One of the most difficult decisions in developing a Web site is how to manage user identity. As a user you have to assess the implications of connecting your Twitter or Facebook user to other random services. Meanwhile, enterprises are challenged to evaluate ever more magical products for connecting their silos with other silos, often in direct conflict with any desire for a RESTful architecture. Did innovation in authentication on the Web stop at usernames, passwords, and the HTTP Cookie? Does Firesheep mean you should serve everything over HTTPS? What happened to OpenID? Can outsourcing your userbase to Twitter, Facebook, Google or some other commercial entity really be a good idea?
This talk has some answers, but mostly offers a wide-ranging and opinionated tour of the current state of identity on the Web. There will be URIs and angle-brackets, but mostly anecdotes involving venn diagrams, famous bridges, self-destructing kiosks and quantum computers.
59. ww .w3.org/
ss >http://w le.org/
<w sa:Addre ttp://examp
dd ressing"> ustomer="h
.org/2 005/08/a ers xmlns:c </
merKey> wsdl/">
.w3 et sto
tt p://www eferenceParam </customer :Cu mlsoap.org/ /
mln s:wsa="h ss><wsa:R 56789 m as.x rg /2006/01
eference x </wsa:Addre y>K ey#1234 lns="http://sche ttp://www.w3.o ce>
< wsa:E ndpointR essing/none r :Cus tomerKe efinitions xm "h
n xmlns= sa:EndpointRefe
ren
r me d tio
200 5/08/add tomer"><custo <wsa:Metada>< itions><descrip adata></w
cus > n et
Par ameters re! --></defi iption></wsa:M
wsa:R eference of WSDL 1.1 he ! --></descr
e
<!-- load WSDL 2.0 her
e
wsdl"> <!-- mor
84. Verified by Visa not only protects your card against unauthorised use, it
also means you can have confidence that the online retailer you’re
buying from has made your security a priority.
http://www.visaeurope.com/en/cardholders/verified_by_visa.aspx
119. • Standard HTTP Cookies
• Flash Local Shared Objects
• Silverlight Isolated Storage
• auto-generated force-cached RGB values
• PNG/HTML5 Canvas tag to read pixels
• Web History
• HTTP ETags
• Web cache
evercookies • window.name caching
• Internet Explorer userData storage
• HTML5 Session Storage
• HTML5 Local Storage
• HTML5 Global Storage
• HTML5 Database Storage (SQLite)
• HTTP Authentication
• Java NIC based unique key
125. “The thing that makes newspapers so
fundamentally fascinating — that serendipity
— can be calculated now.
We can actually produce it electronically.
The power of individual targeting — the
technology will be so good it will be very hard
for people to watch or consume something
that has not in some sense been tailored for
them”
— Eric Schmidt
http://googlesystem.blogspot.com/2010/08/eric-schmidt-on-future-of-search.html
132. Test Driven Development
Behaviour Driven Development
Jenga Driven Development
Domain Driven Design
Development Driven Development
Design Driven Driving
136. Who am I?
— someone who treasures linking
Who are you?
— someone who deserves grokable
security
Who is Anybody?
— mind your own bloomin’ business!