668
edits
Changes
→Issuing Assertions
The User Agent MUST offer the following API call:
<tt>navigator.id.getrequest(object options);</tt>
The Relying Party MAY call the navigator.id.get method when it wishes to request that the User Agent generate an identity assertion as soon as it can. When this happens, the User Agent SHOULD pursue the following actions:
## generate an Identity Assertion using the requesting site's origin as audience and the current time. Bundle with the associated certificate to create a Backed Identity Assertion, and fire a <tt>login</tt> event on the <tt>navigator.id</tt> object with a serialization of the Backed Identity Assertion in the <tt>assertion</tt> field of the event, then terminate the login workflow.
# If no Identities are known, or if the user wishes to use a new Identity, the User Agent should prompt the user for this new identity and use it to initiate a Provisioning workflow (see below). Once provisioning has completed, the User Agent SHOULD present the updated list of identities to the user.
# If, at any point, the user cancels the login process, fire a <tt>loginCancelledlogincanceled</tt> event on the <tt>navigator.id</tt> object and terminate the login workflow.
By the end of the process, the User Agent MUST fire one of two events on the <tt>navigator.id</tt> object:
