Identity/Verified Email Protocol/Latest

From MozillaWiki
Jump to navigation Jump to search

WikiMedia editor tip: If you aren't seeing numbered section headings in the body of this document, you can force them to appear by logging in and clicking the "My preferences" link, at left, and select "Auto-number headings"

Verified Email Protocol Specification

DRAFT

Terms

Identity
An email address which the user has control over.
Identity Assertion
A cryptographically-signed document which asserts to a particular audience that the current browser session is associated with an identity.
Identity Certificate
A cryptographically signed document which has a private key counterpart. The user agent may use the certificate and the private key to create identity assertions which are verifiably traceable to the signer of the certificate.
Primary Identity Authority
The email provider with whom the user has an email account. The primary authority may create identity assertions about any identity in their domain.
Secondary Identity Authority
A network service which is operated by neither the user nor the email provider, which is trusted by relying parties to issue identity assertions.
Audience/Relying Party
A relying party is a Web site to whom an identity assertion is issued. The relying party then makes a validity determination on the assertion.

Shared Objects

Identity Assertion

An Identity Assertion is a JWT object with the following claims:

  • exp
  • aud
  • moz-vep-nonce
  • moz-vep-certificate

Identity Certificate

An Identity Certificate is a JWT object with the following claims:

  • exp
  • iss
  • moz-vep-id
  • moz-vep-purpose
  • moz-vep-publicKey

Browser-Level API

navigator.id.getVerifiedEmail(object callback);

The Relying Party MAY call the navigator.id.getVerifiedEmail method when it wishes to request that the User Agent generate an identity assertion as soon as it can. The User Agent SHOULD immediately seek to generate an Identity Assertion, prompting the user if needed, and call the provided callback with an identity assertion or null in case of failure.

navigator.id.registerVerifiedEmail(string email, object callback);

An Identity Authority MAY call the navigator.id.registerVerifiedEmail method to request that the User Agent generate a new keypair for the specified email, and return the public half of the keypair as an argument to the provided callback.

navigator.id.registerVerifiedEmailCertificate(string certificate, string updateURL, string errorURL);

An Identity Authority MUST call the navigator.id.registerVerifiedEmailCertificate method to complete registration of a verified identity with the User Agent. The certificate argument is a string formatted as per the JSON Signature specification [JWT], signed by the Identity Authority, and whose Claims Section is the IdentityCertificateBody object defined in this specification. The updateURL argument is a URL to be used by the User Agent to obtain a new certificate that corresponds to the same public key, as per the CERTIFICATE REFRESH section of this document.

WebIDL: 

module navigator {
    module id {
        attribute object onVerifiedEmail;
        void getVerifiedEmail();
        void registerVerifiedEmail(string email, object callback);
        void registerVerifiedEmailCertificate(string certificate, string updateURL);
    }
};

Identity Registration

To process a request for identity registration from a web page, a User-Agent MUST:

  1. Create, if it has not already done so, a local data store that will persist beyond the current page view, keyed on email identity.
  2. Check the local data store for whether a certificate for the email address already exists and is valid. If so, the User-Agent SHOULD NOT proceed with key generation, and instead immediately call the provided callback to registerVerifiedEmail with a null argument.
  3. If no certificate already exists, the User-Agent MAY notify the user that a new email identity is being registered with the User-Agent. If the email identity has a domain that is different from the Identity Authority, the User-Agent SHOULD notify the user and seek confirmation.
  4. Produce an asymmetric keypair compatible with the JSON Web Key specification [JWK] and store it in the local data store.
  5. Return the public key to the JavaScript runtime of the web page through the provided callback.
  6. At a future point, when the registerVerifiedEmailCertificate function is called by a web page, the User Agent MUST verify that the public key in the Identity Certificate matches the already-stored keypair for the email identity in question. If it does not match, the User-Agent SHOULD reject the certificate and (do what?).
  7. Save the new certificate, as well as the refreshURL and errorURL arguments of the registerVerifiedEmailCertificate function.

