Labs/Identity/VerifiedEmailProtocol: Difference between revisions

Jump to navigation Jump to search

Labs/Identity/VerifiedEmailProtocol (view source)

Revision as of 17:43, 25 March 2011

6 bytes added ,  25 March 2011
m
→‎Relying Parties
Line 120: Line 120:
# When the user selects one of these addresses, retrieves the private key associated with that address
# When the user selects one of these addresses, retrieves the private key associated with that address
# If the key has expired, initiates key refresh - potentially a large topic, more needs to be written on that (see also Open Issues - perhaps the UA needs to check that the key is still valid here)
# If the key has expired, initiates key refresh - potentially a large topic, more needs to be written on that (see also Open Issues - perhaps the UA needs to check that the key is still valid here)
# Once a key is found, the browser creates an assertion containing the email address, an audience, and a valid-until timestamp, and signs it with the private key. This is the identity assertion.
# Once a key is found, the browser creates an assertion containing the email address, an audience, and a valid-until timestamp, and signs it with the private key. This is the '''identity assertion'''.
# The assertion is delivered to the onVerifiedEmail callback, which uploads it to the relying site.
# The assertion is delivered to the onVerifiedEmail callback, which uploads it to the relying site.


Mhanson
348

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/294008"

Navigation menu