[OpenID] Verisign Seatbelt HoK

John Bradley ve7jtb at ve7jtb.com
Thu Apr 28 20:58:28 UTC 2011 

Personal Information cards did not support holder of key.  They were signed bearer assertions.  Mostly because of problems getting access to the TLS layer of the browser.

You would only use holder oƒ key if the RP requested it.   The STORK project in the EU and others have been looking for a way to do tis for some time.

John B.
On 2011-04-28, at 4:41 PM, <Axel.Nennker at telekom.de> wrote:

> I think the browser side of HoK is not problematic compared to the RP side. How are we going to convince the RP to change their systems to accept the key?
> Well maybe the browser side isn't that simple. The current certificate related UIs are a pain. 
> Regarding your NASCAR comment: The openid input field does not have to be visible to be discoverable by the addon. This way the RP can have its layout and the addon will not interfere with it.
> This problem is that the RP site must work with our without the addon beeing there (at least for some time). Which was one of Information Cards problems. Self-Issued Information Cards without claims implement HoK but then the card metaphore is not the best one in this case.
>  
> 
> From: John Bradley [mailto:ve7jtb at ve7jtb.com] 
> Sent: Thursday, April 28, 2011 10:03 PM
> To: Nennker, Axel
> Cc: openid-general at lists.openid.net; thunder at mozilla.com; mhanson at mozilla.com
> Subject: Re: [OpenID] Verisign Seatbelt
> 
> There was a way for other openID providers to get added to Seatbealt.   On the other hand I don't know that it worked better than the FF extension you just did.    It also relied on RP tagging the input box as I recall.  With NASCAR type interfaces that is becoming less and less common.
> 
> From a security point of view I would like to be able to gat at a way to do holder of Key in the browser.  
> 
> John B.
> On 2011-04-28, at 3:30 PM, <Axel.Nennker at telekom.de> <Axel.Nennker at telekom.de> wrote:
> 
>> Hi,
>>  
>> I just stumbled over Verisign's Seatbelt browser extension again. Here is the HTML link to the config from the source code of https://pip.verisignlabs.com/.
>>   <link rel="seatbelt.config" type="application/xml" href="https://pip.verisignlabs.com/web/brand/default/seatbelt/seatbeltcfg.xml" />
>> 
>> 
>> 
>> I guess that Seatbelt is not very widely deployed today...
>> In the light of "Identity in the Browser": What would we do differently today?
>> http://www.w3.org/2011/identity-ws/
>>  
>> Seatbelt has similarities to Mozilla's AccountManager which is now dead (it seems).
>> Seatbelt favored Verisign's OpenID provider which I think was one reason others did not accept it.
>>  
>> Does it make sense to generalize Seatbelt and standardize it into browsers?
>>  
>> regards
>> Axel
>>  
>> <?xml version="1.0" encoding="utf-8"?>
>> <opConfig version="1.0" 
>> 	   serverIdentifier="pip.verisignlabs.com">
>>   <configRevision>1.1.02</configRevision>
>>   <title>Symantec Personal Identity Provider</title>
>>   <description>Manage your online identity without compromising your privacy.</description>
>>   <loginUrl>https://pip.verisignlabs.com/login.do</loginUrl>
>>   <welcomeUrl>https://pip.verisignlabs.com/home_page.do</welcomeUrl>
>>   <loginStateUrl>https://pip.verisignlabs.com/RPInterface</loginStateUrl>
>>   <opDomain>pip.verisignlabs.com</opDomain>
>>   <opCertSHA1Hash>99:FB:5C:4D:71:62:5F:1F:A8:D8:37:91:C2:AC:AE:53:86:DC:8B:12</opCertSHA1Hash>
>>   <opCertCommonName>pip.verisignlabs.com</opCertCommonName>
>>   <settingsIconUrl>https://pip.verisignlabs.com/web/brand/default/seatbelt/check30x30.png</settingsIconUrl>
>>   <toolbarGrayIconUrl>https://pip.verisignlabs.com/web/brand/default/seatbelt/pip_logo_gray_16x16.jpg</toolbarGrayIconUrl>
>>   <toolbarHighIconUrl>https://pip.verisignlabs.com/web/brand/default/seatbelt/pip_logo_16x16.jpg</toolbarHighIconUrl>
>>   <toolbarGrayBackground>#D6D6D6</toolbarGrayBackground>
>>   <toolbarHighBackground>#FECF71</toolbarHighBackground>
>>   <toolbarLoginBackground>#74D174</toolbarLoginBackground>
>>   <toolbarGrayBorder>#7C7C7C</toolbarGrayBorder>
>>   <toolbarHighBorder>#730027</toolbarHighBorder>
>>   <toolbarLoginBorder>#2B802B</toolbarLoginBorder>
>>   <toolbarGrayText>#666666</toolbarGrayText>
>>   <toolbarHighText>#730027</toolbarHighText>
>>   <toolbarLoginText>#FFFFFF</toolbarLoginText>
>> </opConfig>
>> _______________________________________________
>> general mailing list
>> general at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-general
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20110428/eaefc6a6/attachment.html>

More information about the general mailing list