Hi, awesome plugin!
I ran into some trouble with one of my websites, because the get request the plugin generates was to long (browserid_assertion.length was > 2000). I solved this by creating a form element in login.js and submitting it. (http://pastebin.com/p50K55cF).
In Check_assertion() wouldn't it be better to "get_options" only after "if (isset($_REQUEST['browserid_assertion'])"?
Something else I think this would be a lot easier to use for many people if you shipped with https certificats. I wanted to use it in a hosting environment, but my host hadn't configured curl for https. So I disabled the verify SSL-certificat option, but this feels insecure to me.
Maybe the plugin can somehow set CURLOPT_CAINFO somehow and ship with the required files?