348
edits
Labs/Identity/VerifiedEmailProtocol: Difference between revisions
Jump to navigation
Jump to search
Labs/Identity/VerifiedEmailProtocol (view source)
Revision as of 17:42, 25 March 2011
, 25 March 2011→Relying Parties
| Line 119: | Line 119: | ||
# Presents to the user a list of the addresses that have been previously stored in the browser (note that this is a good place for browser to enhance informed consent for personal data disclosure - see the User Experience section below). | # Presents to the user a list of the addresses that have been previously stored in the browser (note that this is a good place for browser to enhance informed consent for personal data disclosure - see the User Experience section below). | ||
# When the user selects one of these addresses, retrieves the private key associated with that address | # When the user selects one of these addresses, retrieves the private key associated with that address | ||
# If the key has expired, initiates key refresh (see | # If the key has expired, initiates key refresh - potentially a large topic, more needs to be written on that (see also Open Issues - perhaps the UA needs to check that the key is still valid here) | ||
# Once a key is found, the browser creates an assertion containing the email address, an audience, and a valid-until timestamp, and signs it with the private key. This is the identity assertion. | # Once a key is found, the browser creates an assertion containing the email address, an audience, and a valid-until timestamp, and signs it with the private key. This is the identity assertion. | ||
# The assertion is delivered to the onVerifiedEmail callback, which uploads it to the relying site. | # The assertion is delivered to the onVerifiedEmail callback, which uploads it to the relying site. | ||