User Identity

Transcript

1. @qnoid www qnoid.com Wednesday, 12 December 12

2. How to add users to your mobile app iOS Wednesday,

   12 December 12

3. [email protected] Identity *by email Wednesday, 12 December 12

4. Residence *iPhone d169281479a1ccdb95eb611f48886206193d72f6*sha • world wide unique • secure enough

   1. http://en.wikipedia.org/wiki/SHA-1#Comparison_of_SHA_functions 1 “Theoretical attack (2^51)” Wednesday, 12 December 12

5. Store Identity+Residence client keychain • private [SSKeychain setPassword:residence forService:@”com.qnoid” account:email

   error:&error]; 1. https://github.com/soffes/sskeychain 1 Wednesday, 12 December 12

6. Transmit Identity+Residence*securely { "email":"[email protected]" "residence":"d169281479a1ccdb95eb611f48886206193d72f6" } Wednesday, 12 December 12

7. Create user @user = User.new( :email => @email, :residence =>

   BCrypt::Password.create(@residence), :token => Digest::SHA1.hexdigest @email + @residence) *ruby, rails n00b salt + hash 1. http://codahale.com/how-to-safely-store-a-password/ 1 Wednesday, 12 December 12

8. Email token to user to verify mail(:to => @email, :subject

   => "Please verify your email") Wednesday, 12 December 12

9. Authorise user @user = User.find_by_token(@token) @user.isAuthorised = true Wednesday, 12

   December 12

10. Welcome!*to your residence When signing in, use [email protected] Wednesday, 12

    December 12

11. New Residence? Iterate Wednesday, 12 December 12

12. Delete a residence*on the client [email protected] delete Wednesday, 12 December

    12

13. Demo *get your QR scanners ready Wednesday, 12 December 12

14. Discussion http://goo.gl/H5z0w Wednesday, 12 December 12