Making Identity on the Web Rock

From WorkOutWiki2009

Contents 1 Proposer 2 Purpose 3 Abstract 4 Pre-requisites 4.1 Languages, tools to be known 4.2 Getting and compiling the code 4.3 Links to overall design/architecture 4.4 Tasks 4.5 Licensing agreement 4.6 Existing work 4.7 Getting in touch 5 Summary / Results 6 Participants

Proposer

Anant Narayanan is a student at the Vrije Universiteit, Amsterdam; but is also a hacker at Mozilla Labs.

Purpose

Identity on the web is broken and we're going to take a few steps towards fixing it.

Abstract

Your identity is too important to be owned by a single company. At Mozilla Labs, we're working towards making your browser an agent that you trust to broker with websites on your behalf. There are two primary components to this: a) auto sign-in and sign-out with a selected identity and b) auto-registration of user accounts. We can attack either (or both!) of these problems depending on how many people turn up at the workout and what their skillsets are.

Pre-requisites

Languages, tools to be known

Mid to high-level Javascript is an *absolute must*. If you don't know what a closure is you probably won't fit in. Knowledge of authentication protocols like OpenID and OAuth and general web technologies (HTTP, HTML Forms, etc.) and Mozilla/XPCOM development will greatly enhance your capability to contribute.

Please setup mercurial, a fresh Firefox profile and your favorite text editor in advance!

Getting and compiling the code

We're going to be using bitbucket as our repository host for the workout, please create an account there in advance! (you can use your OpenID to login as well).

There are two repositories, you'll be using one of these depending on the task you'll be working on. First is the identity extension:

hg clone http://bitbucket.org/kix/weave-id-fossin

And then we have the core Weave extension:

hg clone http://bitbucket.org/kix/weave-sync-fossin

Links to overall design/architecture

Read the previously linked blog posts to get an idea of the design goals. Also read https://wiki.mozilla.org/Labs/Weave/Identity/Account_Manager before participating!

Tasks

Here's a list of things to be done. We can figure who will work on what during our "scheduled" workout time (currently 16:00-17:00 on Dec 1) and actually do the hacking throughout the next 4 days :)

• Heuristics engine. This will make the account manager useful on real sites, rather than just on our demo sites. It should also include a plug-in mechanism so that heuristic support for new sites can be added (with jetpacks, perhaps?)
• Account viewer. This will show information a site has about you, allow the user to change and update personal data, or close the account. Implement as about:identity?
• Implement complete openid support on the server so we comply with the appropriate specs. Currently Weave OpenID only supports the "stateless" mechanism, we need to comply with the full OpenID 2.0 spec.

• Implement WEP 100 (auto-generation of passphrase from password)
• Implement WEP 109 (addon sync)

• Implement "login to your browser". You set up weave as usual. Once you setup your account, rename your profile to match your weave username, save the password in keychain and set the passphrase to be your master password. You also probably tell weave to enable the "login to the browser" mode. From then on, you log in to the browser with your weave user name and your passphrase. If the succeeds, we automatically also log you in to weave using the password stored in the keychain.

Licensing agreement

Before you are able to commit code to any of the Mozilla projects, you need to sign the committers agreement! We'll hopefully have a bunch of these forms lying around during the workout so you can hand them in to me. Also, please review our license policy, the gist of which is: any code you contribute should be tri-licensed under terms of the MPL 1.1, GPL 2.0 and LGPL 2.1.

Existing work

OpenID and saved passwords auto-login has been integrated to the Weave Identity extension.

Getting in touch

http://groups.google.com/group/mozilla-labs-weave-dev/

Feel free to get in touch with me in-person: anant [at] mozilla [dot] com.

Summary / Results

4 new features written in 4 days, will be reviewed by module owners soon. 2 patches already in! Huge thanks to all participants, and remember hacking doesn't end at FOSS.IN so we look forward to your participation in the future!

Participants

List of people who will be participating, what they plan to work on. Put your name here if you plan on participating:

• Anant Narayanan

Account Viewer

• Neel Desai
• Rakshith
• Anil Kumar
• Harish Raddi

WEP 100 (Auto-password Generation)

• Praveena Mallikarjuniah
• Shreyank Gupta

Importers for People Store

• Sashank Dara

Stateful OpenID Implementation

• Samay Bhavsar