668
edits
Changes
→Certifying Users
with <tt>gotPublicKey</tt> a function that accepts a JWK-string-formatted public-key.
The domain's JavaScript SHOULD then send this JWK string to the domain's backend server. The domain's backend server SHOULD certify this key along with the email address provided to its <tt>provisionEmailFunction</tt> function, and an expiration date at least 1 minutes in the future. The backend server SHOULD NOT issue a certificate valid longer than 24 hours. The domain's backend server SHOULD then deliver a JWCert-string-formatted certificate an Identity Certificate back to its JavaScript context. The domain's JavaScript MUST finally call:
navigator.id.registerCertificate(certificate);
with the JWCert Identity Certificate string.
== Assertion Verification ==
