Upload File

mozilla browserid/persona (2012 mdn hack day ldn)

32
Jean-Yves Perrier (Mozilla) / May 12th, 2012 @teoli2003 MDN Hack Day — London Persona / BrowserID Proving your identity without giving up your privacy.

Upload: teoli2003

Post on 05-Dec-2014

959 views

Category:

Technology


2 download

Report

DESCRIPTION

What is Persona? A new convenient way to prove your identity without giving yourprivacy

TRANSCRIPT

Page 1: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)

Jean-Yves Perrier (Mozilla) / May 12th, 2012@teoli2003

MDN Hack Day — London

Persona / BrowserIDProving your identity without giving up

your privacy.

Page 2: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)
Page 3: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)
Page 4: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)

Multidevice but only Firefox

Consequence : Must be platform independant 

Page 5: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)

Hey ! We have these !

Page 6: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)
Page 7: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)
Page 8: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)

Is this an identity ?

Page 9: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)

For the user :

SecureSimple to use

Single sign-on : one passwordRespect privacy

Independant of the browserIndependant of the device

Feel as a real identity

Page 10: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)

HashingMD5 — SHA1 — SHA128 ?

Salting

Ensuring strong password usage

Procedures- initial authentication

- password lost- disaster recovery

- keeping up with the algo

Page 11: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)

For the site :Secure

Simple to useRespect privacy (no 3rd party take the

customer relation)Independant of the browserIndependant of the device

Feel as a real identityLess maintenance burden

Page 12: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)

Introducing Persona and BrowserID

BrowserID : the protocolPersona : its incarnation in the Mozilla products

Page 13: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)

The BrowserID protocol

Provide authentificationSecure

Doesn't leak any more information

Page 14: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)

Identity = e-mail address

It is a fully distributed system with billions of accounts across countless host providers

Users understand what an email address is and what it represents

It naturally allows for the use pseudonyms

It relies on the distributed Domain Name System (DNS) for name lookup

Page 15: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)

The actors

Relying Partya site or service that depends on a federated identity provider

Identity Providera site or service that provides identity assertions for 3rd party consumption

User

Page 16: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)

Step 0. Registration with the Identity

Provider

Page 17: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)
Page 18: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)
Page 19: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)
Page 20: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)
Page 21: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)
Page 22: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)

Step 1. User certificate provisioning

Page 23: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)
Page 24: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)

Step 2. Assertion generation and

verification

Page 25: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)
Page 26: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)

The code...

Page 27: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)

Client-side

Page 28: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)

Server-side

In the future, libraries will be provided allowing this to be done on the server.

Page 29: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)

What's next ?

Page 30: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)

Links/Docs

News about Persona : http://identity.mozilla.com/The MDN entry point : https://developer.mozilla.org/en/BrowserID

Client-side code : https://developer.mozilla.org/en/BrowserID/Quick_SetupServer-side code : https://developer.mozilla.org/en/BrowserID/Remote_Verification_API

Numerous CMS/servers integration done : https://github.com/mozilla/browserid/wiki/BrowserID-Libraries

Examples : https://github.com/mozilla/browserid-cookbook

Security tips : https://developer.mozilla.org/en/BrowserID/Security_Considerations

http://identity.mozilla.com/
https://developer.mozilla.org/en/BrowserID
https://developer.mozilla.org/en/BrowserID/Quick_Setup
https://github.com/mozilla/browserid/wiki/BrowserID-Libraries
Page 31: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)

Q&A

Page 32: Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)

Thanks for the attention


LDN Best Website

MDN Welcome Session

Mdn (dhkwomoz)

Regular Expressions - JavaScript _ MDN

MDN Roadmap 2010

Health - DEPED-LDN

UBE LDN LOOK BOOK

Lesson 5: Vitamins Presented by: Dana Kennedy, RDN LDN Jessica Quinn, RDN LDN Jessica Quinn, RDN LDN

BrowserID: Distributed Identity in the Browser

MDN Girls collection S2014

Google LDN (E-book)

Hack the mdn

I AM LDN 05

MDN Hospital Credentialing

MDN Development & Web Documentation

MTB-MLE - DEPED-LDN

Mozilla mission and the future: BrowserID, Appstore and WebFWD

LDN Travel Guide

Realizacija LDN

The LDN 2017 Conference - Medicor Cancermedicorcancer.com/wp-content/uploads/LDN-2017-Brochure_1.pdfThe LDN 2017 Conference is the only LDN focused event in the world and the premier

Origo mdn 2015

LDN Young Talent Development

Mathematics - DEPED-LDN

Mozilla mdn

HORTICULTURE - DEPED-LDN

MGA REHIYON - DEPED-LDN

Coworking Study - Eaohp Ldn

Dcamp ldn presentation

2014 06-04-presentation-mdn-2014

LDN Muscle BulkingBible

4Y Operation Manual MDN-18S

Presented by: Dana Kennedy, RDN LDN Jessica Quinn, RDN LDN

BrazilJS MDN

Chassie Diagram MDN

LDN 093011