Your SlideShare is downloading. ×
Passwords and freedom: can we lose the former and retain the latter?
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Passwords and freedom: can we lose the former and retain the latter?

122
views

Published on

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
122
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. François Marier – @fmarier passwords and freedom: can we lose the former and retain the latter?
  • 2. passwords
  • 3. problem #1: passwords are hard to secure
  • 4. passwords are hard to secure they are a liability
  • 5. ALTER TABLE user DROP COLUMN password;
  • 6. problem #2: passwords are hard to remember
  • 7. pick an easy password
  • 8. pick an easy password use it everywhere
  • 9. decentralized
  • 10. privacy®
  • 11. existing login systems are not good enough
  • 12. ideal web-wide identity system
  • 13. ● decentralized ● simple ● cross-browser ideal web-wide identity system
  • 14. ● decentralized ● simple ● cross-browser ideal web-wide identity system
  • 15. ● decentralized ● simple ● cross-browser ideal web-wide identity system
  • 16. ● decentralized ● simple ● cross-browser
  • 17. how does it work?
  • 18. fmarier@gmail.com
  • 19. demo #1: http://crossword.thetimes.co.uk/ fmariertest@eyedee.me
  • 20. Persona is already a decentralized system
  • 21. decentralization is the answer, but it's not a product adoption strategy
  • 22. we can't wait for all domains to adopt Persona
  • 23. we can't wait for all domains to adopt Persona solution: a temporary centralized fallback
  • 24. demo #2: http://sloblog.io fmariertest@gmail.com
  • 25. Persona already works with all email domains
  • 26. identity bridging
  • 27. demo #3: http://www.reasonwell.com/ fmariertest@yahoo.com
  • 28. Persona supports all modern browsers >= 8
  • 29. Persona is decentralized, simple and cross-browser
  • 30. it's simple for users, but is it also simple for developers?
  • 31. <script src=”https://login.persona.org/include.js”> </script> </body></html>
  • 32. navigator.id.watch({ loggedInEmail: “francois@mozilla.com”, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { // do something } ); }, onlogout: function () { window.location = '/logout'; } });
  • 33. navigator.id.watch({ loggedInUser: “francois@mozilla.com”, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { // do something } ); }, onlogout: function () { window.location = '/logout'; } });
  • 34. navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { // do something } ); }, onlogout: function () { window.location = '/logout'; } });
  • 35. navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { // do something } ); }, onlogout: function () { window.location = '/logout'; } });
  • 36. navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/'; } ); }, onlogout: function () { window.location = '/logout'; } });
  • 37. navigator.id.request()
  • 38. navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/'; } ); }, onlogout: function () { window.location = '/logout'; } });
  • 39. navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });
  • 40. $ curl -d "assertion=<ASSERTION>& audience=http://123done.org" https://verifier.login.persona.org/verify
  • 41. $ curl -d "assertion=<ASSERTION>& audience=http://123done.org" https://verifier.login.persona.org/verify
  • 42. { status: “okay”, audience: “http://123done.org”, expires: 1344849682560, email: “francois@mozilla.com”, issuer: “login.persona.org” }
  • 43. { status: “failed”, reason: “assertion has expired” }
  • 44. navigator.id.logout()
  • 45. navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });
  • 46. 1. load javascript library
  • 47. 1. load javascript library 2. setup login & logout callbacks
  • 48. 1. load javascript library 2. setup login & logout callbacks 3. add login and logout buttons
  • 49. 1. load javascript library 2. setup login & logout callbacks 3. add login and logout buttons 4. verify proof of ownership
  • 50. you can add support for Persona in four easy steps
  • 51. one simple request
  • 52. building a new site: default to Persona
  • 53. working on an existing site/app: add support for Persona
  • 54. To learn more about Persona: https://login.persona.org/ http://identity.mozilla.com/ https://developer.mozilla.org/docs/Persona/Why_Persona https://developer.mozilla.org/docs/Persona/Quick_Setup https://github.com/mozilla/browserid-cookbook https://developer.mozilla.org/docs/Persona/Libraries_and_plugins http://123done.org/ https://wiki.mozilla.org/Identity#Get_Involved @fmarier http://fmarier.org
  • 55. identity provider API https://eyedee.me/.well-known/browserid: { "public-key": { "algorithm":"RS", "n":"8606...", "e":"65537" }, "authentication": "/browserid/sign_in.html", "provisioning": "/browserid/provision.html" }
  • 56. https://eyedee.me/.well-known/browserid: { "public-key": { "algorithm":"RS", "n":"8606...", "e":"65537" }, "authentication": "/browserid/sign_in.html", "provisioning": "/browserid/provision.html" } identity provider API
  • 57. https://eyedee.me/.well-known/browserid: { "public-key": { "algorithm":"RS", "n":"8606...", "e":"65537" }, "authentication": "/browserid/sign_in.html", "provisioning": "/browserid/provision.html" } identity provider API
  • 58. https://eyedee.me/.well-known/browserid: { "public-key": { "algorithm":"RS", "n":"8606...", "e":"65537" }, "authentication": "/browserid/sign_in.html", "provisioning": "/browserid/provision.html" } identity provider API
  • 59. https://eyedee.me/.well-known/browserid: { "public-key": { "algorithm":"RS", "n":"8606...", "e":"65537" }, "authentication": "/browserid/sign_in.html", "provisioning": "/browserid/provision.html" } identity provider API
  • 60. identity provider API 1. check for your /.well-known/browserid 2. try the provisioning endpoint 3. show the authentication page 4. call the provisioning endpoint again
  • 61. identity provider API 1. check for your /.well-known/browserid 2. try the provisioning endpoint 3. show the authentication page 4. call the provisioning endpoint again
  • 62. identity provider API 1. check for your /.well-known/browserid 2. try the provisioning endpoint 3. show the authentication page 4. call the provisioning endpoint again
  • 63. identity provider API 1. check for your /.well-known/browserid 2. try the provisioning endpoint 3. show the authentication page 4. call the provisioning endpoint again
  • 64. © 2013 François Marier <francois@mozilla.com> This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 New Zealand License. Hotel doorman: https://secure.flickr.com/photos/wildlife_encounters/8024166802/ Top 500 passwords: http://xato.net/passwords/more-top-worst-passwords/ Parchment: https://secure.flickr.com/photos/27613359@N03/6750396225/ Stop sign: https://secure.flickr.com/photos/artbystevejohnson/6673406227/ Photo credits:

×