[WG-UMA] Mozilla BrowserID

John Bradley ve7jtb at ve7jtb.com
Sat Jul 16 12:21:39 EDT 2011


They are having the IdP/CA issue a verified email certificate that is stored in their client.

They are hiding the signature checking by using a callback to browserid.org.

To do distributed verification the RP needs to validate the mail providers signature.  
That is a bit underspecified in the spec.

The problems this has are:
1: It is bad to use email addresses as your primary key/ canonical identifier as they are often reassigned.  
2: Pseudonymous identifiers would be a challenge to do this way.
3: Including other attributes will cause privacy issues. 
4: this assumes that the email domain and issuer are the same.

Think u-prove without the privacy.  

I don't think they are identity people, more browser people trying to make a better password manager.

It has some interesting ideas for the user agent that might work with openID Connect.

They are both using JWT.

We support a asymmetric signature mode for the id_token but haven't made that the default, due to crypto resistance.

John B.

On 2011-07-16, at 11:32 AM, Susan Morrow Avoco Secure wrote:

> Unless I'm mistaken, the mozillaid doesnt handle claims as such (other than email address). It looks like a very simplified openid. 
> 
> I guess it could be used in uma to authenticate the requester, but it seems to me that openid connect has a lot more scope for handling richer claim requests by the AM?
> 
> Susan
> 
> Sent from my iPad
> 
> On 16 Jul 2011, at 16:07, Eve Maler <eve at xmlgrrl.com> wrote:
> 
>> Cordny asks on Twitter if the new Mozilla proposal/service for "BrowserID" could be plugged into the UMA landscape:
>> 
>> https://browserid.org/
>> http://arstechnica.com/web/news/2011/07/mozillas-browserid-aims-to-simplify-authentication-on-the-web.ars
>> 
>> Anyone want to comment, especially given the Paul/Maciej discussion so far about the need for requesting parties to provide claims in real time and the implications for the AM and for agents?
>> 
>>   Eve
>> 
>> Eve Maler                                  http://www.xmlgrrl.com/blog
>> +1 425 345 6756                         http://www.twitter.com/xmlgrrl
>> 
>> _______________________________________________
>> WG-UMA mailing list
>> WG-UMA at kantarainitiative.org
>> http://kantarainitiative.org/mailman/listinfo/wg-uma
> _______________________________________________
> WG-UMA mailing list
> WG-UMA at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-uma



More information about the WG-UMA mailing list