RE: ACTION-94 | Add BrowserID use case to use cases document from Hutchinson Michael on 2013-07-08 (public-webcrypto@w3.org from July 2013)

From: Hutchinson Michael <Michael.Hutchinson@gemalto.com>
Date: Mon, 8 Jul 2013 21:10:11 +0200
To: Arun Ranganathan <arun@mozilla.com>
CC: "Web Cryptography Working Group (public-webcrypto@w3.org)" <public-webcrypto@w3.org>
Message-ID: <AA393B9CFBFD084C9700F56093098004017A84DFE4F7@CROEXCFWP03.gemalto.com>

Arun,

        Although there is an indication that the code is for illustrative purposes only. I would like to understand why/how the private key is extracted in 3 step 2


3. Persona.org then sends this over to script hosted by PSS using cross-origin messaging.

/**
   This code is for illustrative purposes only and runs on Persona.org.

   1. Assume a combined assertion and certificate structure in JWT format for use with postMessage()
      var assertionPlusCert is a JWT like above
   2. Extract karen@webcrypto.com private key for signing assertion


>Michael

> -----Original Message-----
> From: Arun Ranganathan [mailto:arun@mozilla.com]
> Sent: Monday, July 08, 2013 10:20 AM
> To: Web Cryptography Working Group (public-webcrypto@w3.org)
> Subject: ACTION-94 | Add BrowserID use case to use cases document
>
> I'd added the BrowserID use case, which is also a use case for cross-
> origin messaging.
>
> I'll close this action item.  The code used is pending review, and is a
> reduced and highly simplified subset of what's used in practice.
>
> -- A*

Received on Monday, 8 July 2013 19:10:41 UTC