On Jul 20, 2011, at 12:10 PM, Dick Hardt wrote: >>>>> BrowserID is user-centric in that the RP can verify the signature of >>>>> whichever email provider the user chooses. It doesn't rely on a prior >>>>> agreements between the RP and IdP. >>>> >>>> I agree with your specific statement - so I won't quibble over whether >>>> this is necessarily "user-centric" or not ;) >>> >>> I think that is one of the key aspects of user-centricity. The user is >>> making choices on which attributes to share. The user is determining "who" >>> she wants to be in a given RP context. >> >> Yes, I understand what you mean. I'm just personally not sure that BrowserID >> is really so much more "user-centric" in the way you mean than OpenID >> (Connect). > > The flow is moving from my agent (the browser) to the RP rather than from the > IdP to the RP.
Isn't this *exactly* the same as using a browser plugin or an OS-level component invoked by the browser with OpenID performed "behind the scenes" with the RP? These solutions all assert the attributes directly from the user-agent, and the attributes are potentially signed by an IdP and stored as an assertion on the client. - John _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
