identity in the browser 2011
play

Identity in the Browser 2011 Michael Hanson, Dan Mills, Ben Adida - PowerPoint PPT Presentation

Mar 07, 2024 •373 likes •483 views

Identity in the Browser 2011 Michael Hanson, Dan Mills, Ben Adida A quick history - current and proposed browser identity features Password store & sync Account Manager authentication and session metaprotocol Contacts API

  1. Identity in the Browser 2011 Michael Hanson, Dan Mills, Ben Adida

  2. A quick history - current and proposed browser identity features • Password store & sync • “Account Manager” authentication and session metaprotocol • Contacts API prototype • OpenID sniffer / ID presentation widget

  3. 2010: Account Manager • Metaprotocol for site advertisement of authentication capabilities and session state • Profiles for HTTP Basic, HTTP Form • Very difficult to handle federated cases: huge number of error paths, no clear user model, hard to get agreement across browsers

  4. subgoal: Man a ging Session State • DOM-level announcement of session(s) with identifiers, termination URL or JS callback, optional cookie “trigger” • e.g. navigator.id.sessions = [ { id: “username@email.com”, end: “http://site.com/logout” } ]

  5. Step back: Minimal distributed identity system • Distributed means hostnames. Identifier at hostname? • Current RP systems are all based on email addresses: user-memorable, convenient, recognizable. (but: spammable, correlatable) • RPs treat control of email address as stronger than username/password. • Directed pseudonymity (anonymous remail) is a well-understood property of email. • Discovery of attributes is well understood - stable identifiers help.

  6. a proposal: Verified Email Assertions • navigator.id.getVerifiedEmail( <callback>, challenge) • window.onVerifiedEmail( function(assertion) {...}) native gives a nice UI and stronger security but we’ve got a pure JS, streamed-in API working

  7. Identity provider’s half: • navigator.id.registerVerifiedEmail(id, <pubkey-callback>) • navigator.id.certifyVerifiedEmail(id, <cert>) • public key advertisement/discovery much to discuss: • automated pseudonym provisioning • limitations on register: session-only, non-persist, encrypted only • limitations of key and certificate: long-lived key, short-lived cert? • automatic cert refresh - but with what credential?

  10. • Machines are multiuser • Users are multipersona • Core questions: • From site to user, “who are you”, and “how do I talk to you?” • From user to site, “I am <facet of me>”, and “You may know this about me”

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Nexus of Identity IBM's submission for the W3C Identity in the Browser Workshop by

The Nexus of Identity IBM's submission for the W3C Identity in the Browser Workshop by

The Nexus of Identity IBM's submission for the W3C Identity in the Browser Workshop by Maryann Hondo, Mary Ellen Zurko, Matthew Flaherty, Paula K. Austel, Sridhar Muppidi Net - net of the paper Our customers expect us to give them the

558 views • 9 slides
Identity in the browser at 5. Lessons learned. Paul Trevithick paul@azigo.com

Identity in the browser at 5. Lessons learned. Paul Trevithick paul@azigo.com

Identity in the browser at 5. Lessons learned. Paul Trevithick paul@azigo.com informationcard.net higgins-project.org Tuesday, May 24, 2011 Infocard in 60 seconds flat Tuesday, May 24, 2011 Click: Card picker window appears Tuesday, May 24,

349 views • 11 slides
NSTIC, Privacy and Social Login Presentation at the W3C Workshop on Identity in the Browser

NSTIC, Privacy and Social Login Presentation at the W3C Workshop on Identity in the Browser

NSTIC, Privacy and Social Login Presentation at the W3C Workshop on Identity in the Browser Francisco Corella and Karen P. Lewison Pomcor 1 05/03/2011 Pomcor Getting Rid of Passwords n is one long term goal of NSTIC n But it may

255 views • 7 slides
Identity in the Browser -or- Putting the Cart Before the Horse? Andy Steingruebl and Jeff

Identity in the Browser -or- Putting the Cart Before the Horse? Andy Steingruebl and Jeff

