BrowserID: Distributed Identity in the Browser

2,566 views
2,496 views

Published on

BrowserID is a new web login mechanism with strong privacy protection where your browser is the trusted intermediary. Backed by Mozilla, it is based on the simple idea of a user proving that they own an email address, with a generous sprinkling of crypto under the hood. What makes this solution different is that it is designed to be simple (both for users and developers), distributed and privacy-protecting.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,566
On SlideShare
0
From Embeds
0
Number of Embeds
44
Actions
Shares
0
Downloads
12
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

BrowserID: Distributed Identity in the Browser

  1. 1. Francois Marier <francois@catalyst.net.nz>
  2. 2. Existing Solutions
  3. 3. Client Certificates
  4. 4. Outsource Identity
  5. 5. Be an OpenID Consumer
  6. 6. usability
  7. 7. usability reliability
  8. 8. usability reliabilitylock-in
  9. 9. usability reliabilitylock-in privacy
  10. 10. wanted:better web logins with strongprivacy protection
  11. 11. “ ”Its about you proving to a websitethat you own an email address.
  12. 12. simple
  13. 13. simple distributed
  14. 14. simple distributed privacy-protecting
  15. 15. you have a signed statement fromgmail that you own your email address
  16. 16. Is it really that awesome?
  17. 17. Is it really that awesome?Not quite, but it it will be!
  18. 18. Adding BrowserID to your applicationStep 1: enable BrowserID<script src="https://browserid.org/include.js"></script>
  19. 19. Adding BrowserID to your applicationStep 2: get users identitynavigator.id.get(function(assertion) { if (assertion) { // User picked an email address ... } else { // User cancelled ... }});
  20. 20. Adding BrowserID to your applicationStep 3: verify users identity$ curl -d"assertion=<ASSERTION>&audience=http://mysite.com""https://browserid.org/verify"
  21. 21. Adding BrowserID to your applicationStep 3: verify users identity$ curl -d"assertion=<ASSERTION>&audience=http://mysite.com""https://browserid.org/verify"{ "status": "okay", "email": "person@example.com", "audience": "http://mysite.com", "expires": 1308859352261, "issuer": "browserid.org"}
  22. 22. Learn morehttps://browserid.orghttp://lloyd.io/how-browserid-workshttp://mozilla.github.com/browserid-field-guide/http://myfavoritebeer.org fmarier fmarier Copyright © 2012 François Marier Released under the terms of the Creative Commons Attribution Share Alike 3.0 Unported Licence

×