Mozilla BrowserID
SitG Admin
sysadmin at shadowsinthegarden.com
Wed Jul 20 14:45:49 UTC 2011
>John: A user-centric architecture has the user's agent in the middle
>of identity transactions.
If transactions are encrypted, the user playing MITM has no
verifiable idea of which attributes are being transferred through
them. It's like being a blind tunnel.
My understanding of user-centric architecture had been more that the
user's agent was an *endpoint*: we don't have that yet, attributes
and Identity (as whatever core identifier) are still transferred
between third parties that primarily hold them, and allegedly require
a user's key for authorization of release.
-Shade
More information about the specs
mailing list