SlideShare a Scribd company logo

Taking the pain out of signing users in

F
Francois Marier
Technology
1 of 95
Download to read offline
François Marier – @fmarier Taking the pain out of signing users in
passwords
problem #1: passwords are hard to secure
bcrypt / scrypt / pbkdf2 per-user salt site secret password & lockout policies secure recovery
bcrypt / scrypt / pbkdf2 per-user salt site secret password & lockout policies secure recovery
bcrypt / scrypt / pbkdf2 per-user salt site secret password & lockout policies secure recovery
bcrypt / scrypt / pbkdf2 per-user salt site secret password & lockout policies secure recovery
bcrypt / scrypt / pbkdf2 per-user salt site secret password & lockout policies secure recovery
bcrypt / scrypt / pbkdf2 per-user salt site secret password & lockout policies secure recovery 2013 2013 password password guidelines guidelines
passwords are hard to secure they are a liability
ALTER TABLE user DROP COLUMN password;
problem #2: passwords are hard to remember
pick an easy password
use it everywhere
passwords are hard to remember they need to be reset
control email account control all accounts =
“People want a little dating before marriage.” Eric Vishria – Rockmelt
decentralised
myid.com/u/francois
existing login systems are not good enough
ideal web-wide identity system
● decentralised simple cross-browser ideal web-wide identity system
● decentralised ● simple cross-browser ideal web-wide identity system
● decentralised ● simple ● cross-browser ideal web-wide identity system
what if it were a standard part of the web browser?
how does it work?
fmarier@gmail.com
demo #1: http://www.voo.st/ fmariertest@eyedee.me
Persona is already a decentralised system
decentralisation is the answer, but it's not a product adoption strategy
we can't wait for all domains to adopt Persona
we can't wait for all domains to adopt Persona solution: a temporary centralised fallback
demo #2: http://sloblog.io/ fmariertest@aol.com
Persona already works with all email domains
identity bridging
demo #3: http://www.reasonwell.com/ fmariertest@yahoo.com
>= 8
Persona is decentralized, simple and cross-browser
it's simple for users, but is it also simple for developers?
<script src=”https://login.persona.org/include.js”> </script> </body></html>
navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });
navigator.id.watch({ loggedInUser: "francois@mozilla.com" onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });
navigator.id.watch({ loggedInUser: null onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });
navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/home'; } ); } onlogout: function () { window.location = '/logout'; } });
navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });
navigator.id.request()
navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });
navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });
def verify_assertion(assertion): page = requests.post( 'https://verifier.login.persona.org/verify', data={ "assertion": assertion, "audience": 'http://123done.org'} ) data = page.json return data.status == 'okay'
def verify_assertion(assertion): page = requests.post( 'https://verifier.login.persona.org/verify', data={ "assertion": assertion, "audience": 'http://123done.org'} ) data = page.json return data.status == 'okay'
def verify_assertion(assertion): page = requests.post( 'https://verifier.login.persona.org/verify', data={ "assertion": assertion, "audience": 'http://123done.org'} ) data = page.json return data.status == 'okay'
{ status: “okay”, audience: “http://123done.org”, expires: 1344849682560, email: “francois@mozilla.com”, issuer: “login.persona.org” }
{ status: “failed”, reason: “assertion has expired” }
navigator.id.logout()
navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });
1. load javascript library 2. setup login & logout callbacks 3. add login and logout buttons 4. verify proof of ownership
1. load javascript library 2. setup login & logout callbacks 3. add login and logout buttons 4. verify proof of ownership
1. load javascript library 2. setup login & logout callbacks 3. add login and logout buttons 4. verify proof of ownership
1. load javascript library 2. setup login & logout callbacks 3. add login and logout buttons 4. verify proof of ownership
you can add support for Persona in four easy steps
one simple request
building a new site: default to Persona
working on an existing site/app: add support for Persona
To learn more about Persona: https://login.persona.org/ http://identity.mozilla.com/ https://developer.mozilla.org/docs/Persona/Quick_Setup https://github.com/mozilla/browserid-cookbook https://developer.mozilla.org/docs/Persona/Libraries_and_plugins http://123done.org/ https://wiki.mozilla.org/Identity#Get_Involved @fmarier
© 2013 François Marier <francois@mozilla.com> This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 New Zealand License. Hotel doorman: https://secure.flickr.com/photos/wildlife_encounters/8024166802/ Top 500 passwords: http://xato.net/passwords/more-top-worst-passwords/ Parchment: https://secure.flickr.com/photos/27613359@N03/6750396225/ Uncle Sam: https://secure.flickr.com/photos/donkeyhotey/5666065982/ Restaurant dinner: https://secure.flickr.com/photos/yourdon/3977084094/ Stop sign: https://secure.flickr.com/photos/artbystevejohnson/6673406227/ Photo credits:

Recommended

Persona: a federated and privacy-protecting login system for the whole Web
Persona: a federated and privacy-protecting login system for the whole WebPersona: a federated and privacy-protecting login system for the whole Web
Persona: a federated and privacy-protecting login system for the whole WebFrancois Marier
 
Easy logins for Ruby web applications
Easy logins for Ruby web applicationsEasy logins for Ruby web applications
Easy logins for Ruby web applicationsFrancois Marier
 
Supporting Debian machines for friends and family
Supporting Debian machines for friends and familySupporting Debian machines for friends and family
Supporting Debian machines for friends and familyFrancois Marier
 
URL to HTML
URL to HTMLURL to HTML
URL to HTMLFrancois Marier
 
You're still using passwords on your site?
You're still using passwords on your site?You're still using passwords on your site?
You're still using passwords on your site?Francois Marier
 
Passwords and freedom: can we lose the former and retain the latter?
Passwords and freedom: can we lose the former and retain the latter?Passwords and freedom: can we lose the former and retain the latter?
Passwords and freedom: can we lose the former and retain the latter?Francois Marier
 
The Web beyond "usernames & passwords" (OSDC12)
The Web beyond "usernames & passwords" (OSDC12)The Web beyond "usernames & passwords" (OSDC12)
The Web beyond "usernames & passwords" (OSDC12)Francois Marier
 
Persona: in your browsers, killing your passwords
Persona: in your browsers, killing your passwordsPersona: in your browsers, killing your passwords
Persona: in your browsers, killing your passwordsFrancois Marier
 

Recommended

Persona: a federated and privacy-protecting login system for the whole Web
Persona: a federated and privacy-protecting login system for the whole WebPersona: a federated and privacy-protecting login system for the whole Web
Persona: a federated and privacy-protecting login system for the whole WebFrancois Marier
 
Easy logins for Ruby web applications
Easy logins for Ruby web applicationsEasy logins for Ruby web applications
Easy logins for Ruby web applicationsFrancois Marier
 
Supporting Debian machines for friends and family
Supporting Debian machines for friends and familySupporting Debian machines for friends and family
Supporting Debian machines for friends and familyFrancois Marier
 
URL to HTML
URL to HTMLURL to HTML
URL to HTMLFrancois Marier
 
You're still using passwords on your site?
You're still using passwords on your site?You're still using passwords on your site?
You're still using passwords on your site?Francois Marier
 
Passwords and freedom: can we lose the former and retain the latter?
Passwords and freedom: can we lose the former and retain the latter?Passwords and freedom: can we lose the former and retain the latter?
Passwords and freedom: can we lose the former and retain the latter?Francois Marier
 
The Web beyond "usernames & passwords" (OSDC12)
The Web beyond "usernames & passwords" (OSDC12)The Web beyond "usernames & passwords" (OSDC12)
The Web beyond "usernames & passwords" (OSDC12)Francois Marier
 
Persona: in your browsers, killing your passwords
Persona: in your browsers, killing your passwordsPersona: in your browsers, killing your passwords
Persona: in your browsers, killing your passwordsFrancois Marier
 
Smashing the stats for fun (and profit)
Smashing the stats for fun (and profit)Smashing the stats for fun (and profit)
Smashing the stats for fun (and profit)Security B-Sides
 
Proxy authentication Itoug TechDays 2019
Proxy authentication Itoug TechDays 2019Proxy authentication Itoug TechDays 2019
Proxy authentication Itoug TechDays 2019Enrico Cairo
 
The web beyond "usernames & passwords"
The web beyond "usernames & passwords"The web beyond "usernames & passwords"
The web beyond "usernames & passwords"Francois Marier
 
Killing Passwords with JavaScript
Killing Passwords with JavaScriptKilling Passwords with JavaScript
Killing Passwords with JavaScriptFrancois Marier
 
