Upload File

browserid: distributed identity in the browser

36
Francois Marier <[email protected]>

Upload: francois-marier

Post on 08-May-2015

2.194 views

Category:

Technology


1 download

Report

DESCRIPTION

BrowserID is a new web login mechanism with strong privacy protection where your browser is the trusted intermediary. Backed by Mozilla, it is based on the simple idea of a user proving that they own an email address, with a generous sprinkling of crypto under the hood. What makes this solution different is that it is designed to be simple (both for users and developers), distributed and privacy-protecting.

TRANSCRIPT

Page 1: BrowserID: Distributed Identity in the Browser

Francois Marier <[email protected]>

Page 2: BrowserID: Distributed Identity in the Browser
Page 3: BrowserID: Distributed Identity in the Browser

Existing Solutions

Page 4: BrowserID: Distributed Identity in the Browser

Client Certificates

Page 5: BrowserID: Distributed Identity in the Browser

Outsource Identity

Page 6: BrowserID: Distributed Identity in the Browser

Be an OpenID Consumer

Page 7: BrowserID: Distributed Identity in the Browser

usability

Page 8: BrowserID: Distributed Identity in the Browser

usability reliability

Page 9: BrowserID: Distributed Identity in the Browser

usability reliability

lock-in

Page 10: BrowserID: Distributed Identity in the Browser

usability reliability

lock-in privacy

Page 11: BrowserID: Distributed Identity in the Browser

wanted:

better web loginswith strong

privacy protection

Page 12: BrowserID: Distributed Identity in the Browser

”“It's about you proving to a websitethat you own an email address.

Page 13: BrowserID: Distributed Identity in the Browser

simple

Page 14: BrowserID: Distributed Identity in the Browser

simple distributed

Page 15: BrowserID: Distributed Identity in the Browser

simple distributed

privacy-protecting

Page 16: BrowserID: Distributed Identity in the Browser
Page 17: BrowserID: Distributed Identity in the Browser
Page 18: BrowserID: Distributed Identity in the Browser
Page 19: BrowserID: Distributed Identity in the Browser
Page 20: BrowserID: Distributed Identity in the Browser
Page 21: BrowserID: Distributed Identity in the Browser
Page 22: BrowserID: Distributed Identity in the Browser

you have a signed statement fromgmail that you own your email address

Page 23: BrowserID: Distributed Identity in the Browser
Page 24: BrowserID: Distributed Identity in the Browser
Page 25: BrowserID: Distributed Identity in the Browser
Page 26: BrowserID: Distributed Identity in the Browser
Page 27: BrowserID: Distributed Identity in the Browser
Page 28: BrowserID: Distributed Identity in the Browser
Page 29: BrowserID: Distributed Identity in the Browser
Page 30: BrowserID: Distributed Identity in the Browser

Is it really that awesome?

Page 31: BrowserID: Distributed Identity in the Browser

Is it really that awesome?

Not quite, but it it will be!

Page 32: BrowserID: Distributed Identity in the Browser

Adding BrowserID to your application

Step 1: enable BrowserID

<script src="https://browserid.org/include.js"></script>

Page 33: BrowserID: Distributed Identity in the Browser

Adding BrowserID to your application

Step 2: get user's identitynavigator.id.get(function(assertion) {

if (assertion) { // User picked an email address ... } else { // User cancelled ... }

});

Page 34: BrowserID: Distributed Identity in the Browser

Adding BrowserID to your application

Step 3: verify user's identity$ curl -d "assertion=<ASSERTION>&audience=http://mysite.com" "https://browserid.org/verify"

Page 35: BrowserID: Distributed Identity in the Browser

Adding BrowserID to your application

Step 3: verify user's identity$ curl -d "assertion=<ASSERTION>&audience=http://mysite.com" "https://browserid.org/verify"

{ "status": "okay", "email": "[email protected]", "audience": "http://mysite.com", "expires": 1308859352261, "issuer": "browserid.org"}

Page 36: BrowserID: Distributed Identity in the Browser

Learn more

https://browserid.org

http://lloyd.io/how-browserid-works

http://mozilla.github.com/browserid-field-guide/

http://myfavoritebeer.org

Copyright © 2012 François MarierReleased under the terms of the Creative CommonsAttribution Share Alike 3.0 Unported Licence

fmarier fmarier

https://browserid.org/
http://lloyd.io/how-browserid-works
http://mozilla.github.com/browserid-field-guide/
http://myfavoritebeer.org/
http://twitter.com/fmarier
http://identi.ca/fmarier

Secure Browser Installation Manual · Section I. Introduction to the Secure Browser Manual The secure browser is a web browser for taking online assessments. The secure browser prevents

Identity Theft Prevention & Resolution Kit - First Hope · Identity Theft Prevention ... system and Web browser software ... involving an ATM or debit card or any other electronic

QlikView Full Browser User Manual - AccessPoint Full Browser User... · QlikView Full Browser User Manual ... This document is a brief manual for QlikView Full Browser client,

ENCODE element browser and 3D genome browser

SumTotal Learn Enterprise 2014.2 Browser Settings Browser Settings.pdf · SumTotal Learn Enterprise 2014.2 Browser Settings . Click Click

