<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Personal Information cards did not support holder of key. They were signed bearer assertions. Mostly because of problems getting access to the TLS layer of the browser.<div><br></div><div>You would only use holder oƒ key if the RP requested it. The STORK project in the EU and others have been looking for a way to do tis for some time.</div><div><br></div><div>John B.<br><div><div>On 2011-04-28, at 4:41 PM, <<a href="mailto:Axel.Nennker@telekom.de">Axel.Nennker@telekom.de</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">
<div style="WORD-WRAP: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space">
<div><span class="475302720-28042011"></span><font face="Arial"><font color="#0000ff"><font size="2">I think the browser side of HoK is not problematic<span class="475302720-28042011"> compared to the RP side</span>.<span class="475302720-28042011"> How are we going to convince the RP to change
their systems to accept the key?</span></font></font></font></div>
<div><span class="475302720-28042011"></span><font face="Arial"><font color="#0000ff"><font size="2"><span class="475302720-28042011">Well maybe the browser
side isn't that simple. The current certificate related UIs are a
pain.</span> <span class="475302720-28042011"></span></font></font></font><br></div>
<div><span class="475302720-28042011"><font color="#0000ff" size="2" face="Arial">Regarding your NASCAR comment: The openid input field does not have
to be visible to be discoverable by the addon. This way the RP can have its
layout and the addon will not interfere with it.</font></span></div>
<div><span class="475302720-28042011"><font color="#0000ff" size="2" face="Arial">This
problem is that the RP site must work with our without the addon beeing there
(at least for some time). Which was one of Information Cards problems.
Self-Issued Information Cards without claims implement HoK but then the
card metaphore is not the best one in this case.</font></span></div>
<div><span class="475302720-28042011"><font color="#0000ff" size="2" face="Arial"></font></span> </div><br>
<blockquote style="BORDER-LEFT: #0000ff 2px solid; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px" dir="ltr">
<div dir="ltr" lang="de" class="OutlookMessageHeader" align="left">
<hr tabindex="-1">
<font size="2" face="Tahoma"><b>From:</b> John Bradley [mailto:ve7jtb@ve7jtb.com]
<br><b>Sent:</b> Thursday, April 28, 2011 10:03 PM<br><b>To:</b> Nennker,
Axel<br><b>Cc:</b> <a href="mailto:openid-general@lists.openid.net">openid-general@lists.openid.net</a>; <a href="mailto:thunder@mozilla.com">thunder@mozilla.com</a>;
<a href="mailto:mhanson@mozilla.com">mhanson@mozilla.com</a><br><b>Subject:</b> Re: [OpenID] Verisign
Seatbelt<br></font><br></div>
<div></div>There was a way for other openID providers to get added to
Seatbealt. On the other hand I don't know that it worked better than
the FF extension you just did. It also relied on RP tagging the
input box as I recall. With NASCAR type interfaces that is becoming less
and less common.
<div><br></div>
<div>From a security point of view I would like to be able to gat at a way to
do holder of Key in the browser. </div>
<div><br></div>
<div>John B.<br>
<div>
<div>On 2011-04-28, at 3:30 PM, <<a href="mailto:Axel.Nennker@telekom.de">Axel.Nennker@telekom.de</a>> <<a href="mailto:Axel.Nennker@telekom.de">Axel.Nennker@telekom.de</a>>
wrote:</div><br class="Apple-interchange-newline">
<blockquote type="cite"><span style="WIDOWS: 2; TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: medium Helvetica; WHITE-SPACE: normal; ORPHANS: 2; LETTER-SPACING: normal; WORD-SPACING: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px" class="Apple-style-span">
<div lang="EN-US" vlink="purple" link="blue">
<div><span class="721441919-28042011"><font size="2" face="Arial">Hi,</font></span></div>
<div><span class="721441919-28042011"><font size="2" face="Arial"></font></span> </div>
<div><span class="721441919-28042011"><font size="2" face="Arial">I just stumbled
over Verisign's Seatbelt browser extension again. Here is the HTML link to
the config from the source code of<span class="Apple-converted-space"> </span><a style="COLOR: blue; TEXT-DECORATION: underline" href="https://pip.verisignlabs.com/">https://pip.verisignlabs.com/</a>.</font></span></div>
<div><span class="721441919-28042011"><font size="2" face="Arial"></font><pre id="line17"><font size="2" face="Arial"> <<span class="start-tag">link</span><span class="attribute-name"> rel</span>=<span class="attribute-value">"seatbelt.config" </span><span class="attribute-name">type</span>=<span class="attribute-value">"application/xml" </span><span class="attribute-name">href</span><span>="</span><a style="COLOR: blue; TEXT-DECORATION: underline" href="view-source:https://pip.verisignlabs.com/web/brand/default/seatbelt/seatbeltcfg.xml">https://pip.verisignlabs.com/web/brand/default/seatbelt/seatbeltcfg.xml</a><span>" </span><span class="error"><span class="attribute-name">/</span></span>><br>
</font><span class="721441919-28042011"><font size="2" face="Arial"><br><br>I guess that Seatbelt is not very widely deployed today...</font></span></pre></span></div>
