668
edits
Changes
→User-Agent Compliance
''This section is normative.''
The User-Agent is critical for plays an important role in BrowserID support. Here, we define, normatively, the API that user agents MUST implement, including specific behaviors in response to these API calls. Relying Parties and Identity Providers can safely skip this section.
=== API ===
<tt>navigator.id.beginProvisioning(object callback)</tt>
The callback function User Agent SHOULD expect the callback function to accept parameters <tt>email</tt> and <tt>cert_duration_s</tt>.
In response to this call, the User Agent should invoke the callback with parameters based on the provisioning context. The <tt>email</tt> parameter MUST be the email address which the user -agent is attempting to provision. The <tt>cert_duration_s</tt> parameter should invoke be the requested validity duration for the certificate, which the User Agent SHOULD determine based on the security level of the callbacksession. For example, public computers should have very short certificate validity.
<tt>navigator.id.genKeyPair(object callback);</tt>
The User Agent SHOULD expect the callback function SHOULD to accept parameter <tt>pubkey</tt>, a serialized public-key string as per the above public-key spec. In response to this call, the User Agent MUST generate a fresh keypair associated with the email address for this provisioning context. The secret key should be stored internally, and the <tt>callback</tt> should be invoked with the serialized public-key as sole argument.
<tt>navigator.id.registerCertificate(certificate);</tt>
The User Agent SHOULD expect the certificate parameter MUST to be a valid serialized certificate, as per the above spec. The User Agent SHOULD expect the trust root for this certificate SHOULD to comply with the characteristics described in the "Acceptable Trust Paths" section below. The User Agent MUST associate this certificate with the email address for this provisioning context and store this association internally for later issuance of Backed Identity Assertions.
<tt>navigator.id.raiseProvisioningFailure(string reason);</tt>
The reason parameter User Agent MUST be interrupt this provisioning workflow and return with a string that can be reported to the user regarding failure for the given <tt>reason why a certificate failed to be provisioned</tt>.
WebIDL:
