BrowserID: Distributed Identity in the Browser

Transcript

1. Francois Marier <[email protected]>

2. None

3. Existing Solutions

4. Client Certificates

5. Outsource Identity

6. Be an OpenID Consumer

7. usability

8. usability reliability

9. usability reliability lock-in

10. usability reliability lock-in privacy

11. wanted: better web logins with strong privacy protection

12. ” “ It's about you proving to a website that

    you own an email address.

13. simple

14. simple distributed

15. simple distributed privacy-protecting

16. None
17. None
18. None
19. None
20. None
21. None

22. you have a signed statement from gmail that you own

    your email address
23. None
24. None
25. None
26. None
27. None
28. None
29. None

30. Is it really that awesome?

31. Is it really that awesome? Not quite, but it it

    will be!

32. Adding BrowserID to your application Step 1: enable BrowserID <script

    src="https://browserid.org/include.js"> </script>

33. Adding BrowserID to your application Step 2: get user's identity

    navigator.id.get(function(assertion) { if (assertion) { // User picked an email address ... } else { // User cancelled ... } });

34. Adding BrowserID to your application Step 3: verify user's identity

    $ curl -d "assertion=<ASSERTION>&audience=http://mysite.com" "https://browserid.org/verify"

35. Adding BrowserID to your application Step 3: verify user's identity

    $ curl -d "assertion=<ASSERTION>&audience=http://mysite.com" "https://browserid.org/verify" { "status": "okay", "email": "[email protected]", "audience": "http://mysite.com", "expires": 1308859352261, "issuer": "browserid.org" }

36. Learn more https://browserid.org http://lloyd.io/how-browserid-works http://mozilla.github.com/browserid-field-guide/ http://myfavoritebeer.org Copyright © 2012 François

    Marier Released under the terms of the Creative Commons Attribution Share Alike 3.0 Unported Licence fmarier fmarier