BrowserID: mailing address as user ID
Mozilla has completed the development of BrowserID , a single decentralized authentication system that uses HTML5, public key cryptography and digital signatures. It is based on a simplified interpretation of Verified Email Protocol .
Even now, at the first stage of implementation, the system is quite simple for the user: he needs to confirm the email once, after which he is able to securely authorize on any site with two mouse clicks, without entering a password. In the future, authorization will be even easier when BrowserID support is implemented into browsers, and email providers become first-level identification centers.
This is how the system will work if Gmail supports BrowserID. In this case, there is no need to confirm your email on Browserid.org, which is currently the only first-level identification center.
')
In addition to the lack of passwords, the key advantage of BrowserID is privacy protection - unlike OpenID and all such systems, the identity provider in BrowserID does not receive data on which site the user logged on to.
To support BrowserID, it is enough to include the include.js library by adding the following line to the page header:
Instead of the custom button, you can put one of the standard ones that are offered for BrowserID.
By pressing the button, the email address verification function is called.
After successfully verifying the email address, the API returns a signed
At the second stage, you need to verify the
The
BrowserID demo (from the Mozilla All Hands conference in September 2011)
Even now, at the first stage of implementation, the system is quite simple for the user: he needs to confirm the email once, after which he is able to securely authorize on any site with two mouse clicks, without entering a password. In the future, authorization will be even easier when BrowserID support is implemented into browsers, and email providers become first-level identification centers.
This is how the system will work if Gmail supports BrowserID. In this case, there is no need to confirm your email on Browserid.org, which is currently the only first-level identification center.
')
In addition to the lack of passwords, the key advantage of BrowserID is privacy protection - unlike OpenID and all such systems, the identity provider in BrowserID does not receive data on which site the user logged on to.
To support BrowserID, it is enough to include the include.js library by adding the following line to the page header:
<script src="https://browserid.org/include.js" type="text/javascript"></script> Instead of the custom button, you can put one of the standard ones that are offered for BrowserID.
By pressing the button, the email address verification function is called.
navigator.id.getVerifiedEmail(function(assertion) { if (assertion) { // This code will be invoked once the user has successfully // selected an email address they control to sign in with. } else { // something went wrong! the user isn't logged in. } }); After successfully verifying the email address, the API returns a signed
assertion string that confirms the user's email.At the second stage, you need to verify the
assertion and get the user's email. This is done by a request to https://browserid.org/verify with two POST parameters ( assertion and audience ) - the request is already signed by your signature. The verifier checks the validity of assertion . $ curl -d "assertion=<ASSERTION>&audience=https://mysite.com" "https://browserid.org/verify" { "status": "okay", "email": "lloyd@example.com", "audience": "https://mysite.com", "expires": 1308859352261, "issuer": "browserid.org" } The
assertion can also be assertion on its own server, see the specifications and sources of the verifier . In this case, absolute information protection is provided - identity provider does not receive data on which site the user logged in to.BrowserID demo (from the Mozilla All Hands conference in September 2011)
Source: https://habr.com/ru/post/134762/
All Articles