Mozilla BrowserID

John Kemp john at jkemp.net
Wed Jul 20 16:24:26 UTC 2011


On Jul 20, 2011, at 12:10 PM, Dick Hardt wrote:

>>>>> BrowserID is user-centric in that the RP can verify the signature of whichever email provider the user chooses. It doesn't rely on a prior agreements between the RP and IdP.
>>>> 
>>>> I agree with your specific statement - so I won't quibble over whether this is necessarily "user-centric" or not ;)
>>> 
>>> I think that is one of the key aspects of user-centricity. The user is making choices on which attributes to share. The user is determining "who" she wants to be in a given RP context.
>> 
>> Yes, I understand what you mean. I'm just personally not sure that BrowserID is really so much more "user-centric" in the way you mean than OpenID (Connect).
> 
> The flow is moving from my agent (the browser) to the RP rather than from the IdP to the RP.

Isn't this *exactly* the same as using a browser plugin or an OS-level component invoked by the browser with OpenID performed "behind the scenes" with the RP? These solutions all assert the attributes directly from the user-agent, and the attributes are potentially signed by an IdP and stored as an assertion on the client. 

- John







More information about the specs mailing list