Porque VIM?
Porque VIM?Porque VIM?
Porque VIM?Augusto Pascutti
 
Logs: O que comem, onde vivem e como se reproduzem.
Logs: O que comem, onde vivem e como se reproduzem.Logs: O que comem, onde vivem e como se reproduzem.
Logs: O que comem, onde vivem e como se reproduzem.Augusto Pascutti
 
String.fromCharCode(60)script>alert("XSS")String.fromCharCode(60)/script>
String.fromCharCode(60)script>alert("XSS")String.fromCharCode(60)/script>String.fromCharCode(60)script>alert("XSS")String.fromCharCode(60)/script>
String.fromCharCode(60)script>alert("XSS")String.fromCharCode(60)/script>Muhammad Sohail
 
PHP Backdoor: The rise of the vuln
PHP Backdoor: The rise of the vulnPHP Backdoor: The rise of the vuln
PHP Backdoor: The rise of the vulnSandro Zaccarini
 
Security and Mobility - WordCamp Porto 2016
Security and Mobility - WordCamp Porto 2016Security and Mobility - WordCamp Porto 2016
Security and Mobility - WordCamp Porto 2016Marcel Schmitz
 
2013 05-03 - HTML5 & JavaScript Security
2013 05-03 - HTML5 & JavaScript Security2013 05-03 - HTML5 & JavaScript Security
2013 05-03 - HTML5 & JavaScript SecurityJohannes Hoppe
 
load errorcmd
load errorcmd load errorcmd
load errorcmd♛Kumar Aneesh♛
 
Ruby Robots
Ruby RobotsRuby Robots
Ruby RobotsDaniel Cukier
 
32373 uploading-php-shell-through-sql-injection
32373 uploading-php-shell-through-sql-injection32373 uploading-php-shell-through-sql-injection
32373 uploading-php-shell-through-sql-injectionAttaporn Ninsuwan
 
Keep It Simple Security (Symfony cafe 28-01-2016)
Keep It Simple Security (Symfony cafe 28-01-2016)Keep It Simple Security (Symfony cafe 28-01-2016)
Keep It Simple Security (Symfony cafe 28-01-2016)Oleg Zinchenko
 
PHP Secure Programming
PHP Secure ProgrammingPHP Secure Programming
PHP Secure ProgrammingBalavignesh Kasinathan
 
Building @Anywhere (for TXJS)
Building @Anywhere (for TXJS)Building @Anywhere (for TXJS)
Building @Anywhere (for TXJS)danwrong
 
Enhancing Mobile User Experience with WebSocket
Enhancing Mobile User Experience with WebSocketEnhancing Mobile User Experience with WebSocket
Enhancing Mobile User Experience with WebSocketMauricio "Maltron" Leal
 
Itsecteam shell
Itsecteam shellItsecteam shell
Itsecteam shellady36
 
A simple html login page using java s
A simple html login page using java sA simple html login page using java s
A simple html login page using java sJoel Bisonzi
 
Web Security Horror Stories
Web Security Horror StoriesWeb Security Horror Stories
Web Security Horror StoriesSimon Willison
 
Easy logins for JavaScript web applications
Easy logins for JavaScript web applicationsEasy logins for JavaScript web applications
Easy logins for JavaScript web applicationsFrancois Marier
 
Passwords suck, but centralized proprietary services are not the answer
Passwords suck, but centralized proprietary services are not the answerPasswords suck, but centralized proprietary services are not the answer
Passwords suck, but centralized proprietary services are not the answerFrancois Marier
 

More Related Content

What's hot

Smashing the stats for fun (and profit)
Smashing the stats for fun (and profit)Smashing the stats for fun (and profit)
Smashing the stats for fun (and profit)Security B-Sides
 
Proxy authentication Itoug TechDays 2019
Proxy authentication Itoug TechDays 2019Proxy authentication Itoug TechDays 2019
Proxy authentication Itoug TechDays 2019Enrico Cairo
 
The web beyond "usernames & passwords"
The web beyond "usernames & passwords"The web beyond "usernames & passwords"
The web beyond "usernames & passwords"Francois Marier
 
Killing Passwords with JavaScript
Killing Passwords with JavaScriptKilling Passwords with JavaScript
Killing Passwords with JavaScriptFrancois Marier
 
Logs: O que comem, onde vivem e como se reproduzem.
Logs: O que comem, onde vivem e como se reproduzem.Logs: O que comem, onde vivem e como se reproduzem.
Logs: O que comem, onde vivem e como se reproduzem.Augusto Pascutti
 
