mozilla browserid/persona (2012 mdn hack day ldn)
DESCRIPTION
What is Persona? A new convenient way to prove your identity without giving yourprivacyTRANSCRIPT
Jean-Yves Perrier (Mozilla) / May 12th, 2012@teoli2003
MDN Hack Day — London
Persona / BrowserIDProving your identity without giving up
your privacy.
Multidevice but only Firefox
Consequence : Must be platform independant
Hey ! We have these !
Is this an identity ?
For the user :
SecureSimple to use
Single sign-on : one passwordRespect privacy
Independant of the browserIndependant of the device
Feel as a real identity
HashingMD5 — SHA1 — SHA128 ?
Salting
Ensuring strong password usage
Procedures- initial authentication
- password lost- disaster recovery
- keeping up with the algo
For the site :Secure
Simple to useRespect privacy (no 3rd party take the
customer relation)Independant of the browserIndependant of the device
Feel as a real identityLess maintenance burden
Introducing Persona and BrowserID
BrowserID : the protocolPersona : its incarnation in the Mozilla products
The BrowserID protocol
Provide authentificationSecure
Doesn't leak any more information
Identity = e-mail address
It is a fully distributed system with billions of accounts across countless host providers
Users understand what an email address is and what it represents
It naturally allows for the use pseudonyms
It relies on the distributed Domain Name System (DNS) for name lookup
The actors
Relying Partya site or service that depends on a federated identity provider
Identity Providera site or service that provides identity assertions for 3rd party consumption
User
Step 0. Registration with the Identity
Provider
Step 1. User certificate provisioning
Step 2. Assertion generation and
verification
The code...
Client-side
Server-side
In the future, libraries will be provided allowing this to be done on the server.
What's next ?
Links/Docs
News about Persona : http://identity.mozilla.com/The MDN entry point : https://developer.mozilla.org/en/BrowserID
Client-side code : https://developer.mozilla.org/en/BrowserID/Quick_SetupServer-side code : https://developer.mozilla.org/en/BrowserID/Remote_Verification_API
Numerous CMS/servers integration done : https://github.com/mozilla/browserid/wiki/BrowserID-Libraries
Examples : https://github.com/mozilla/browserid-cookbook
Security tips : https://developer.mozilla.org/en/BrowserID/Security_Considerations
Q&A
Thanks for the attention