<div><span class="721441919-28042011"><font size="2" face="Arial">In the light of
"Identity in the Browser": What would we do differently
today?</font></span></div>
<div><span class="721441919-28042011"><font color="#0000ff" size="2" face="Arial"><a style="COLOR: blue; TEXT-DECORATION: underline" href="http://www.w3.org/2011/identity-ws/">http://www.w3.org/2011/identity-ws/</a></font></span></div>
<div><span class="721441919-28042011"><font color="#0000ff" size="2" face="Arial"></font></span> </div>
<div><span class="721441919-28042011"><font size="2" face="Arial">Seatbelt has
similarities to Mozilla's AccountManager which is now dead (it
seems).</font></span></div>
<div><span class="721441919-28042011"><font size="2" face="Arial">Seatbelt favored
Verisign's OpenID provider which I think was one reason others did not
accept it.</font></span></div>
<div><span class="721441919-28042011"><font size="2" face="Arial"></font></span> </div>
<div><span class="721441919-28042011"><font size="2" face="Arial">Does it make
sense to generalize Seatbelt and standardize it into
browsers?</font></span></div>
<div><span class="721441919-28042011"><font size="2" face="Arial"></font></span> </div>
<div><span class="721441919-28042011"><font size="2" face="Arial">regards</font></span></div>
<div><span class="721441919-28042011"><font size="2" face="Arial">Axel</font></span></div>
<div><span class="721441919-28042011"><font size="2" face="Arial"></font></span> </div>
<div><span class="721441919-28042011"><pre id="line1"><span class="pi"><?xml version="1.0" encoding="utf-8"?></span>
<<span class="start-tag">opConfig</span><span class="attribute-name"> version</span>=<span class="attribute-value">"1.0"
</span><span class="attribute-name">serverIdentifier</span>=<span class="attribute-value">"<a style="COLOR: blue; TEXT-DECORATION: underline" href="http://pip.verisignlabs.com/">pip.verisignlabs.com</a>"</span>>
<<span class="start-tag">configRevision</span>>1.1.02</<span class="end-tag">configRevision</span>>
<<span class="start-tag">title</span>>Symantec Personal Identity Provider</<span class="end-tag">title</span>>
<<span class="start-tag">description</span>>Manage your online identity without compromising your privacy.</<span class="end-tag">description</span>>
<<span class="start-tag">loginUrl</span>>https://pip.verisignlabs.com/login.do</<span class="end-tag">loginUrl</span>>
<<span class="start-tag">welcomeUrl</span>>https://pip.verisignlabs.com/home_page.do</<span class="end-tag">welcomeUrl</span>>
</pre><pre id="line9"> <<span class="start-tag">loginStateUrl</span>>https://pip.verisignlabs.com/RPInterface</<span class="end-tag">loginStateUrl</span>>
<<span class="start-tag">opDomain</span>>pip.verisignlabs.com</<span class="end-tag">opDomain</span>>
<<span class="start-tag">opCertSHA1Hash</span>>99:FB:5C:4D:71:62:5F:1F:A8:D8:37:91:C2:AC:AE:53:86:DC:8B:12</<span class="end-tag">opCertSHA1Hash</span>>
<<span class="start-tag">opCertCommonName</span>>pip.verisignlabs.com</<span class="end-tag">opCertCommonName</span>>
<<span class="start-tag">settingsIconUrl</span>>https://pip.verisignlabs.com/web/brand/default/seatbelt/check30x30.png</<span class="end-tag">settingsIconUrl</span>>
<<span class="start-tag">toolbarGrayIconUrl</span>>https://pip.verisignlabs.com/web/brand/default/seatbelt/pip_logo_gray_16x16.jpg</<span class="end-tag">toolbarGrayIconUrl</span>>
</pre><pre id="line15"> <<span class="start-tag">toolbarHighIconUrl</span>>https://pip.verisignlabs.com/web/brand/default/seatbelt/pip_logo_16x16.jpg</<span class="end-tag">toolbarHighIconUrl</span>>
<<span class="start-tag">toolbarGrayBackground</span>>#D6D6D6</<span class="end-tag">toolbarGrayBackground</span>>
<<span class="start-tag">toolbarHighBackground</span>>#FECF71</<span class="end-tag">toolbarHighBackground</span>>
<<span class="start-tag">toolbarLoginBackground</span>>#74D174</<span class="end-tag">toolbarLoginBackground</span>>
<<span class="start-tag">toolbarGrayBorder</span>>#7C7C7C</<span class="end-tag">toolbarGrayBorder</span>>
<<span class="start-tag">toolbarHighBorder</span>>#730027</<span class="end-tag">toolbarHighBorder</span>>
</pre><pre id="line21"> <<span class="start-tag">toolbarLoginBorder</span>>#2B802B</<span class="end-tag">toolbarLoginBorder</span>>
<<span class="start-tag">toolbarGrayText</span>>#666666</<span class="end-tag">toolbarGrayText</span>>
<<span class="start-tag">toolbarHighText</span>>#730027</<span class="end-tag">toolbarHighText</span>>
<<span class="start-tag">toolbarLoginText</span>>#FFFFFF</<span class="end-tag">toolbarLoginText</span>>
</<span class="end-tag">opConfig</span>>
</pre></span></div>_______________________________________________<br>general
mailing list<br><a style="COLOR: blue; TEXT-DECORATION: underline" href="mailto:general@lists.openid.net">general@lists.openid.net</a><br><a style="COLOR: blue; TEXT-DECORATION: underline" href="http://lists.openid.net/mailman/listinfo/openid-general">http://lists.openid.net/mailman/listinfo/openid-general</a><br></div></span></blockquote></div><br></div></blockquote></div>
</blockquote></div><br></div></body></html>