Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)

Jean-Yves Perrier (Mozilla) / May 12th, 2012@teoli2003

MDN Hack Day — London

Persona / BrowserIDProving your identity without giving up

your privacy.

Multidevice but only Firefox

Consequence : Must be platform independant

Hey ! We have these !

Is this an identity ?

For the user :

SecureSimple to use

Single sign-on : one passwordRespect privacy

Independant of the browserIndependant of the device

Feel as a real identity

HashingMD5 — SHA1 — SHA128 ?

Salting

Ensuring strong password usage

Procedures- initial authentication

- password lost- disaster recovery

- keeping up with the algo

For the site :Secure

Simple to useRespect privacy (no 3rd party take the

customer relation)Independant of the browserIndependant of the device

Feel as a real identityLess maintenance burden

Introducing Persona and BrowserID

BrowserID : the protocolPersona : its incarnation in the Mozilla products

The BrowserID protocol

Provide authentificationSecure

Doesn't leak any more information

Identity = e-mail address

It is a fully distributed system with billions of accounts across countless host providers

Users understand what an email address is and what it represents

It naturally allows for the use pseudonyms

It relies on the distributed Domain Name System (DNS) for name lookup

The actors

Relying Partya site or service that depends on a federated identity provider

Identity Providera site or service that provides identity assertions for 3rd party consumption

Step 0. Registration with the Identity

Provider

Step 1. User certificate provisioning

Step 2. Assertion generation and

verification

The code...

Client-side

Server-side

In the future, libraries will be provided allowing this to be done on the server.

What's next ?

Links/Docs

News about Persona : http://identity.mozilla.com/The MDN entry point : https://developer.mozilla.org/en/BrowserID

Client-side code : https://developer.mozilla.org/en/BrowserID/Quick_SetupServer-side code : https://developer.mozilla.org/en/BrowserID/Remote_Verification_API

Numerous CMS/servers integration done : https://github.com/mozilla/browserid/wiki/BrowserID-Libraries

Examples : https://github.com/mozilla/browserid-cookbook

Security tips : https://developer.mozilla.org/en/BrowserID/Security_Considerations

Thanks for the attention

Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)

Technology

Transcript of Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)

MDN Hospital Credentialing

Presented by: Dana Kennedy, RDN LDN Jessica Quinn, RDN LDN

Chassie Diagram MDN

Get fit with ldn

********************************************************** fileLunes 05 Agosto, 2013 HORIZONTE MDN ***** ...

Mathematics - DEPED-LDN

The LDN Book - Chapter 1: The History and Pharmacology of LDN

Regular Expressions - JavaScript _ MDN

Hack the mdn

mmWave Distribution Networks - MDN

The LDN 2017 Conference - Medicor Cancermedicorcancer.com/wp-content/uploads/LDN-2017-Brochure_1.pdfThe LDN 2017 Conference is the only LDN focused event in the world and the premier

LDN Best Website

MDN Girls collection S2014

Mdn (dhkwomoz)

Programa de Gestión Documental - MDN

Coworking Study - Eaohp Ldn

Ldn logopalooza

BrowserID: Distributed Identity in the Browser

MTB-MLE - DEPED-LDN

LDN Architects - Moray

****************************************************** fileLunes 05 Agosto, 2013 HORIZONTE MDN * ...