Identity Assertion Generation

To process a request for a verified email, a User-Agent MUST:

  1. Reliably establish the full domain of the requesting site (including scheme and non-standard port).
  2. Check a local data store for previously established identity associations for the requesting site. If one or more associations are found, the User-Agent MAY ask the user for which identity to use, or automatically choose one based on some criteria (e.g., last-used).
  3. If no associations are found, the User-Agent SHOULD ask the user for what to do, by presenting a list of known email identities to choose from.
  4. If no email identities are known, the User-Agent MAY assist the user in any way it sees fit. [xxx ?]
  5. Verify the expiry date of the certificate associated with the identity of the previously-chosen association. If the certificate has expired, or would expire before the intended validity period of the assertion to be generated, the User-Agent MUST follow the steps in the CERTIFICATE REFRESH section of this specification.
  6. Create an Identity Assertion object for the chosen identity, scoped to the full domain of the requesting site (including scheme and non-standard port), and sign it with the private key associated with the chosen identity.
  7. Execute the navigator.id.onVerifiedEmail callback and provide the newly-created Identity Assertion as an argument.

Certificate Refresh

  1. To refresh a certificate, the User-Agent MUST fetch the resource located at the refresh URL provided by the Identity Authority in the registerVerifiedEmailCertificate for the certificate to be refreshed. The User-Agent SHOULD NOT display this resource to the user.
  2. If the server returns with an error status when loaded (in the 4xx or 5xx range), certificate refresh has failed. The User-Agent SHOULD notify the user and load the error URL associated with the certificate at registration time. This resource SHOULD be visible to the user, who is expected to interact with the Identity Authority to resolve the problem.
  3. If the server returns with 2xx status, the loaded resource is expected to follow the steps under section 1.4 (Identity Registration) to sign new keys for the user.
  4. The User Agent MUST maintain the resource loaded and operational for at least 30 seconds since last activity (network or JavaScript) to allow the Identity Authority to register multiple certificates if it wishes.

Assertion Verification

Identity Assertions MUST NOT be verified in the client, in JavaScript or otherwise, since client runtimes may be altered to circumvent such verification. Instead, Identity Assertions SHOULD be sent to a trusted server for verification.

To verify an Identity Assertion, a Relying Party MUST perform the following checks:

  1. If the valid-until date of the assertion is earlier than the current time, the assertion has expired and must be rejected.
  2. If the nonce in the assertion has previously been received by the relying party, the assertion has been used and must be rejected.
  3. If the audience field of the assertion does not match the full domain (including scheme and optional non-standard port) of the page that requested the Identity Assertion, the assertion must be rejected. Note that implementations MUST include the scheme and non-standard port, if any, in the match check. A domain that includes the standard port, of 80 for HTTP and 443 for HTTPS, MUST be treated as equivalent to a domain that matches the protocol but does not include the port. (Can we find an RFC that defines this equality test?)
  4. The signature over the assertion must be verified with the public key contained in the certificate.
  5. The certificate must be verified using the issuer's public key. If the certificate contains an Issuer element, the certificate is secondary; in this case, the Relying Party must further decide whether the issuer is one that it trusts.

Note that a relying party may, at its discretion, use a verification service that performs these steps and returns a summary of results. In that case, the verification service is acting as a relying party, and MUST perform all the checks described here. In order to perform audience checking, the verification service must be told what audience to expect by the relying party.

Identity Authority Public Keys

To verify the identity certificate, Relying Parties must have the issuer's public key. This key can be distributed prior to usage, or can be discovered dynamically at runtime.

Recommended public key discovery mechanisms

Well-Known/host-meta LINK

Security Considerations

things to write about:

  • certificate validity period
  • UAs reusing a key to get a new certificate
  • timing attacks
  • javascript implementations, good RNGs

References

Retrieved from "https://wiki.mozilla.org/index.php?title=Identity/Verified_Email_Protocol/Latest&oldid=320070"