Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Authenticate a user without a username, password, or database

Simon van Dyk
February 08, 2019
Technology
0
33

Authenticate a user without a username, password, or database

How do you authenticate your users? Authentication is such a common feature we don’t even think about it anymore. Let’s challenge the status quo and authenticate a user with, well, nothing. Not even a database, and no API in its place. Do we need databases at all? Let’s talk.

Developed an application exploring the possibility of signing in without a username, password or a database on the web using Elixir/Erlang. I shared this as the closing keynote at Rubyfuza 2019.

Google slides: https://docs.google.com/presentation/d/1XJiBXD6uzWaFYbTXqacBmQZZEuicYN_CcSc2JDmcpUA/edit?usp=sharing

Simon van Dyk

February 08, 2019
Tweet

More Decks by Simon van Dyk

See All by Simon van Dyk
Different programming models develop different mental models
simonvandyk
0
74
Platform45's Mission
simonvandyk
0
80
Fantastic Chatbots and where to find them
simonvandyk
0
190
Platform45's Agile Design & Development Journey
simonvandyk
0
150
Platform45: Our Agile Design and Development Journey
simonvandyk
0
230
Elixir. Much Distributed. Such Reliable.
simonvandyk
1
370
A tale of two testing frameworks
simonvandyk
0
330
Diagnosing Cancer with Machine Learning v3
simonvandyk
0
450
Diagnosing Cancer with Machine Learning v2
simonvandyk
1
110

Other Decks in Technology

See All in Technology
スタートアップの技術顧問を3年間続けて発生した事と気付き
biwakonbu
0
150
Postman v10リリース後を振り返る
nagix
0
110
長期運用プロジェクトでのMySQLからTiDB移行の検証
colopl
1
340
Databricks における 『MLOps』
databricksjapan
2
110
Oracle Exadata Database Service on Cloud@Customer (ExaDB-C@C) - UI スクリーン・キャプチャ集
oracle4engineer
PRO
1
1.1k
SPI原点回帰論:事業課題とFour Keysの結節点を見出す実践的ソフトウェアプロセス改善 / DevOpsDays Tokyo 2024
visional_engineering_and_design
4
1.3k
Autonomous Database Cloud 技術詳細 / adb-s_technical_detail_jp
oracle4engineer
PRO
13
35k
株式会社EventHub・エンジニア採用資料
eventhub
0
1.9k
オブザーバビリティの Primary Signals
onk
PRO
0
530
強みを伸ばすキャリアデザイン
yug1224
0
200
NLP2024 参加報告LT ~RAGの生成評価と懇親戦略~ / nlp2024_attendee_presentation_LT_masuda
taro_masuda
1
190
HEXA OSINT CTF V3 作戦会議
meow_noisy
0
110

Featured

See All Featured
Designing the Hi-DPI Web
ddemaree
276
33k
Why Our Code Smells
bkeepers
PRO
331
56k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
20
1.6k
No one is an island. Learnings from fostering a developers community.
thoeni
14
2.1k
Automating Front-end Workflow
addyosmani
1354
200k
VelocityConf: Rendering Performance Case Studies
addyosmani
319
23k
Code Review Best Practice
trishagee
54
15k
Making the Leap to Tech Lead
cromwellryan
123
8.5k
Fireside Chat
paigeccino
19
2.6k
Done Done
chrislema
178
15k
The Mythical Team-Month
searls
214
42k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
13
1.5k

Transcript

  1. How to authenticate a user without a username, password or

    database
  2. None

  3. this app does nothing .com “This app literally does nothing.”

    TechCrunch

  4. Ricardo García Vega @bigardone Joe Armstrong @joeerl Sarah Drasner @sarah_edo

  5. Some backstory

  6. I really hate computers

  7. This is serious business a little fun

  8. Open your mind

  9. i. Identity claim ii. Identity verification iii. Identity storage How

    does authentication work?

  10. Claim Verify Store How would you do identity claim? a.

    Don’t be silly, just use OAuth b. Gait analysis c. Use their face d. Security is a lie

  11. Claim Verify Store How would you do identity claim? a.

    Don’t be silly, just use OAuth b. Gait analysis c. Use their face d. Security is a lie

  12. Claim Verify Store How would you do identity verification? a.

    Obviously a blood test b. OAuth, you will be assimilated c. Send them an OTP d. Fingerprint or retinal scan

  13. Claim Verify Store How would you do identity verification? a.

    Obviously a blood test b. OAuth, you will be assimilated c. Send them an OTP d. Fingerprint or retinal scan

  14. Claim Verify Store How would you do identity storage? a.

    Throw it in a file - that’s not a database is it? b. Mechanical turk: an army of humans write it out on paper c. Machine learning serverless blockchain™ d. Keep it in memory and never let the server die

  15. Claim Verify Store How would you do identity storage? a.

    Throw it in a file - that’s not a database is it? b. Mechanical turk: an army of humans write it out on paper c. Machine learning serverless blockchain™ d. Keep it in memory and never let the server die

  16. How does nada work?

  17. Claim Verify Store Facial recognition One time pin Memory storage

    Slack’s “magic links” or an OTP sent to an email address Erlang process storing face to email mapping in memory Face to email mapping used to identify a user

  18. Nada Faces API Nada App AWS Rekognition Sign up AWS

    S3 { selfie } { face_id } { email selfie } Claim { email face_id } Store { otp } Verify

  19. Nada Faces API Nada App AWS Rekognition Log in AWS

    S3 { selfie } { face_id } { email face_id } Store { otp } Verify { selfie } Claim

  20. Claim Verify Store Face to email mapping used to identify

    a user Facial recognition # @ Face Face ID Email Image

  21. Claim Verify Store One time pin Slack’s “magic links” or

    an OTP sent to an email address [email protected] Log in

  22. Claim Verify Store One time pin Slack’s “magic links” or

    an OTP sent to an email address [email protected] [email protected] thisappdoesnothing.com/djtufy TO FROM

  23. Claim Verify Store One time pin Slack’s “magic links” or

    an OTP sent to an email address SUCCESS!

  24. Claim Verify Store Memory storage Erlang process storing face to

    email mapping in memory Erlang VM Web server process Agent process ...

  25. Claim Verify Store Memory storage Erlang process storing face to

    email mapping in memory Erlang VM Web server process “a7j3hgdg”: “[email protected]” “jmd739sh”: “[email protected]

  26. Demo

  27. Data storage with Erlang/Elixir

  28. Java Fault-tolerance Erlang “Write once, run anywhere.” “Write once, run

    forever.”

  29. Clojure Java VM Elixir Erlang VM “BEAM”

  30. 2019 Today 2011 ~8 years ago 1986 33 years ago

  31. Object-oriented Functional Process-oriented

  32. “[Erlang] is the language of the system.” Rich Hickey

  33. Erlang data stores • Mnesia • ETS (Erlang Term Storage)

    • Process state (GenServer/Agent) • *Riak

  34. • Are there relationships between the data you store? •

    Are you storing time-related data? • Do you need to be able to look at the database in the past? How do you intend to query the data?

  35. • Relational • Object / Document • Graph • Key-Value

    • Time series • Fact tables Typical data storage options by query

  36. What have we learned?

  37. Have fun

  38. You can do “AI”

  39. A new programming model

  40. Choose a database

  41. Don’t cargo-cult software design

  42. Make a responsible decision

  43. that’s it

  44. None
  45. None

  46. https://github.com/thoughtbot?utf8=%E2%9C%93&q=&type=public&language=elixir

  47. thank you Simon van Dyk @siefi

  48. None