668
edits
Identity/BrowserID: Difference between revisions
Jump to navigation
Jump to search
→Certifying Users
| Line 340: | Line 340: | ||
=== Certifying Users === | === Certifying Users === | ||
A BrowserID-compliant domain MUST provider user-key-certification at the URI referenced by the <tt>provisioning</tt> field in its published BrowserID support document | A BrowserID-compliant domain MUST provider user-key-certification at the URI referenced by the <tt>provisioning</tt> field in its published BrowserID support document. | ||
The domain SHOULD deliver HTML and JavaScript at that URI, which it can expect to be evaluated in a standard user-agent IFRAME. | |||
The domain SHOULD determine, without any user-facing content, the user's state of authentication with the domain. The domain MAY use cookies or localStorage to make this determination. | |||
The domain SHOULD call, in JavaScript: | |||
navigator.id.beginProvisioning(provisionEmailFunction); | navigator.id.beginProvisioning(provisionEmailFunction); | ||
with <tt>provisionEmailFunction</tt> a function that accepts an email address as parameter. | |||
Once the email address determined, the domain SHOULD check that the user is properly authenticated to use this email address. If she isn't, the domain SHOULD call <tt>navigator.id.raiseProvisioningFailure(explanation)</tt> with <tt>explanation</tt> a string explaining the failure. | |||
If the user is properly authenticated, the domain SHOULD call: | |||
navigator.id.genKeyPair(gotPublicKey); | |||
with <tt>gotPublicKey</tt> a function that accepts a JWK-formatted public key. | |||
== Assertion Verification == | == Assertion Verification == | ||