Más contenido relacionado La actualidad más candente (17) Similar a Persona: in your browsers, killing your passwords (20) Más de Francois Marier (15) Persona: in your browsers, killing your passwords1. Persona:
in your browsers,
killing your passwords
François Marier – @fmarier
15. bcrypt
0 1 2
2
per-user salt
o rd
site secret
s s w s
p a & lockoutne
li policies
password
id e
g u
secure recovery
19. # hits
signup signup_complete
20. # hits
lost
cust-
omers
signup signup_complete
25. so...
storing passwords is hard
26. so...
storing passwords is hard
no suitable alternatives
39. you have a signed statement from your
provider that you own your email address
48. assertion
wikipedia.org
Valid for: 2 minutes
49. assertion
wikipedia.org
Valid for: 2 minutes
check audience
50. assertion
wikipedia.org
Valid for: 2 minutes
check audience
check expiry
51. assertion
wikipedia.org
Valid for: 2 minutes
check audience
check expiry
check signature
53. assertion
wikipedia.org
Valid for: 2 minutes
66. connect & express uglify
bcrypt ejs underscore
computer-cluster nodemailer
jwcryto client-sessions
convict winston vows
87. jschannel
localStorage
https://login.persona.org
88. jschannel
localStorage
https://login.persona.org
questions?
93. navigator.id.watch({
loggedInEmail: “francois@mozilla.com”,
onlogin: function (assertion) {
$.post('/login',
{assertion: assertion},
function (data) {
// do something
}
);
},
onlogout: function () {
window.location = '/logout';
}
});
94. navigator.id.watch({
loggedInUser: “francois@mozilla.com”,
onlogin: function (assertion) {
$.post('/login',
{assertion: assertion},
function (data) {
// do something
}
);
},
onlogout: function () {
window.location = '/logout';
}
});
95. navigator.id.watch({
loggedInUser: null,
onlogin: function (assertion) {
$.post('/login',
{assertion: assertion},
function (data) {
// do something
}
);
},
onlogout: function () {
window.location = '/logout';
}
});
96. navigator.id.watch({
loggedInUser: null,
onlogin: function (assertion) {
$.post('/login',
{assertion: assertion},
function (data) {
// do something
}
);
},
onlogout: function () {
window.location = '/logout';
}
});
97. navigator.id.watch({
loggedInUser: null,
onlogin: function (assertion) {
$.post('/login',
{assertion: assertion},
function (data) {
window.location = '/';
}
);
},
onlogout: function () {
window.location = '/logout';
}
});
103. navigator.id.watch({
loggedInUser: null,
onlogin: function (assertion) {
$.post('/login',
{assertion: assertion},
function (data) {
window.location = '/';
}
);
},
onlogout: function () {
window.location = '/logout';
}
});
104. navigator.id.watch({
loggedInUser: null,
onlogin: function (assertion) {
$.post('/login',
{assertion: assertion},
function (data) {
window.location = '/home';
}
);
},
onlogout: function () {
window.location = '/logout';
}
});
105. var request = https.request({
host: 'verifier.login.persona.org',
path: '/verify',
method: 'POST',
headers: {
'content-type':
'application/x-www-form-urlencoded',
'content-length': body.length
}
}, onVerifyResponse);
106. var request = https.request({
host: 'verifier.login.persona.org',
path: '/verify',
method: 'POST',
headers: {
'content-type':
'application/x-www-form-urlencoded',
'content-length': body.length
}
}, onVerifyResponse);
var body = qs.stringify({
assertion: assertion,
audience: 'http://123done.org'
});
request.write(body);
request.end();
107. var request = https.request({
host: 'verifier.login.persona.org',
path: '/verify',
method: 'POST',
headers: {
'content-type':
'application/x-www-form-urlencoded',
'content-length': body.length
}
}, onVerifyResponse);
var body = qs.stringify({
assertion: assertion,
audience: 'http://123done.org'
});
request.write(body);
request.end();
108. {
status: “okay”,
audience: “http://123done.org”,
expires: 1344849682560,
email: “francois@mozilla.com”,
issuer: “login.persona.org”
}
109. {
status: “failed”,
reason: “assertion has expired”
}
114. navigator.id.watch({
loggedInUser: null,
onlogin: function (assertion) {
$.post('/login',
{assertion: assertion},
function (data) {
window.location = '/home';
}
);
},
onlogout: function () {
window.location = '/logout';
}
});
118. 1. load javascript library
2. setup login & logout callbacks
3. add login and logout buttons
119. 1. load javascript library
2. setup login & logout callbacks
3. add login and logout buttons
4. verify proof of ownership
121. To learn more about Persona:
https://login.persona.org/
http://identity.mozilla.com/
https://developer.mozilla.org/docs/Persona/Why_Persona
https://developer.mozilla.org/docs/Persona/Quick_Setup
https://github.com/mozilla/browserid-cookbook
https://developer.mozilla.org/docs/Persona/Libraries_and_plugins
http://123done.org/
https://hacks.mozilla.org/category/a-node-js-holiday-season/
@fmarier http://fmarier.org
122. Photo credits:
Top 500 passwords: http://xato.net/passwords/more-top-worst-passwords/
Parchment: https://secure.flickr.com/photos/27613359@N03/6750396225/
Elephant in room: https://secure.flickr.com/photos/bitboy/246805948/
Beach flower: https://secure.flickr.com/photos/vwingate/4696429215/
Cookie on tray: https://secure.flickr.com/photos/jamisonjudd/4810986199/
© 2012 François Marier <francois@mozilla.com>
This work is licensed under a
Creative Commons Attribution-ShareAlike 3.0 New Zealand License.