String.fromCharCode(60)script>alert("XSS")String.fromCharCode(60)/script>
String.fromCharCode(60)script>alert("XSS")String.fromCharCode(60)/script>String.fromCharCode(60)script>alert("XSS")String.fromCharCode(60)/script>
String.fromCharCode(60)script>alert("XSS")String.fromCharCode(60)/script>Muhammad Sohail
 
PHP Backdoor: The rise of the vuln
PHP Backdoor: The rise of the vulnPHP Backdoor: The rise of the vuln
PHP Backdoor: The rise of the vulnSandro Zaccarini
 
Security and Mobility - WordCamp Porto 2016
Security and Mobility - WordCamp Porto 2016Security and Mobility - WordCamp Porto 2016
Security and Mobility - WordCamp Porto 2016Marcel Schmitz
 
2013 05-03 - HTML5 & JavaScript Security
2013 05-03 - HTML5 & JavaScript Security2013 05-03 - HTML5 & JavaScript Security
2013 05-03 - HTML5 & JavaScript SecurityJohannes Hoppe
 
32373 uploading-php-shell-through-sql-injection
32373 uploading-php-shell-through-sql-injection32373 uploading-php-shell-through-sql-injection
32373 uploading-php-shell-through-sql-injectionAttaporn Ninsuwan
 
Keep It Simple Security (Symfony cafe 28-01-2016)
Keep It Simple Security (Symfony cafe 28-01-2016)Keep It Simple Security (Symfony cafe 28-01-2016)
Keep It Simple Security (Symfony cafe 28-01-2016)Oleg Zinchenko
 
Building @Anywhere (for TXJS)
Building @Anywhere (for TXJS)Building @Anywhere (for TXJS)
Building @Anywhere (for TXJS)danwrong
 
Enhancing Mobile User Experience with WebSocket
Enhancing Mobile User Experience with WebSocketEnhancing Mobile User Experience with WebSocket
Enhancing Mobile User Experience with WebSocketMauricio "Maltron" Leal
 
Itsecteam shell
Itsecteam shellItsecteam shell
Itsecteam shellady36
 
A simple html login page using java s
A simple html login page using java sA simple html login page using java s
A simple html login page using java sJoel Bisonzi
 
Web Security Horror Stories
Web Security Horror StoriesWeb Security Horror Stories
Web Security Horror StoriesSimon Willison
 

What's hot (20)

Smashing the stats for fun (and profit)
Smashing the stats for fun (and profit)Smashing the stats for fun (and profit)
Smashing the stats for fun (and profit)
 
Proxy authentication Itoug TechDays 2019
Proxy authentication Itoug TechDays 2019Proxy authentication Itoug TechDays 2019
Proxy authentication Itoug TechDays 2019
 
The web beyond "usernames & passwords"
The web beyond "usernames & passwords"The web beyond "usernames & passwords"
The web beyond "usernames & passwords"
 
Killing Passwords with JavaScript
Killing Passwords with JavaScriptKilling Passwords with JavaScript
Killing Passwords with JavaScript
 
Porque VIM?
Porque VIM?Porque VIM?
Porque VIM?
 
Logs: O que comem, onde vivem e como se reproduzem.
Logs: O que comem, onde vivem e como se reproduzem.Logs: O que comem, onde vivem e como se reproduzem.
Logs: O que comem, onde vivem e como se reproduzem.
 
String.fromCharCode(60)script>alert("XSS")String.fromCharCode(60)/script>
String.fromCharCode(60)script>alert("XSS")String.fromCharCode(60)/script>String.fromCharCode(60)script>alert("XSS")String.fromCharCode(60)/script>
String.fromCharCode(60)script>alert("XSS")String.fromCharCode(60)/script>
 
PHP Backdoor: The rise of the vuln
PHP Backdoor: The rise of the vulnPHP Backdoor: The rise of the vuln
PHP Backdoor: The rise of the vuln
 
Security and Mobility - WordCamp Porto 2016
Security and Mobility - WordCamp Porto 2016Security and Mobility - WordCamp Porto 2016
Security and Mobility - WordCamp Porto 2016
 
