Re: browserid support

Thu, 29 Dec 2011 06:09:03 -0800

Most recent (though 3 months old) spec details about the IdP can be found at: http://lloyd.io/primary-identity-authorities-in-browserid
I'm not sure but isn't the browserid.org IdP implementation available at https://github.com/mozilla/browserid ? 

Op 27-12-11 09:45, Benoit Chesneau schreef:

On Tue, Dec 27, 2011 at 6:09 AM, Randall Leeds<[email protected]>  wrote:

On Sun, Dec 25, 2011 at 22:02, Jason Smith<[email protected]>  wrote:

On Mon, Dec 26, 2011 at 9:51 AM, Michiel de Jong<[email protected]>  wrote:

The other thing, CouchDB as a BrowserId RP, would simply be instead of
clicking 'login' at the bottom right in futon, there would be a BrowserId
sign in button there. This is nice because then people don't have to
remember their CouchDB password all the time. Or for that matter, their
password in whatever app uses CouchDB. This would have to be something in
front of CouchDB, which check the BrowserId assertion, and opens a session
- which may involve storing the plain text admin password and sending this
to the client, or creating a session token and staying inbetween as a
proxy, or creating a session token and adding this into the _users database
as you send it in plain text to the client.


We are further along than that. CouchDB can confirm a valid BrowserID
identity (however it uses the mozilla.org web service). But the
experience for the Couch application developer is quite good (IMO).

https://github.com/iriscouch/browserid_couchdb

--
Iris Couch


As Jason points, out, CouchDB can already act as an RP with the
BrowserID plugin mentoined. I still have a lot of interest in making
CouchDB both a primary identity provider and a verifier, but I've lost
track of the state of BrowserID. I'm including dev@ in the hopes that
a discussion about implementation can grow there.

-Randall

I exchanged some mails recently on the browserid ml, to know the
status of primary services , it sound like the spec isn't finished
yet. I will wait for that before doing anything myself.

Current implementation of browserid is worthless imo, since it need to
rely on a centralized service. It's good to show how it could work,
but I'm eagerly waiting for the final spec, so we could use any mail
server as an ID validation. Once it's done, there are some pretty
interesting libs in Erlang that will make the implementation easy.

- benoƮt






















					Reply via email to