The web beyond "usernames & passwords"

528 views
450 views

Published on

Persona is a new cross-browser login and identity system for the web that is pragmatic, federated, and serves the user.

Unlike other popular solutions, it puts a strong emphasis on privacy protection and makes your browser the trusted intermediary. Developed by Mozilla, it is based on the simple idea of users demonstrating ownership of their email address (with a generous serving of crypto magic under the hood).

Video: https://www.youtube.com/watch?v=T6Iu7KgiC0A or https://www.youtube.com/watch?v=iZBTc7iEkQY

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
528
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

The web beyond "usernames & passwords"

  1. 1. the web beyondusernames &passwordsFrançois Marier – @fmarier
  2. 2. Username:guidoPassword:****************
  3. 3. security
  4. 4. bcrypt
  5. 5. bcryptper-user salt
  6. 6. bcryptper-user saltsite secret
  7. 7. conversion rate
  8. 8. # hits signup
  9. 9. # hits signup signup_complete
  10. 10. # hits lost cust- omers signup signup_complete
  11. 11. existing solutions
  12. 12. client certificates
  13. 13. centralized authorities
  14. 14. distributed
  15. 15. distributed privacy-sensitive
  16. 16. distributed privacy-sensitive simple
  17. 17. distributed privacy-sensitive simple open source
  18. 18. how does Persona work?
  19. 19. francois@mozilla.com
  20. 20. getting a proof of email ownership
  21. 21. getting a proof of email ownership authenticate?
  22. 22. getting a proof of email ownership authenticate? public key
  23. 23. getting a proof of email ownership authenticate? public key signed public key
  24. 24. you have a signed statement from yourprovider that you own your email address
  25. 25. logging into a 3rd party site
  26. 26. logging into a 3rd party site assertion wikipedia.org Valid for: 2 minutes
  27. 27. logging into a 3rd party site assertion wikipedia.org Valid for: 2 minutes check audience
  28. 28. logging into a 3rd party site assertion wikipedia.org Valid for: 2 minutes check audience check expiry
  29. 29. logging into a 3rd party site assertion wikipedia.org Valid for: 2 minutes check audience check expiry check signature
  30. 30. logging into a 3rd party site assertion public key wikipedia.org Valid for: 2 minutes
  31. 31. logging into a 3rd party site assertion wikipedia.org Valid for: 2 minutes
  32. 32. logging into a 3rd party site assertion session cookie
  33. 33. how much work does it take?
  34. 34. only 75 lines
  35. 35. only 75 lineshtml – js – python
  36. 36. <head><script src=”https://login.persona.org/include.js”></script></head>
  37. 37. navigator.id.watch({ loggedInEmail: “francois@mozilla.com”, onlogin: function (assertion) { $.post(/login, {assertion: assertion}, function (data) { // do something } ); }, onlogout: function () { window.location = /logout; }});
  38. 38. navigator.id.watch({ loggedInEmail: “francois@mozilla.com”, onlogin: function (assertion) { $.post(/login, {assertion: assertion}, function (data) { // do something } ); }, onlogout: function () { window.location = /logout; }});
  39. 39. navigator.id.watch({ loggedInEmail: null, onlogin: function (assertion) { $.post(/login, {assertion: assertion}, function (data) { // do something } ); }, onlogout: function () { window.location = /logout; }});
  40. 40. navigator.id.watch({ loggedInEmail: null, onlogin: function (assertion) { $.post(/login, {assertion: assertion}, function (data) { // do something } ); }, onlogout: function () { window.location = /logout; }});
  41. 41. navigator.id.watch({ loggedInEmail: null, onlogin: function (assertion) { $.post(/login, {assertion: assertion}, function (data) { window.location = /; } ); }, onlogout: function () { window.location = /logout; }});
  42. 42. navigator.id.request()
  43. 43. navigator.id.watch({ loggedInEmail: null, onlogin: function (assertion) { $.post(/login, {assertion: assertion}, function (data) { window.location = /; } ); }, onlogout: function () { window.location = /logout; }});
  44. 44. navigator.id.watch({ loggedInEmail: null, onlogin: function (assertion) { $.post(/login, {assertion: assertion}, function (data) { window.location = /home; } ); }, onlogout: function () { window.location = /logout; }});
  45. 45. def verify_assertion(assertion): page = requests.post( https://verifier.login.persona.org/verify, Data={ "assertion": assertion, "audience": http://123done.org}) data = page.json return data.status == okay
  46. 46. { status: “okay”, audience: “http://123done.org”, expires: 1344849682560, email: “francois@mozilla.com”, issuer: “login.persona.org”}
  47. 47. navigator.id.logout()
  48. 48. navigator.id.watch({ loggedInEmail: null, onlogin: function (assertion) { $.post(/login, {assertion: assertion}, function (data) { window.location = /home; } ); }, onlogout: function () { window.location = /logout; }});
  49. 49. 1. load javascript library
  50. 50. 1. load javascript library2. setup login & logout callbacks
  51. 51. 1. load javascript library2. setup login & logout callbacks3. add login and logout buttons
  52. 52. 1. load javascript library2. setup login & logout callbacks3. add login and logout buttons4. verify proof of ownership
  53. 53. decentralization status
  54. 54. 1. identity providers
  55. 55. { status: “okay”, audience: “http://123done.org”, expires: 1344849682560, email: “francois@eyedee.me”, issuer: “eyedee.me”}
  56. 56. fallback IdP:login.persona.org
  57. 57. { status: “okay”, audience: “http://123done.org”, expires: 1344849682560, email: “francois@mozilla.com”, issuer: “mozilla.com”}
  58. 58. { status: “okay”, audience: “http://123done.org”, expires: 1344849682560, email: “francois@mozilla.com”, issuer: “login.persona.org ”}
  59. 59. support for all email providers
  60. 60. 2. browser support
  61. 61. navigator.id.*
  62. 62. <head><script src=”https://login.persona.org/include.js”></script></head>
  63. 63. support for allmodern browsers >= 8
  64. 64. 3. assertion verification
  65. 65. https://verifier.login.persona.org
  66. 66. =
  67. 67. Persona is open for business!
  68. 68. To learn more about Persona:https://login.persona.org/http://identity.mozilla.com/https://developer.mozilla.org/en-US/docs/BrowserID/Why_BrowserIDhttps://developer.mozilla.org/en-US/docs/BrowserID/Quick_Setuphttps://github.com/mozilla/browserid-cookbook/tree/master/pythonhttps://github.com/mozilla/browserid/wiki/BrowserID-Librarieshttps://github.com/mozilla/django-browseridhttp://123done.org/@fmarier http://fmarier.org
  69. 69. Photo credits:Laptop password: https://secure.flickr.com/photos/reidrac/4696900602/Top 500 passwords: http://xato.net/passwords/more-top-worst-passwords/Parchment: https://secure.flickr.com/photos/27613359@N03/6750396225/ © 2012 François Marier <francois@mozilla.com> This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 New Zealand License.

×