348
edits
Labs/Identity/VerifiedEmailProtocol: Difference between revisions
Jump to navigation
Jump to search
m
Labs/Identity/VerifiedEmailProtocol (view source)
Revision as of 17:05, 25 March 2011
, 25 March 2011→Verification Services: fix heading
m (→Verification Services: fix heading) |
|||
| Line 166: | Line 166: | ||
The verification step would be quite straightforward: the relying party would simply POST an assertion to a verifier over SSL along with their expected audience string, the verifier would verify the assertion as in 4.2, and return a result code. The audience test is necessary, as it prevents replay attacks using assertions captured at other sites. | The verification step would be quite straightforward: the relying party would simply POST an assertion to a verifier over SSL along with their expected audience string, the verifier would verify the assertion as in 4.2, and return a result code. The audience test is necessary, as it prevents replay attacks using assertions captured at other sites. | ||
== Certification == | |||
The flows described above all included a step, during the verification process, where the relying party contacted the holder of the public key directly to retrieve the user's public key(s). This simplifies the flow for the relying party - they have only one assertion to verify, and because they are retrieving the public key over SSL, they can take advantage of the site-identification-and-integrity guarantees built into the SSL protocol. | The flows described above all included a step, during the verification process, where the relying party contacted the holder of the public key directly to retrieve the user's public key(s). This simplifies the flow for the relying party - they have only one assertion to verify, and because they are retrieving the public key over SSL, they can take advantage of the site-identification-and-integrity guarantees built into the SSL protocol. | ||