Hi Harry,
Thanks for sending these links! It will be quite an interesting book.
I had a quick read through and I have three small comments:
1. We write the protocol name as "BrowserID", not "Browser-ID".
2. I wholeheartedly agree with your comments about how it's a bit weird
that Mozilla is still in the loop during verification. That's why we're
changing our recommendations and asking people to make use of
verification libraries instead of talking to
verifier.login.persona.org
directly. That way, developers can "upgrade" to local verification
whenever it's ready without having to change any of their code.
In the case of Python, here's the library we recommend:
https://pypi.python.org/pypi/PyBrowserID
It has local and remote verification and currently defaults to remote
verification. I'm not sure how that fits the purpose of your coding
examples, but you may want to consider using that instead of POSTing to
the verifier.
3. I would recommend including the scheme in the audience you send to
the verifier. I'm surprised it works without, but relying on the
verifier to default to HTTP may not be a good idea. So I would suggest
"audience = '
http://localhost'" instead of just 'localhost'.
Francois