[hengli]

"Threat Model

The reason we're even presenting the user with a dialog is because we want to prevent badge spamming, whereby third-party issuers spam a user's backpack with badges that they don't want. Consequently, we need the backpack to ask for the user's consent. This will be accomplished via an iframe embedded in the issuer's page.

The only sensitive information that a user needs to enter in this flow is login credentials. Since authentication is done via BrowserID, which opens in a pop-up window, the consequences of spoof attacks are minimal–so long as the user knows to look at domain names in their address bar and BrowserID's UI."

I was really interested until I got to this part. Asking the user for permission each time I want to award a badge? Complete fail. Mozilla doesn't get UI.

[AndrewDucker]

Allowing providers to spam me with badges - complete fail.

I may well be interested in having you award me _a_ badge, but that doesn't mean I want you cluttering things up whenever you feel like it.

Mozilla's policy is that the user has control over their data, and I fully support that.

[hengli]

This is going to be more of a pain in the ass than Vista's Security popup or whatever it's called. It'll be the #1 way to make users hate using your application, I assure you.

Badges need to enhance the application not interrupt it. I have never seen a badge application pause the application to award you with the badge. The entire concept is pretty nuts. It's a good idea, such a shame about the implementation.

Mozilla can easily provide an interface to delete badges you don't want, or ban applications that spam you from the badge system. The whole threat model idea is just self-sabotage.