668
edits
Identity/BrowserID: Difference between revisions
Jump to navigation
Jump to search
→Primary Authority Compliance
| Line 250: | Line 250: | ||
=== BrowserID Support Document === | === BrowserID Support Document === | ||
A BrowserID support document MUST be a well-formed JSON document with at least these three fields: | A BrowserID support document MUST be a well-formed JSON document with at least these three fields: <tt>public-key</tt>, <tt>authentication</tt>, and <tt>provisioning</tt>. The document MAY contain additional JSON fields. | ||
The value of the | The value of the <tt>public-key</tt> field MUST be a Public Key serialized as a JSON object, as defined above. | ||
The value of the | The value of the <tt>authentication</tt> field MUST be a relative reference to a URI, as defined by [https://tools.ietf.org/html/rfc3986 RFC3986]. | ||
The value of the | The value of the <tt>provisioning</tt> field MUST also be a relative reference to a URI. | ||
==== BrowserID Delegated Support Document ==== | ==== BrowserID Delegated Support Document ==== | ||
A BrowserID delegated-support document MUST be a well-formed JSON document with at least one field: | A BrowserID delegated-support document MUST be a well-formed JSON document with at least one field: <tt>authority</tt>. This field MUST be a domain name. | ||
=== Declaring Support and Parameters for BrowserID === | === Declaring Support and Parameters for BrowserID === | ||
| Line 266: | Line 266: | ||
To declare support for BrowserID, a domain MUST publish either a BrowserID support document OR a BrowserID delegated-support document at a specific URI relative to the domain's SSL URI. The relative reference URI for this document is <tt>/.well-known/browserid</tt>, as per [https://tools.ietf.org/html/rfc5785 RFC5785]. The domain MAY choose to reference this BrowserID support document from a host-meta file (as per RFC5785). | To declare support for BrowserID, a domain MUST publish either a BrowserID support document OR a BrowserID delegated-support document at a specific URI relative to the domain's SSL URI. The relative reference URI for this document is <tt>/.well-known/browserid</tt>, as per [https://tools.ietf.org/html/rfc5785 RFC5785]. The domain MAY choose to reference this BrowserID support document from a host-meta file (as per RFC5785). | ||
The BrowserID support document (or delegated-support document) MUST be served with Content-Type | The BrowserID support document (or delegated-support document) MUST be served with Content-Type <tt>application/json</tt>. | ||
The BrowserID support document (or delegated-support document) MAY be served with cache headers to indicate longevity of the BrowserID support parameters. | The BrowserID support document (or delegated-support document) MAY be served with cache headers to indicate longevity of the BrowserID support parameters. | ||
| Line 272: | Line 272: | ||
=== Authenticating Users === | === Authenticating Users === | ||
A BrowserID-compliant domain MUST provide a user-authentication web flow starting at the URI referenced by the | A BrowserID-compliant domain MUST provide a user-authentication web flow starting at the URI referenced by the <tt>authentication</tt> field in the BrowserID support document. The specifics of the user-authentication flow are up to the domain. The flow MAY use redirects to other pages, even other domains, to complete the user authentication process. The flow SHOULD NOT use <tt>window.open()</tt> or other techniques that target new windows/tabs. | ||
=== Certifying Users === | === Certifying Users === | ||