Identity in the Browser -or- Putting the Cart Before the Horse? Andy Steingruebl and Jeff Hodges {asteingruebl,jeff.hodges}@paypal.com PayPal Information Risk Management Position Paper for W3C Workshop on Identity in the Browser May 24

413 views • 9 slides
Mobile Provided Identity Authentication on the Web tle pt by Jonas Hgberg, Ericsson for W3C

Mobile Provided Identity Authentication on the Web tle pt by Jonas Hgberg, Ericsson for W3C

Mobile Provided Identity Authentication on the Web tle pt by Jonas Hgberg, Ericsson for W3C s WS on Identity in the Browser tle pt 24-5th May 11 Mountain View, CA, USA Mobile Provided Identity Authentication itle on the Web pt

298 views • 13 slides
Identity Theft Identity Theft Identity theft occurs when your personal information is stolen

Identity Theft Identity Theft Identity theft occurs when your personal information is stolen

Identity Theft Identity Theft Identity theft occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes Identity theft can cost you time and money. Tips for Preventing Identity Theft

322 views • 10 slides
Authentication and Identity Systems Brad Hill Me iSEC Partners: 2005 Mid-April 2011

Authentication and Identity Systems Brad Hill Me iSEC Partners: 2005 Mid-April 2011

Common Flaws of Distributed Authentication and Identity Systems Brad Hill Me iSEC Partners: 2005 Mid-April 2011 PayPal ISG: Mid-May 2011 - ??? Reminder: This workshops RFP close: Early April 2011 My position paper does not

343 views • 11 slides
Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase Automation and Security. Identity Management (IAM, IdM) defining and managing the roles and access privileges of individual network users, and the

2.89k views • 13 slides
IDENTITY What is the Relationship Between Identity and the College Experience? What Role

IDENTITY What is the Relationship Between Identity and the College Experience? What Role

2/15/2019 Jordan Truex Agenda or Summary Layout The Road to SelfAuthorship NonTraditional Students Effective Interview Strategies Meeting the Student Where They Are IDENTITY What is the Relationship Between Identity and the

367 views • 10 slides
2007 Self morphing viruses 2009 - The Zeus virus Man in the browser attacks no

2007 Self morphing viruses 2009 - The Zeus virus Man in the browser attacks no

2007 Self morphing viruses 2009 - The Zeus virus Man in the browser attacks no browser is safe 2011 300% increase in cyber attacks Who they are Why they do it Who are the targets Our filter processes 3 billion

407 views • 17 slides
Smart Cards Carrying certificates around How do you use your [digital] identity? Install your

Smart Cards Carrying certificates around How do you use your [digital] identity? Install your

4/25/08 Smart Cards Carrying certificates around How do you use your [digital] identity? Install your certificate in browser On-computer keychain file Need there be more? 1 4/25/08 Smart cards Smart card Portable device

316 views • 4 slides
What is Identity Theft? &quot;Someone obtaining your personal identifying information without

What is Identity Theft? &quot;Someone obtaining your personal identifying information without

Identity Fraud: Protecting Your Identity Between Work and Play Ryan Sothan, Outreach Coordinator Nebraska Department of Justice, Office of the Attorney General Consumer Protection and Anti-Trust Division What is Identity Theft?

314 views • 18 slides
Finally Curing The Identity Crisis? (ID-Mapping Re-Re-Re-Visited) sambaXP 2011 Michael Adam

Finally Curing The Identity Crisis? (ID-Mapping Re-Re-Re-Visited) sambaXP 2011 Michael Adam

Finally Curing The Identity Crisis? (ID-Mapping Re-Re-Re-Visited) sambaXP 2011 Michael Adam obnox@samba.org Samba Team / SerNet 2011-05-10 Mini History of ID Mapping in Samba3 up to 3.0.24 simple single configuration idmap backend

623 views • 51 slides
A Secure Architecture for Untrusted Web Browser Plugins Achim Weimert SECT/TU-Berlin March 18,

A Secure Architecture for Untrusted Web Browser Plugins Achim Weimert SECT/TU-Berlin March 18,

A Secure Architecture for Untrusted Web Browser Plugins Achim Weimert SECT/TU-Berlin March 18, 2011 Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 1 / 21 Outline Introduction 1 Design 2 3 Implementation

424 views • 24 slides
Browser and Network request Browser website CS 4803 reply Network OS Computer and Network

Browser and Network request Browser website CS 4803 reply Network OS Computer and Network

Browser and Network request Browser website CS 4803 reply Network OS Computer and Network Security Hardware Alexandra (Sasha) Boldyreva Browser sends requests May reveal private information (in forms, cookies) Web security.