Mozilla mission and the future: BrowserID, Appstore and WebFWD

Quarterly Report - Opera browser - The alternative web browser

ACCENTURE ANALYTICS BOTgo.qlik.com/.../Accenture_Session_Presentation.pdf · Browser Azure Bot Service Azure Identity validation Language Understanding (LUIS) Microsoft Azure Platform

Introduction Methodology Results-1accessed with two smartphones: HTC Hero & SAMSUNG Galaxy S2 (SGSII). The services were protected by four : username/password, OpenID, SAML & BrowserID

AuthScan:*Automac*Extrac-on*of*Web* Authen …€¦ · Web*Authen-caon*Schemes*&*Single*SignKOn • SingleSignOn(SSO) – BrowserID*(Mozilla)* – Facebook*Connect* • 250+Million*users,**2,000,000*websites*

Best web browser- Nano browser pvt ltd

Federal Identity, Credentialing, and Access Management ... · PDF fileFederal Identity, Credentialing, and Access Management Security Assertion Markup Language (SAML) 2.0 Web Browser

Identity Management - George Brown Collegeelearning.georgebrown.ca/pdf/crosslist.pdf · 2018-08-31 · 1. From an Internet browser window (e.g. Microsoft Edge or Google Chrome), proceed

Enriching Web Applications with Browser-to-Browser ...asc.di.fct.unl.pt/~jleitao/students/AlbertLindeMsc.pdf · Enriching Web Applications with Browser-to-Browser Communication

Secure Element Access from a Web browser W3C Workshop on Authentication, Hardware Tokens and Beyond 11 September 2014 1 Oberthur Technologies – Identity

Indonesia Most Popular Mobile Browser Apps 2014. TOPLINE... · Browser (68.5%) and Opera Browser (61.0%) still dominate. However, when viewed from the Aided or Browser Apps However,

Web Browser Security - TU Berlin · 2 3 Browser and Network Browser Network Browser sends requests May reveal private information (in forms, cookies) Browser receives information,

Web Browser Security - TU Berlin · 3 5 Browser security landscape Browser design vulnerabilities Does the browser design, if implemented properly, prevent malicious attacks? Main

Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)

© 2005 Comodo Inc. - APWGdocs.apwg.org/sponsors_technical_papers/Identity... · Internet, highlighting the potentially devastating consequences of today’s browser tool set not

Developing a Browser Geocoder Using REST API and ASP · REST API and ASP.NET Bhavdeep S Sachdev. The Browser Geocoder. The Browser Geocoder. The Browser Geocoder. The Browser Geocoder

Browser Security Modelnetseclab.mu.edu.tr/lectures/ceng/ceng3544/Slides/14-browser-sec-model.pdfFour lectures on Web security Browser security model The browser as an OS and execution

eID Security - OECD.org - OECDwith eID Authentication certificate “Challenge” to verify Client Identity (3) Encrypt “Challenge” with eID Private Key (4) (5) Browser client

The mobile browser world - Quirks ModeParis-Web, 14 October 2011. The Stack Browser OS Device. The Stack Browser OS Device. The Stack Browser OS Device. The Stack Browser OS Device

Let's Encrypt: An Automated CertificateAuthority to ... · browser-trusted CA designed for complete automation: identity validation and certificate issuance are fully robotic, and

The Web’s Identity Crisis: Understanding the Effectiveness ... · However, much of the work that studies the effectiveness of website identity indicators is dated, testing browser

ACTIVinspire CheatSheetACTIVinspire CheatSheet page 3 Browser The Browser starts off on your left. Page Browser Like Microsoft PowerPoint's slide sorter, the Page Browser allows you

BOURTONBOURTON 1918-2018 BROWSER BROWSER · BOURTONBOURTON BROWSER BROWSER ISSUE NO 235 November 2018 PARISH COUNCIL NOTES The DEADLINE for Adverts & Articles for the December 2018

Understanding Mobile Web Browser Performanceassets.en.oreilly.com/1/event/60/Understanding Mobile Web Browser...Understanding Mobile Web Browser Performance 1 ... Topics!Mobile browser

Oracle Identity Manager Business Overvie · Comprehensive Audit and Compliance Management ... OIM provides a browser-based tool to request ... Oracle Identity Manager – Business

PERSONAL SAFETY protecting your identity...proactive makes it harder for identity thieves to take advantage of your good name. • Use a pop-up blocker with your browser. • Always

IBM Security Role and Policy Modeler: Planning Guide...Identity and Entitlement Database (DB/2, Oracle) Web Browser (Firefox, Internet Explorer) WebSphere Application Server 7.0 Single

Camera Browser Interface - Bosch Securityresource.boschsecurity.us/documents/NIN_932_Operation_Manual_enUS... · Camera Browser Interface Browser connection | en 13 Bosch Security

AuthScan: Automatic Extraction of Web Authentication Protocols …€¦ · Web Authentication Schemes & Single Sign-On •Single Sign-On (SSO) –BrowserID (Mozilla) –Facebook Connect

Browser Identity Provider Access Control Application