More on data formats

Luke Howard lukeh at padl.com
Tue Nov 26 16:13:24 PST 2013


On 27 Nov 2013, at 10:59 am, Ryan Kelly <rfkelly at mozilla.com> wrote:

> My understanding was that we hoped the distinction between "BrowserID
> Verifier" and "FxA Verifier" would go away, and leave us with a single
> instance of "The Verifier".
> 
> Is this still a goal, and does the proposed assertion format make it
> easier or harder?

Are FxA assertions ever going to be consumed by non-Mozilla RPs? If so, there's an argument for putting the UUID in a separate JWT claim from that containing the email*, so they are still verifiable BrowserID assertions.

Forgive me if this has been covered before.

-- Luke

* by email address, I mean RFC822-like account identifier


More information about the Dev-fxacct mailing list