517 views • 7 slides
RequireJS Javascript Modules for the Browser By Ben Keith Quoin, Inc. Traditional Browser JS

RequireJS Javascript Modules for the Browser By Ben Keith Quoin, Inc. Traditional Browser JS

RequireJS Javascript Modules for the Browser By Ben Keith Quoin, Inc. Traditional Browser JS One global namespace Often inline JS code embedded directly in HTML Many &lt;script&gt; tags with hidden ordering dependencies Very

362 views • 15 slides
+ Cyber Security CS301 Fundamentals of Computer Science United States Military Academy + An

+ Cyber Security CS301 Fundamentals of Computer Science United States Military Academy + An

+ Cyber Security CS301 Fundamentals of Computer Science United States Military Academy + An Exercise in Cyber Security n Your identity is a valuable thing that is worth stealing. n Previous courses: how to protect yourself n This

324 views • 15 slides
ECE 7970 Advanced Cryptography Applications in Emerging Wireless Networks Chapter 0:

ECE 7970 Advanced Cryptography Applications in Emerging Wireless Networks Chapter 0:

ECE 7970 Advanced Cryptography Applications in Emerging Wireless Networks Chapter 0: Important information Dr. Mohamed Mahmoud http://iweb.tntech.edu/mmahmoud/ mmahmoud@tntech.edu 1 - Course I nform ation I nstructor : Dr. Mohamed M. E.

426 views • 13 slides
Preview question In the Unix access control model, subjects are primarily identified by their:

Preview question In the Unix access control model, subjects are primarily identified by their:

Preview question In the Unix access control model, subjects are primarily identified by their: CSci 5271 A. email address Introduction to Computer Security Day 9: OS security basics B. username Stephen McCamant C. executable inode

462 views • 6 slides
WiMAX Hacking 2010 Pierce, Goldy, and aSmig feat. sanitybit DEFCON 18 Updated slides, code, and

WiMAX Hacking 2010 Pierce, Goldy, and aSmig feat. sanitybit DEFCON 18 Updated slides, code, and

WiMAX Hacking 2010 Pierce, Goldy, and aSmig feat. sanitybit DEFCON 18 Updated slides, code, and discussion at https://groups.google.com/group/wimax-hacking The Technology WiMAX: a broadband wireless Internet technology 802.16, similar

983 views • 34 slides
and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure

and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure

CS 1655 / Spring 2010 Secure Data Management and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure Coding From: Secure Coding: Principles and Practices by Mark G. Graff &amp; Kenneth R. Van Wyk

753 views • 17 slides
Unix/Linux Forensics Simple Linux Commands date display the date ls list the

Unix/Linux Forensics Simple Linux Commands date display the date ls list the

1 Unix/Linux Forensics Simple Linux Commands date display the date ls list the files in the current directory more display files one screen at a time cat display the contents of a file wc displays

996 views • 57 slides
Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems Daniele

Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems Daniele

PhD Thesis Defense 2019 @ SUTD Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems Daniele Antonioli Singapore University of Technology and Design (SUTD) Daniele Antonioli Design, Implementation, and Evaluation

1.12k views • 77 slides
Administrators Todd Klindt &amp; Shane Young SharePoint911 Who is this Todd guy? WSS MVP

Administrators Todd Klindt &amp; Shane Young SharePoint911 Who is this Todd guy? WSS MVP

402: Taming SQL Server for Administrators Todd Klindt &amp; Shane Young SharePoint911 Who is this Todd guy? WSS MVP since 2006 Speaker, writer, consultant, Aquarius, Ray Romanos stunt double Personal Blog www.toddklindt.com/blog

676 views • 22 slides

More recommend