New BrowserID mechanism
Luke Howard
lukeh at padl.com
Fri Mar 29 23:34:47 EDT 2013
There was some discussion back in 2011 (not that I subscribed to this list back then) about a SASL BrowserID mechanism.
We have a new GSS mechanism supporting BrowserID (aka Persona) that works with the GS2 bridge in Cyrus SASL.
You may download the code here:
https://github.com/PADL/gss_browserid
And read the protocol specification here:
http://tools.ietf.org/id/draft-howard-gss-browserid-01.txt
Note that unlike the Mozilla BrowserID SASL mechanism, this mechanism supports channel binding, replay detection, fast re-authentication, mutual authentication and interactive credentials acquisition (you don't need to cut and paste an assertion in).
(It also supports message protection services, but this irrelevant when used with GS2.)
-- Luke
--
Luke Howard / lukeh at padl.com
www.padl.com / www.lukehoward.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/cyrus-devel/attachments/20130330/d1e3d15b/attachment.html
More information about the Cyrus-devel
mailing list