Re: Browser ID

Hi folks,

We'll be posting more info on browserid in the next few days, keep an 
eye on http://identity.mozilla.com.

There are similarities to WebID for sure. There's one important 
difference: our identifiers are email addresses, and we're using 
JSON-based assertions and certs (JWS and JWT) to keep things very 
simple. (We don't actually want a hyper-generic certificate format, as 
that tends to introduce complexity and grow the attack surface.)

This is, at this point, very much an experiment, so we look forward to 
your feedback.

-Ben

On 7/14/11 3:29 PM, Henry Story wrote:
> I am CCing Ben Adida who posted some interesting information on Browser ID.
>
>    For a general view:
>
>     https://browserid.org/
>
>   For detailed technical overview
>
>     http://lloyd.io/how-browserid-works
>
>    It is pretty close to what WebID does I think, except that they omit the TLS part, though they re-invent it using javascript - a bit like what Manu Sporny was working on. It removes the need for TLS but requires a browser extension to work - I gather on first reading. Since Mozilla is putting it forward I suppose that could work -- though it will take time for browsers to ship with all of this.
>
>    If they could use the same keychain used by TLS and have both BrowserID use the same keys linked to the certificates WebID uses then the two could work nicely together perhaps. So if a Relying party could provide TLS - which I think more and more will with DNSsec and DANE rollout - then the certificate route could be used. For servers that did not have TLS, then this would be the better solution for a long time.
>
>    In any case the UI remarks I made at the end of the video on http://webid.info/ are still needed in both cases.
>
>
>
> Henry
>
>
> Social Web Architect
> http://bblfish.net/
>

Received on Friday, 15 July 2011 04:29:46 UTC