In recent sprint review posts, you might have come across the term
Low Integrity Authentication, a new capability of Mozilla IAM.
Identity on the Web
Identity theft on the Web is today’s reality. Building an access management system for Mozilla’s communication, collaboration and contribution systems, we aim to make it:
As a consequence, we rely on two-factor authentication (2FA) to secure identities for our sites and applications.
Large Audience Sites Don’t Rely On Your Identity
There are Large Audience (Contribution) Sites such as SUMO, MDN web docs, L10N, and Common Voice. These sites do not rely on a contributor’s identity. Instead there are programmatic contribution validation measures in place.
Programmatic Contribution Validation
The image below shows some examples of programmatic contribution validation measures. These include, but are not limited to, crowdsourcing, trusted reviewers, hierarchies of trust.
Allow for Friction-less Contribution Experience
Today, none of the Large Audience Sites sites is using Mozilla IAM, mainly because two-factor authentication would negatively impact their contribution funnel.
Moving forward, we enable the adoption of Mozilla IAM by allowing people to authenticate with identity providers that are not necessarily their most secure. For example, you might want to use passwordless email instead of your 2FA’d Firefox Account to login to a contribution site.
So we came up with a decision flow which relies on 2FA by default (orange), while allowing for one-factor authentication (1FA) in specific cases (green). We call this 1FA route Low Integrity Authentication.
Pilot on Common Voice
This concept is going to be piloted with Common Voice . It has recently landed on our staging systems where we are currently validating experience and functionality.
We are happy to hear you thoughts. Is this post helpful? How can we better explain this concept? Does it look promising? Any other comments?