Identity systems on the Web are a bit of a mess. Surely in 2013, we would have something else than usernames and passwords for logging into websites. A solution that doesn't require trusting a central authority.
It turns out that solving the general identity problem is very hard. Some of these solutions require complicated redirections, an overwhelming amount of jargon and lots of verbose XML. The technology has been around for a long time, but implementing it properly (and safely) is often incredibly difficult.
This talk will explore the challenges of the existing Web identity solutions and introduce the choices that we made during the development of Persona, a new cross-browser federated identity solution from Mozilla.
It will cover:
- a discussion of the complexities and privacy-related concerns that existing identity solutions have
- how crypto is used in Persona to provide both authentication and privacy
- the Persona federation approach: fully distributed with fallbacks
- demos and actual code from sites that have implemented Persona
- the basics of the Persona API so that attendees can go out and easily support this technology on their own sites
Trying to convince users to pick unique (and strong) passwords for each website is a losing battle. What we're proposing is a standard, built into browsers, that leverages the new security features that email providers are now offering. A simple federated solution to eliminate site-specific passwords.