Mozilla BrowserID
Manger, James H
James.H.Manger at team.telstra.com
Wed Jul 20 04:05:23 UTC 2011
>> As for one of the major advantages of BrowserID: it is a user-centric architecture unlike OpenID Connect.
> Can you explain what you mean by "user-centric" in this context?
With OAuth2 (and hence OpenID Connect, I assume) the RP needs to be registered with the IdP. It is not user-centric because the user cannot arbitrarily choose an IdP -- they can only choose an IdP with whom the RP is registered, which may well mean only one of a handful of major IdPs.
BrowserID is user-centric in that the RP can verify the signature of whichever email provider the user chooses. It doesn't rely on a prior agreements between the RP and IdP.
--
James Manger
More information about the specs
mailing list