== Identity Provisioning Flow ==
''This section Consider Alice, a user of <tt>EyeDee.me</tt>, with email address <tt>alice@eyedee.me</tt>. Alice wishes to user her <tt>alice@eyedee.me</tt> identity to log into web sites that support the BrowserID protocol: * Alice visits <tt>example.com</tt> and clicks "login."* In the BrowserID interface, Alice types her email address <tt>alice@eyedee.me</tt>.* The user-agent checks <tt>https://eyedee.me/.well-known/browserid</tt> and determines that <tt>eyedee.me</tt> supports BrowserID. From this configuration file it determines the provisioning and authentication URLs.* The user-agent loads, in an invisible IFRAME, the provisioning URL <tt>https://eyedee.me/browserid/provision.html</tt>, delivering to that URL any cookies that have previously been set.* The provisioning URL communicates with its server to determine if Alice is properly authenticated and, if so, triggers key generation within the user agent, obtains the public key, signs it, and registers the resulting certificate with the user agent.* If Alice is not properly authenticated, the user agent loads the authentication URL <tt>https://eyedee.me/browserid/authenticate.html</tt> in a dialog interface, where Alice can then proceed to log into <tt>EyeDee.me</tt> using whatever flow/method EyeDee.me wishes. Once this is successfully completed, the user-agent returns to the BrowserID user-interface, and attempts to load the provisioning URL as in the previous step.* Once a certificate for <tt>alice@eyedee.me</tt> is informativeinstalled, the user-agent completes the login to <tt>example.com</tt> by creating an assertion and delivering it to <tt>example.com</tt> as in the Main Protocol Flow above. By the end of this flow, Alice has obtained, within her user-agent, a certificate for her email address issued directly by her email address''s domain.
== User-Agent Compliance ==