2013 05-03 - HTML5 & JavaScript Security
2013 05-03 - HTML5 & JavaScript Security2013 05-03 - HTML5 & JavaScript Security
2013 05-03 - HTML5 & JavaScript Security
 
load errorcmd
load errorcmd load errorcmd
load errorcmd
 
Ruby Robots
Ruby RobotsRuby Robots
Ruby Robots
 
32373 uploading-php-shell-through-sql-injection
32373 uploading-php-shell-through-sql-injection32373 uploading-php-shell-through-sql-injection
32373 uploading-php-shell-through-sql-injection
 
Keep It Simple Security (Symfony cafe 28-01-2016)
Keep It Simple Security (Symfony cafe 28-01-2016)Keep It Simple Security (Symfony cafe 28-01-2016)
Keep It Simple Security (Symfony cafe 28-01-2016)
 
PHP Secure Programming
PHP Secure ProgrammingPHP Secure Programming
PHP Secure Programming
 
Building @Anywhere (for TXJS)
Building @Anywhere (for TXJS)Building @Anywhere (for TXJS)
Building @Anywhere (for TXJS)
 
Enhancing Mobile User Experience with WebSocket
Enhancing Mobile User Experience with WebSocketEnhancing Mobile User Experience with WebSocket
Enhancing Mobile User Experience with WebSocket
 
Itsecteam shell
Itsecteam shellItsecteam shell
Itsecteam shell
 
A simple html login page using java s
A simple html login page using java sA simple html login page using java s
A simple html login page using java s
 
Web Security Horror Stories
Web Security Horror StoriesWeb Security Horror Stories
Web Security Horror Stories
 

Similar to Taking the pain out of signing users in

Easy logins for JavaScript web applications
Easy logins for JavaScript web applicationsEasy logins for JavaScript web applications
Easy logins for JavaScript web applicationsFrancois Marier
 
Passwords suck, but centralized proprietary services are not the answer
Passwords suck, but centralized proprietary services are not the answerPasswords suck, but centralized proprietary services are not the answer
Passwords suck, but centralized proprietary services are not the answerFrancois Marier
 
Securing the Web without site-specific passwords
Securing the Web without site-specific passwordsSecuring the Web without site-specific passwords
Securing the Web without site-specific passwordsFrancois Marier
 
Easy logins for PHP web applications
Easy logins for PHP web applicationsEasy logins for PHP web applications
Easy logins for PHP web applicationsFrancois Marier
 
Building Persona: federated and privacy-sensitive identity for the Web (Open ...
Building Persona: federated and privacy-sensitive identity for the Web (Open ...Building Persona: federated and privacy-sensitive identity for the Web (Open ...
Building Persona: federated and privacy-sensitive identity for the Web (Open ...Francois Marier
 
The problem with passwords on the web and what to do about it
The problem with passwords on the web and what to do about itThe problem with passwords on the web and what to do about it
The problem with passwords on the web and what to do about itFrancois Marier
 
Building Persona: federated and privacy-sensitive identity for the Web (LCA 2...
Building Persona: federated and privacy-sensitive identity for the Web (LCA 2...Building Persona: federated and privacy-sensitive identity for the Web (LCA 2...
Building Persona: federated and privacy-sensitive identity for the Web (LCA 2...Francois Marier
 
Securing the Web without site-specific passwords
Securing the Web without site-specific passwordsSecuring the Web without site-specific passwords
Securing the Web without site-specific passwordsFrancois Marier
 
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and more
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and moreSymfony Guard Authentication: Fun with API Token, Social Login, JWT and more
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and moreRyan Weaver
 
Do you want a SDK with that API? (Nordic APIS April 2014)
Do you want a SDK with that API? (Nordic APIS April 2014)Do you want a SDK with that API? (Nordic APIS April 2014)
Do you want a SDK with that API? (Nordic APIS April 2014)Nordic APIs
 
Mozilla Persona for your domain
Mozilla Persona for your domainMozilla Persona for your domain
Mozilla Persona for your domainFrancois Marier
 
Workshop 1: Good practices in JavaScript
Workshop 1: Good practices in JavaScriptWorkshop 1: Good practices in JavaScript
Workshop 1: Good practices in JavaScriptVisual Engineering
 
Virtual Madness @ Etsy
Virtual Madness @ EtsyVirtual Madness @ Etsy
Virtual Madness @ EtsyNishan Subedi
 
KISS: Keep It Simple Security - Oleg Zinchenko - Symfony Cafe Kyiv
KISS: Keep It Simple Security - Oleg Zinchenko - Symfony Cafe KyivKISS: Keep It Simple Security - Oleg Zinchenko - Symfony Cafe Kyiv
KISS: Keep It Simple Security - Oleg Zinchenko - Symfony Cafe KyivGrossum Software Outsourcing
 
