[Members] signin-to-browser initial architecture proposal

Winfried Tilanus winfried at tilanus.com
Sat May 5 09:10:17 UTC 2012

On 05/04/2012 05:30 PM, Waqas Hussain wrote:


> This is exactly what the XSF should be
> doing.

A push forwards (and outwards) like this, is always risky. But the
presentation on this at Fosdem and the discussion at the summit,
convinced me of its potential big gain. So I think it is worth taking
the risk.

I believe that the proof of concept and the prototyping in cooperation
with Mozilla is a good way to get started. But lets not just blindly
jump into this, but first think a little about how we can maximize the
gain and minimize the risks. Probably I will forgot 95% of the important
stuff here, but I want to give some thoughts on the risks and gains of
this project:

As far as I can see: the big(est) goal of this project is getting XMPP
integrated in browsers in a sensible, enabling, way. With signing in as
a first sub-goal and integrated real time content a later sub-goal.

The Security model:
As far as I can see, the idea behind the security model has no
fundamental flaws. But that is not enough: it still has to be flawless
when it is worked out and the model needs to be accepted. The lessons we
have learned with e2e encryption might come in handy here: reinventing
the wheel or bleeding edge solutions might stand in the way of
acceptance. But also something seemingly trivial as the readability of
the documents might be important here.

Here I see the least problems and there is already a proof of concept.
It is in my opinion mostly a question of resources: can we involve
enough of the right developers to get it flying?

The first code base of such projects is often reused many times before
other code bases emerge. Acceptance becomes easier if the license allows
that code base to be reused. So I think something like BSD should be the
way to go here.

I believe this is the biggest issue. A prototype with Mozilla is a great
start, but to make the project successful, we have to look beyond that
and think on what should come after. What about other browsers? What
about acceptance by web-developers?
Partly this is a networking issue: the chance of acceptance is increased
hugely if the technical work is supported by promotion of the idea. So
who are key players and how can we gain their support? How to create
publicity later on, so the web-developers know this is the train to jump on?
But also on the technical side a lot of things can increase the
acceptance: people should be able to easily understand what it is about
and what is possible with it, be able to easily try it out, and be able
to easily adopt it to their own needs.

This risk can hurt the XSF the most. Pushing signin-to-browser can take
a lot of the finances and the manpower available at the XSF. Doing this
means not doing other things. I still believe it is worth it, but we
have to be clear about what the XSF won't do because of this. Also if we
overstretch our resources, we might end empty handed in every way. So we
need to have a reasonable prospect of being able to pull this of.
About the available funds: This project looks like an ideal target for a
fund of the NLnet foundation. Their support will also give access to
quite a network and they might help generating publicity. So I think
that would be worth investigating. Note: the deadline for the next
application is before june the 1st. So if we move fast, we might have
some additional funds soon (and otherwise the next chance is in the autumn).

And finally what I can contribute: unfortunately my resources are too
limited to contribute to the development work. But I can help with
promoting it in the Dutch (web)world.


More information about the Members mailing list