Passwords and freedom: can we lose the former and retain the latter?

  • 88 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
88
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
1
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. François Marier – @fmarier passwords and freedom: can we lose the former and retain the latter?
  • 2. passwords
  • 3. problem #1: passwords are hard to secure
  • 4. passwords are hard to secure they are a liability
  • 5. ALTER TABLE user DROP COLUMN password;
  • 6. problem #2: passwords are hard to remember
  • 7. pick an easy password
  • 8. pick an easy password use it everywhere
  • 9. decentralized
  • 10. privacy®
  • 11. existing login systems are not good enough
  • 12. ideal web-wide identity system
  • 13. ● decentralized ● simple ● cross-browser ideal web-wide identity system
  • 14. ● decentralized ● simple ● cross-browser ideal web-wide identity system
  • 15. ● decentralized ● simple ● cross-browser ideal web-wide identity system
  • 16. ● decentralized ● simple ● cross-browser
  • 17. how does it work?
  • 18. fmarier@gmail.com
  • 19. demo #1: http://crossword.thetimes.co.uk/ fmariertest@eyedee.me
  • 20. Persona is already a decentralized system
  • 21. decentralization is the answer, but it's not a product adoption strategy
  • 22. we can't wait for all domains to adopt Persona
  • 23. we can't wait for all domains to adopt Persona solution: a temporary centralized fallback
  • 24. demo #2: http://sloblog.io fmariertest@gmail.com
  • 25. Persona already works with all email domains
  • 26. identity bridging
  • 27. demo #3: http://www.reasonwell.com/ fmariertest@yahoo.com
  • 28. Persona supports all modern browsers >= 8
  • 29. Persona is decentralized, simple and cross-browser
  • 30. it's simple for users, but is it also simple for developers?
  • 31. <script src=”https://login.persona.org/include.js”> </script> </body></html>
  • 32. navigator.id.watch({ loggedInEmail: “francois@mozilla.com”, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { // do something } ); }, onlogout: function () { window.location = '/logout'; } });
  • 33. navigator.id.watch({ loggedInUser: “francois@mozilla.com”, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { // do something } ); }, onlogout: function () { window.location = '/logout'; } });
  • 34. navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { // do something } ); }, onlogout: function () { window.location = '/logout'; } });
  • 35. navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { // do something } ); }, onlogout: function () { window.location = '/logout'; } });
  • 36. navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/'; } ); }, onlogout: function () { window.location = '/logout'; } });
  • 37. navigator.id.request()
  • 38. navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/'; } ); }, onlogout: function () { window.location = '/logout'; } });
  • 39. navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });
  • 40. $ curl -d "assertion=<ASSERTION>& audience=http://123done.org" https://verifier.login.persona.org/verify
  • 41. $ curl -d "assertion=<ASSERTION>& audience=http://123done.org" https://verifier.login.persona.org/verify
  • 42. { status: “okay”, audience: “http://123done.org”, expires: 1344849682560, email: “francois@mozilla.com”, issuer: “login.persona.org” }
  • 43. { status: “failed”, reason: “assertion has expired” }
  • 44. navigator.id.logout()
  • 45. navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });
  • 46. 1. load javascript library
  • 47. 1. load javascript library 2. setup login & logout callbacks
  • 48. 1. load javascript library 2. setup login & logout callbacks 3. add login and logout buttons
  • 49. 1. load javascript library 2. setup login & logout callbacks 3. add login and logout buttons 4. verify proof of ownership
  • 50. you can add support for Persona in four easy steps
  • 51. one simple request
  • 52. building a new site: default to Persona
  • 53. working on an existing site/app: add support for Persona
  • 54. To learn more about Persona: https://login.persona.org/ http://identity.mozilla.com/ https://developer.mozilla.org/docs/Persona/Why_Persona https://developer.mozilla.org/docs/Persona/Quick_Setup https://github.com/mozilla/browserid-cookbook https://developer.mozilla.org/docs/Persona/Libraries_and_plugins http://123done.org/ https://wiki.mozilla.org/Identity#Get_Involved @fmarier http://fmarier.org
  • 55. identity provider API https://eyedee.me/.well-known/browserid: { "public-key": { "algorithm":"RS", "n":"8606...", "e":"65537" }, "authentication": "/browserid/sign_in.html", "provisioning": "/browserid/provision.html" }
  • 56. https://eyedee.me/.well-known/browserid: { "public-key": { "algorithm":"RS", "n":"8606...", "e":"65537" }, "authentication": "/browserid/sign_in.html", "provisioning": "/browserid/provision.html" } identity provider API
  • 57. https://eyedee.me/.well-known/browserid: { "public-key": { "algorithm":"RS", "n":"8606...", "e":"65537" }, "authentication": "/browserid/sign_in.html", "provisioning": "/browserid/provision.html" } identity provider API
  • 58. https://eyedee.me/.well-known/browserid: { "public-key": { "algorithm":"RS", "n":"8606...", "e":"65537" }, "authentication": "/browserid/sign_in.html", "provisioning": "/browserid/provision.html" } identity provider API
  • 59. https://eyedee.me/.well-known/browserid: { "public-key": { "algorithm":"RS", "n":"8606...", "e":"65537" }, "authentication": "/browserid/sign_in.html", "provisioning": "/browserid/provision.html" } identity provider API
  • 60. identity provider API 1. check for your /.well-known/browserid 2. try the provisioning endpoint 3. show the authentication page 4. call the provisioning endpoint again
  • 61. identity provider API 1. check for your /.well-known/browserid 2. try the provisioning endpoint 3. show the authentication page 4. call the provisioning endpoint again
  • 62. identity provider API 1. check for your /.well-known/browserid 2. try the provisioning endpoint 3. show the authentication page 4. call the provisioning endpoint again
  • 63. identity provider API 1. check for your /.well-known/browserid 2. try the provisioning endpoint 3. show the authentication page 4. call the provisioning endpoint again
  • 64. © 2013 François Marier <francois@mozilla.com> This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 New Zealand License. Hotel doorman: https://secure.flickr.com/photos/wildlife_encounters/8024166802/ Top 500 passwords: http://xato.net/passwords/more-top-worst-passwords/ Parchment: https://secure.flickr.com/photos/27613359@N03/6750396225/ Stop sign: https://secure.flickr.com/photos/artbystevejohnson/6673406227/ Photo credits: