Changes

A BrowserID support document MUST be a well-formed JSON document with at least these three fields: ''<tt>public-key''</tt>, ''<tt>authentication''</tt>, and ''<tt>provisioning''</tt>. The document MAY contain additional JSON fields.

The value of the ''<tt>public-key'' </tt> field MUST be a Public Key serialized as a JSON object, as defined above.

The value of the ''<tt>authentication'' </tt> field MUST be a relative reference to a URI, as defined by [https://tools.ietf.org/html/rfc3986 RFC3986].

The value of the ''<tt>provisioning'' </tt> field MUST also be a relative reference to a URI.

A BrowserID delegated-support document MUST be a well-formed JSON document with at least one field: ''<tt>authority''</tt>. This field MUST be a domain name.

The BrowserID support document (or delegated-support document) MUST be served with Content-Type ''<tt>application/json''</tt>.

A BrowserID-compliant domain MUST provide a user-authentication web flow starting at the URI referenced by the ''<tt>authentication'' </tt> field in the BrowserID support document. The specifics of the user-authentication flow are up to the domain. The flow MAY use redirects to other pages, even other domains, to complete the user authentication process. The flow SHOULD NOT use ''<tt>window.open()'' </tt> or other techniques that target new windows/tabs.