The web beyond "usernames & passwords"
Upcoming SlideShare
Loading in...5
×
 

The web beyond "usernames & passwords"

on

  • 659 views

Persona is a new cross-browser login and identity system for the web that is pragmatic, federated, and serves the user. ...

Persona is a new cross-browser login and identity system for the web that is pragmatic, federated, and serves the user.

Unlike other popular solutions, it puts a strong emphasis on privacy protection and makes your browser the trusted intermediary. Developed by Mozilla, it is based on the simple idea of users demonstrating ownership of their email address (with a generous serving of crypto magic under the hood).

Video: https://www.youtube.com/watch?v=T6Iu7KgiC0A or https://www.youtube.com/watch?v=iZBTc7iEkQY

Statistics

Views

Total Views
659
Views on SlideShare
654
Embed Views
5

Actions

Likes
0
Downloads
3
Comments
0

1 Embed 5

http://coderwall.com 5

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution-ShareAlike LicenseCC Attribution-ShareAlike License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

The web beyond "usernames & passwords" The web beyond "usernames & passwords" Presentation Transcript

  • the web beyondusernames &passwordsFrançois Marier – @fmarier
  • Username:guidoPassword:****************
  • security
  • bcrypt
  • bcryptper-user salt
  • bcryptper-user saltsite secret
  • conversion rate
  • # hits signup
  • # hits signup signup_complete
  • # hits lost cust- omers signup signup_complete
  • existing solutions
  • client certificates
  • centralized authorities
  • distributed
  • distributed privacy-sensitive
  • distributed privacy-sensitive simple
  • distributed privacy-sensitive simple open source
  • how does Persona work?
  • francois@mozilla.com
  • getting a proof of email ownership
  • getting a proof of email ownership authenticate?
  • getting a proof of email ownership authenticate? public key
  • getting a proof of email ownership authenticate? public key signed public key
  • you have a signed statement from yourprovider that you own your email address
  • logging into a 3rd party site
  • logging into a 3rd party site assertion wikipedia.org Valid for: 2 minutes
  • logging into a 3rd party site assertion wikipedia.org Valid for: 2 minutes check audience
  • logging into a 3rd party site assertion wikipedia.org Valid for: 2 minutes check audience check expiry
  • logging into a 3rd party site assertion wikipedia.org Valid for: 2 minutes check audience check expiry check signature
  • logging into a 3rd party site assertion public key wikipedia.org Valid for: 2 minutes
  • logging into a 3rd party site assertion wikipedia.org Valid for: 2 minutes
  • logging into a 3rd party site assertion session cookie
  • how much work does it take?
  • only 75 lines
  • only 75 lineshtml – js – python
  • <head><script src=”https://login.persona.org/include.js”></script></head>
  • navigator.id.watch({ loggedInEmail: “francois@mozilla.com”, onlogin: function (assertion) { $.post(/login, {assertion: assertion}, function (data) { // do something } ); }, onlogout: function () { window.location = /logout; }});
  • navigator.id.watch({ loggedInEmail: “francois@mozilla.com”, onlogin: function (assertion) { $.post(/login, {assertion: assertion}, function (data) { // do something } ); }, onlogout: function () { window.location = /logout; }});
  • navigator.id.watch({ loggedInEmail: null, onlogin: function (assertion) { $.post(/login, {assertion: assertion}, function (data) { // do something } ); }, onlogout: function () { window.location = /logout; }});
  • navigator.id.watch({ loggedInEmail: null, onlogin: function (assertion) { $.post(/login, {assertion: assertion}, function (data) { // do something } ); }, onlogout: function () { window.location = /logout; }});
  • navigator.id.watch({ loggedInEmail: null, onlogin: function (assertion) { $.post(/login, {assertion: assertion}, function (data) { window.location = /; } ); }, onlogout: function () { window.location = /logout; }});
  • navigator.id.request()
  • navigator.id.watch({ loggedInEmail: null, onlogin: function (assertion) { $.post(/login, {assertion: assertion}, function (data) { window.location = /; } ); }, onlogout: function () { window.location = /logout; }});
  • navigator.id.watch({ loggedInEmail: null, onlogin: function (assertion) { $.post(/login, {assertion: assertion}, function (data) { window.location = /home; } ); }, onlogout: function () { window.location = /logout; }});
  • def verify_assertion(assertion): page = requests.post( https://verifier.login.persona.org/verify, Data={ "assertion": assertion, "audience": http://123done.org}) data = page.json return data.status == okay
  • { status: “okay”, audience: “http://123done.org”, expires: 1344849682560, email: “francois@mozilla.com”, issuer: “login.persona.org”}
  • navigator.id.logout()
  • navigator.id.watch({ loggedInEmail: null, onlogin: function (assertion) { $.post(/login, {assertion: assertion}, function (data) { window.location = /home; } ); }, onlogout: function () { window.location = /logout; }});
  • 1. load javascript library
  • 1. load javascript library2. setup login & logout callbacks
  • 1. load javascript library2. setup login & logout callbacks3. add login and logout buttons
  • 1. load javascript library2. setup login & logout callbacks3. add login and logout buttons4. verify proof of ownership
  • decentralization status
  • 1. identity providers
  • { status: “okay”, audience: “http://123done.org”, expires: 1344849682560, email: “francois@eyedee.me”, issuer: “eyedee.me”}
  • fallback IdP:login.persona.org
  • { status: “okay”, audience: “http://123done.org”, expires: 1344849682560, email: “francois@mozilla.com”, issuer: “mozilla.com”}
  • { status: “okay”, audience: “http://123done.org”, expires: 1344849682560, email: “francois@mozilla.com”, issuer: “login.persona.org ”}
  • support for all email providers
  • 2. browser support
  • navigator.id.*
  • <head><script src=”https://login.persona.org/include.js”></script></head>
  • support for allmodern browsers >= 8
  • 3. assertion verification
  • https://verifier.login.persona.org
  • =
  • Persona is open for business!
  • To learn more about Persona:https://login.persona.org/http://identity.mozilla.com/https://developer.mozilla.org/en-US/docs/BrowserID/Why_BrowserIDhttps://developer.mozilla.org/en-US/docs/BrowserID/Quick_Setuphttps://github.com/mozilla/browserid-cookbook/tree/master/pythonhttps://github.com/mozilla/browserid/wiki/BrowserID-Librarieshttps://github.com/mozilla/django-browseridhttp://123done.org/@fmarier http://fmarier.org
  • Photo credits:Laptop password: https://secure.flickr.com/photos/reidrac/4696900602/Top 500 passwords: http://xato.net/passwords/more-top-worst-passwords/Parchment: https://secure.flickr.com/photos/27613359@N03/6750396225/ © 2012 François Marier <francois@mozilla.com> This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 New Zealand License.