KISS: Keep It Simple Security - Oleg Zinchenko - Symfony Cafe Kyiv
KISS: Keep It Simple Security - Oleg Zinchenko - Symfony Cafe KyivKISS: Keep It Simple Security - Oleg Zinchenko - Symfony Cafe Kyiv
KISS: Keep It Simple Security - Oleg Zinchenko - Symfony Cafe KyivGrossum
 
Authenticating and Securing Node.js APIs
Authenticating and Securing Node.js APIsAuthenticating and Securing Node.js APIs
Authenticating and Securing Node.js APIsJimmy Guerrero
 

Similar to Taking the pain out of signing users in (20)

Easy logins for JavaScript web applications
Easy logins for JavaScript web applicationsEasy logins for JavaScript web applications
Easy logins for JavaScript web applications
 
Passwords suck, but centralized proprietary services are not the answer
Passwords suck, but centralized proprietary services are not the answerPasswords suck, but centralized proprietary services are not the answer
Passwords suck, but centralized proprietary services are not the answer
 
Securing the Web without site-specific passwords
Securing the Web without site-specific passwordsSecuring the Web without site-specific passwords
Securing the Web without site-specific passwords
 
Easy logins for PHP web applications
Easy logins for PHP web applicationsEasy logins for PHP web applications
Easy logins for PHP web applications
 
Building Persona: federated and privacy-sensitive identity for the Web (Open ...
Building Persona: federated and privacy-sensitive identity for the Web (Open ...Building Persona: federated and privacy-sensitive identity for the Web (Open ...
Building Persona: federated and privacy-sensitive identity for the Web (Open ...
 
The problem with passwords on the web and what to do about it
The problem with passwords on the web and what to do about itThe problem with passwords on the web and what to do about it
The problem with passwords on the web and what to do about it
 
Building Persona: federated and privacy-sensitive identity for the Web (LCA 2...
Building Persona: federated and privacy-sensitive identity for the Web (LCA 2...Building Persona: federated and privacy-sensitive identity for the Web (LCA 2...
Building Persona: federated and privacy-sensitive identity for the Web (LCA 2...
 
R57.Php
R57.PhpR57.Php
R57.Php
 
Securing the Web without site-specific passwords
Securing the Web without site-specific passwordsSecuring the Web without site-specific passwords
Securing the Web without site-specific passwords
 
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and more
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and moreSymfony Guard Authentication: Fun with API Token, Social Login, JWT and more
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and more
 
Vagrant for real
Vagrant for realVagrant for real
Vagrant for real
 
Do you want a SDK with that API? (Nordic APIS April 2014)
Do you want a SDK with that API? (Nordic APIS April 2014)Do you want a SDK with that API? (Nordic APIS April 2014)
Do you want a SDK with that API? (Nordic APIS April 2014)
 
Angular Workshop_Sarajevo2
Angular Workshop_Sarajevo2Angular Workshop_Sarajevo2
Angular Workshop_Sarajevo2
 
PhpBB meets Symfony2
PhpBB meets Symfony2PhpBB meets Symfony2
PhpBB meets Symfony2
 
Mozilla Persona for your domain
Mozilla Persona for your domainMozilla Persona for your domain
Mozilla Persona for your domain
 
Workshop 1: Good practices in JavaScript
Workshop 1: Good practices in JavaScriptWorkshop 1: Good practices in JavaScript
Workshop 1: Good practices in JavaScript
 
Virtual Madness @ Etsy
Virtual Madness @ EtsyVirtual Madness @ Etsy
Virtual Madness @ Etsy
 
KISS: Keep It Simple Security - Oleg Zinchenko - Symfony Cafe Kyiv
KISS: Keep It Simple Security - Oleg Zinchenko - Symfony Cafe KyivKISS: Keep It Simple Security - Oleg Zinchenko - Symfony Cafe Kyiv
KISS: Keep It Simple Security - Oleg Zinchenko - Symfony Cafe Kyiv
 
KISS: Keep It Simple Security - Oleg Zinchenko - Symfony Cafe Kyiv
KISS: Keep It Simple Security - Oleg Zinchenko - Symfony Cafe KyivKISS: Keep It Simple Security - Oleg Zinchenko - Symfony Cafe Kyiv
KISS: Keep It Simple Security - Oleg Zinchenko - Symfony Cafe Kyiv
 
