy prob
  • private browsing modes one aspect
  • new aspect control over info and releasing - lot picking up on it
  • html 5 meta referrer none

Brian thinks it's great

Sean says Mozilla is definitely coming back to IIW