Mozilla BrowserID
John Kemp
john at jkemp.net
Wed Jul 20 16:24:26 UTC 2011
On Jul 20, 2011, at 12:10 PM, Dick Hardt wrote:
>>>>> BrowserID is user-centric in that the RP can verify the signature of whichever email provider the user chooses. It doesn't rely on a prior agreements between the RP and IdP.
>>>>
>>>> I agree with your specific statement - so I won't quibble over whether this is necessarily "user-centric" or not ;)
>>>
>>> I think that is one of the key aspects of user-centricity. The user is making choices on which attributes to share. The user is determining "who" she wants to be in a given RP context.
>>
>> Yes, I understand what you mean. I'm just personally not sure that BrowserID is really so much more "user-centric" in the way you mean than OpenID (Connect).
>
> The flow is moving from my agent (the browser) to the RP rather than from the IdP to the RP.
Isn't this *exactly* the same as using a browser plugin or an OS-level component invoked by the browser with OpenID performed "behind the scenes" with the RP? These solutions all assert the attributes directly from the user-agent, and the attributes are potentially signed by an IdP and stored as an assertion on the client.
- John
More information about the specs
mailing list