668
edits
Identity/BrowserID: Difference between revisions
→Primary Authority Compliance
| Line 243: | Line 243: | ||
''This section is normative.'' | ''This section is normative.'' | ||
=== Declaring Support for BrowserID === | A primary authority MUST: | ||
* declare support and parameters for BrowserID | |||
* provide a user-authentication web flow | |||
* provide a user-certification web flow | |||
=== BrowserID Support Document === | |||
A BrowserID support document MUST be a well-formed JSON document with at least these three fields: ''public-key'', ''authentication'', and ''provisioning''. The document MAY contain additional JSON fields. | |||
The value of the ''public-key'' field MUST be a Public Key serialized as a JSON object, as defined above. | |||
The value of the ''authentication'' field MUST be a relative reference to a URI, as defined by [https://tools.ietf.org/html/rfc3986 RFC3986]. | |||
The value of the ''provisioning'' field MUST also be a relative reference to a URI. | |||
==== BrowserID Delegated Support Document ==== | |||
A BrowserID delegated-support document MUST be a well-formed JSON document with at least one field: ''authority''. This field MUST be a domain name. | |||
=== Declaring Support and Parameters for BrowserID === | |||
To declare support for BrowserID, a domain MUST publish either a BrowserID support document OR a BrowserID delegated-support document at a specific URI relative to the domain's SSL URI. The relative reference URI for this document is <tt>/.well-known/browserid</tt>, as per <a href="https://tools.ietf.org/html/rfc5785">RFC5785</a>. The domain MAY choose to reference this BrowserID support document from a host-meta file (as per RFC5785). | |||
The BrowserID support document (or delegated-support document) MUST be served with Content-Type ''application/json''. | |||
The BrowserID support document (or delegated-support document) MAY be served with cache headers to indicate longevity of the BrowserID support parameters. | |||
=== Authenticating Users === | |||
=== Certifying Users === | === Certifying Users === | ||