Le 16/05/2013 05:04, Philip Hands a écrit : > Do you have any thoughts on how that compares with using > BrowserID/Persona? I'd got the impression that BrowserID has been put > together learning from mistakes of OpenID & WebID, but perhaps I'm just > swallowing their marketing.
IIUC, there is no transfer of metadata (name, etc.) with BrowserID, unlike OpenID and WebID. An identity is an e-mail address, period. A benefit compared to OpenID and WebID is that the relying party doesn't need to query the identity provider each time, so this improves privacy. BrowserID also relies on the CA cartel. You need to setup an HTTPS (with a trusted certificate) server that responds to some hard-coded path [1] to implement an identity provider. I see this as a serious limitation, but I guess big identity providers don't care. There is an open issue [1] about looking up information in DNS instead of the current hard-coded path. Maybe this, combined with DNSSEC, could lift the HTTPS constraint. But this is work in progress. [1] https://developer.mozilla.org/en-US/docs/Mozilla/Persona/Implementing_a_Persona_IdP [2] https://github.com/mozilla/browserid/issues/1523 Cheers, -- Stéphane -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/51949f6f.3010...@debian.org
