Changes

The Relying Party MAY call the navigator.id.get method when it wishes to request that the User Agent generate an identity assertion as soon as it can. When this happens, the User Agent SHOULD pursue the following actions: # Establish the origin of the requesting site (including scheme and non-standard port).# Check local BrowserID store for known identities that have been successfully used previously. The User Agent MAY suggest a preferred identity out of that list based on heuristics or other internal state, e.g. the email last used on that site.# If no associations are found, the User-Agent SHOULD immediately seek ask the user for what to do, by presenting a list of known email identities to choose from.# If no email identities are known, the User-Agent MAY assist the user in any way it sees fit. [xxx ?]# Verify the expiry date of the certificate associated with the identity of the previously-chosen association. If the certificate has expired, or would expire before the intended validity period of the assertion to generate be generated, the User-Agent MUST follow the steps in the CERTIFICATE REFRESH section of this specification.# Create an Identity Assertion object for the chosen identity, scoped to the full domain of the requesting site (including scheme and non-standard port), and complete sign it with appropriate certificates to form a Backed Identity Assertionthe private key associated with the chosen identity. This is likely to require prompting # Execute the user, navigator.id.onVerifiedEmail callback and provide the User Agent may do this in whatever way it deems appropriatenewly-created Identity Assertion as an argument.