Difference between revisions of "Browser Identity Interactions"

Revision as of 06:40, 3 June 2021

The full range of Browser Identity Interactions from the initial identity creation to large scale federation interactions.

The OpenID Connect protocol was the first major successful method to create Single Sign On functionality in commonly available browsers.
This protocol worked its magic by a method now known as front-channel even though that term does not appear in the OpenID Connect spec.
- Front channel communications relies on communications from the IdP to the RP to flow through the user's browser, rather than the back channel flow directly between the Idp and RP.
The password manager (PM) is a pluggable feature in the browser. Generally the HTTP hooks are standardized, but the manager itself does not appear to be.
- The PM can recognize when a user has been at a site before and that the site is asking for a user name and password.

@@ Line 5: / Line 5: @@
 * The [[OpenID Connect]] protocol was the first major successful method to create [[Single Sign On]] functionality in commonly available browsers.
 * This protocol worked its magic by a method now known as front-channel even though that term does not appear in the [[OpenID Connect]] spec.
-* The password manager is a pluggable feature in the browser. Generally the HTTP hooks are standardized, but the manager itself does not appear to be.
+** Front channel communications relies on communications from the IdP to the RP to flow through the user's browser, rather than the back channel flow directly between the Idp and RP.
+* The password manager (PM) is a pluggable feature in the browser. Generally the HTTP hooks are standardized, but the manager itself does not appear to be.
+** The PM can recognize when a user has been at a site before and that the site is asking for a user name and password.
 ==References==
 [[Category: Identity]]