[WG-UMA] Mozilla BrowserID
ve7jtb at ve7jtb.com
Sat Jul 16 12:21:39 EDT 2011
They are having the IdP/CA issue a verified email certificate that is stored in their client.
They are hiding the signature checking by using a callback to browserid.org.
To do distributed verification the RP needs to validate the mail providers signature.
That is a bit underspecified in the spec.
The problems this has are:
1: It is bad to use email addresses as your primary key/ canonical identifier as they are often reassigned.
2: Pseudonymous identifiers would be a challenge to do this way.
3: Including other attributes will cause privacy issues.
4: this assumes that the email domain and issuer are the same.
Think u-prove without the privacy.
I don't think they are identity people, more browser people trying to make a better password manager.
It has some interesting ideas for the user agent that might work with openID Connect.
They are both using JWT.
We support a asymmetric signature mode for the id_token but haven't made that the default, due to crypto resistance.
On 2011-07-16, at 11:32 AM, Susan Morrow Avoco Secure wrote:
> Unless I'm mistaken, the mozillaid doesnt handle claims as such (other than email address). It looks like a very simplified openid.
> I guess it could be used in uma to authenticate the requester, but it seems to me that openid connect has a lot more scope for handling richer claim requests by the AM?
> Sent from my iPad
> On 16 Jul 2011, at 16:07, Eve Maler <eve at xmlgrrl.com> wrote:
>> Cordny asks on Twitter if the new Mozilla proposal/service for "BrowserID" could be plugged into the UMA landscape:
>> Anyone want to comment, especially given the Paul/Maciej discussion so far about the need for requesting parties to provide claims in real time and the implications for the AM and for agents?
>> Eve Maler http://www.xmlgrrl.com/blog
>> +1 425 345 6756 http://www.twitter.com/xmlgrrl
>> WG-UMA mailing list
>> WG-UMA at kantarainitiative.org
> WG-UMA mailing list
> WG-UMA at kantarainitiative.org
More information about the WG-UMA