Authenticating and Securing Node.js APIs
Authenticating and Securing Node.js APIsAuthenticating and Securing Node.js APIs
Authenticating and Securing Node.js APIs
 

More from Francois Marier

Security and Privacy settings for Firefox Power Users
Security and Privacy settings for Firefox Power UsersSecurity and Privacy settings for Firefox Power Users
Security and Privacy settings for Firefox Power UsersFrancois Marier
 
Getting Browsers to Improve the Security of Your Webapp
Getting Browsers to Improve the Security of Your WebappGetting Browsers to Improve the Security of Your Webapp
Getting Browsers to Improve the Security of Your WebappFrancois Marier
 
Hardening Firefox for Security and Privacy
Hardening Firefox for Security and PrivacyHardening Firefox for Security and Privacy
Hardening Firefox for Security and PrivacyFrancois Marier
 
Security and Privacy on the Web in 2016
Security and Privacy on the Web in 2016Security and Privacy on the Web in 2016
Security and Privacy on the Web in 2016Francois Marier
 
Privacy and Tracking Protection in Firefox
Privacy and Tracking Protection in FirefoxPrivacy and Tracking Protection in Firefox
Privacy and Tracking Protection in FirefoxFrancois Marier
 
Security and Privacy on the Web in 2015
Security and Privacy on the Web in 2015Security and Privacy on the Web in 2015
Security and Privacy on the Web in 2015Francois Marier
 
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptFrancois Marier
 
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptFrancois Marier
 
Outsourcing your webapp maintenance to Debian
Outsourcing your webapp maintenance to DebianOutsourcing your webapp maintenance to Debian
Outsourcing your webapp maintenance to DebianFrancois Marier
 
Login de usuários: podemos fazer algo melhor que usar senhas ou serviços cent...
Login de usuários: podemos fazer algo melhor que usar senhas ou serviços cent...Login de usuários: podemos fazer algo melhor que usar senhas ou serviços cent...
Login de usuários: podemos fazer algo melhor que usar senhas ou serviços cent...Francois Marier
 
Persona: un système d'identité pour le Web
Persona: un système d'identité pour le WebPersona: un système d'identité pour le Web
Persona: un système d'identité pour le WebFrancois Marier
 

More from Francois Marier (12)

Security and Privacy settings for Firefox Power Users
Security and Privacy settings for Firefox Power UsersSecurity and Privacy settings for Firefox Power Users
Security and Privacy settings for Firefox Power Users
 
Getting Browsers to Improve the Security of Your Webapp
Getting Browsers to Improve the Security of Your WebappGetting Browsers to Improve the Security of Your Webapp
Getting Browsers to Improve the Security of Your Webapp
 
Hardening Firefox for Security and Privacy
Hardening Firefox for Security and PrivacyHardening Firefox for Security and Privacy
Hardening Firefox for Security and Privacy
 
Security and Privacy on the Web in 2016
Security and Privacy on the Web in 2016Security and Privacy on the Web in 2016
Security and Privacy on the Web in 2016
 
Privacy and Tracking Protection in Firefox
Privacy and Tracking Protection in FirefoxPrivacy and Tracking Protection in Firefox
Privacy and Tracking Protection in Firefox
 
Security and Privacy on the Web in 2015
Security and Privacy on the Web in 2015Security and Privacy on the Web in 2015
Security and Privacy on the Web in 2015
 
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScript
 
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScript
 
Outsourcing your webapp maintenance to Debian
Outsourcing your webapp maintenance to DebianOutsourcing your webapp maintenance to Debian
Outsourcing your webapp maintenance to Debian
 
URL to HTML
URL to HTMLURL to HTML
URL to HTML
 
Login de usuários: podemos fazer algo melhor que usar senhas ou serviços cent...
Login de usuários: podemos fazer algo melhor que usar senhas ou serviços cent...Login de usuários: podemos fazer algo melhor que usar senhas ou serviços cent...
Login de usuários: podemos fazer algo melhor que usar senhas ou serviços cent...
 
Persona: un système d'identité pour le Web
Persona: un système d'identité pour le WebPersona: un système d'identité pour le Web
Persona: un système d'identité pour le Web
 

Recently uploaded

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

Taking the pain out of signing users in