On 30/07/2015 07:04, Sean McArthur wrote:
> The identifier doesn't have to be an email, though that does seem to be
> the most common form. A URL works too, so OpenID isn't excluded.
>
> I'm not interested in getting Facebook to accept my Gmail login (that
> could be nice, though). They have the proper talent and expertise to
> safeguard my data (read: password). I want all the other smaller sites,
> such as Hacker News, or Feedly, or Evernote, to accept a JWT from
> `navigator.auth.get()`, instead of keeping a copy of my password in
> their database.
>
> Also, I don't see Facebook needing to make a browser in order to be
> usable with `navigator.auth.get`. As the post mentions, the details of
> how are left up to each browser, but it should be possible for any
> browser to allow other accounts to be "logged in to the browser". I'd
> hope that eventually, Firefox will have me signed in as my Gmail,
> Twitter, Facebook, and Github accounts. Then, the picker that Firefox
> would show would ask which of these 4 I want to share to the target website.
I recall an ancient post to dev-identity that went along these lines,
but I can't find it in the archive. It was along the lines of "how
could we allow multiple secondary identity providers in the persona
ecosystem?".
Anyway, one of the ideas was that the website could specifically say
"here are the set of issuers I trust to verify the users identity" and
the browser could use that information to select an appropriate account.
In your example it might be something like:
navigator.id.get({
trustedIssuers: [
"accounts.firefox.com",
"google.com",
"twitter.com"
]
})
Like a kind of "Accept" header negotiation for the login nazcar,
mediated by the browser. There's no point in offering to connect with
your github account if the receiving site doesn't trust github for that
purpose.
Cheers,
Ryan
_______________________________________________
Dev-fxacct mailing list
[email protected]
https://mail.mozilla.org/listinfo/dev-fxacct
