the web beyond "usernames & passwords"
DESCRIPTION
Persona is a new cross-browser login and identity system for the web that is pragmatic, federated, and serves the user. Unlike other popular solutions, it puts a strong emphasis on privacy protection and makes your browser the trusted intermediary. Developed by Mozilla, it is based on the simple idea of users demonstrating ownership of their email address (with a generous serving of crypto magic under the hood). Video: https://www.youtube.com/watch?v=T6Iu7KgiC0A or https://www.youtube.com/watch?v=iZBTc7iEkQYTRANSCRIPT
![Page 2: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/2.jpg)
Username:guido
Password:****************
![Page 3: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/3.jpg)
security
![Page 4: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/4.jpg)
![Page 5: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/5.jpg)
![Page 6: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/6.jpg)
![Page 7: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/7.jpg)
![Page 8: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/8.jpg)
![Page 9: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/9.jpg)
![Page 10: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/10.jpg)
bcrypt
![Page 11: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/11.jpg)
bcrypt
per-user salt
![Page 12: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/12.jpg)
bcrypt
per-user salt
site secret
![Page 13: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/13.jpg)
![Page 14: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/14.jpg)
conversionrate
![Page 15: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/15.jpg)
# hits
signup
![Page 16: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/16.jpg)
# hits
signup signup_complete
![Page 17: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/17.jpg)
# hits
signup signup_complete
l o s t cust-omers
![Page 18: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/18.jpg)
existing solutions
![Page 19: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/19.jpg)
client certificates
![Page 20: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/20.jpg)
centralized authorities
![Page 21: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/21.jpg)
![Page 22: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/22.jpg)
![Page 23: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/23.jpg)
distributed
![Page 24: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/24.jpg)
distributedprivacy-sensitive
![Page 25: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/25.jpg)
distributedprivacy-sensitive
simple
![Page 26: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/26.jpg)
distributedprivacy-sensitive
simpleopen source
![Page 27: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/27.jpg)
how does Persona work?
![Page 29: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/29.jpg)
getting a proof of email ownership
![Page 30: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/30.jpg)
getting a proof of email ownership
authenticate?
![Page 31: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/31.jpg)
getting a proof of email ownership
authenticate?
public key
![Page 32: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/32.jpg)
getting a proof of email ownership
authenticate?
public key
signed public key
![Page 33: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/33.jpg)
you have a signed statement from yourprovider that you own your email address
![Page 34: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/34.jpg)
![Page 35: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/35.jpg)
![Page 36: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/36.jpg)
![Page 37: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/37.jpg)
![Page 38: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/38.jpg)
logging into a 3rd party site
![Page 39: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/39.jpg)
logging into a 3rd party site
Valid for: 2 minutes
wikipedia.org
assertion
![Page 40: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/40.jpg)
logging into a 3rd party site
Valid for: 2 minutes
wikipedia.org
check audience
assertion
![Page 41: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/41.jpg)
logging into a 3rd party site
Valid for: 2 minutes
wikipedia.org
check audiencecheck expiry
assertion
![Page 42: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/42.jpg)
logging into a 3rd party site
Valid for: 2 minutes
wikipedia.org
check audiencecheck expirycheck signature
assertion
![Page 43: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/43.jpg)
logging into a 3rd party site
assertion
Valid for: 2 minutes
wikipedia.org
public key
![Page 44: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/44.jpg)
logging into a 3rd party site
assertion
Valid for: 2 minutes
wikipedia.org
![Page 45: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/45.jpg)
logging into a 3rd party site
assertion
session cookie
![Page 46: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/46.jpg)
how much work does it take?
![Page 47: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/47.jpg)
only 75 lines
![Page 48: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/48.jpg)
only 75 lineshtml – js – python
![Page 49: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/49.jpg)
![Page 50: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/50.jpg)
<head><script src=”https://login.persona.org/include.js”></script></head>
![Page 51: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/51.jpg)
navigator.id.watch({ loggedInEmail: “[email protected]”, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { // do something } ); }, onlogout: function () { window.location = '/logout'; }});
![Page 52: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/52.jpg)
navigator.id.watch({ loggedInEmail: “[email protected]”, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { // do something } ); }, onlogout: function () { window.location = '/logout'; }});
![Page 53: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/53.jpg)
navigator.id.watch({ loggedInEmail: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { // do something } ); }, onlogout: function () { window.location = '/logout'; }});
![Page 54: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/54.jpg)
navigator.id.watch({ loggedInEmail: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { // do something } ); }, onlogout: function () { window.location = '/logout'; }});
![Page 55: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/55.jpg)
navigator.id.watch({ loggedInEmail: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/'; } ); }, onlogout: function () { window.location = '/logout'; }});
![Page 56: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/56.jpg)
![Page 57: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/57.jpg)
navigator.id.request()
![Page 58: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/58.jpg)
![Page 59: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/59.jpg)
![Page 60: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/60.jpg)
navigator.id.watch({ loggedInEmail: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/'; } ); }, onlogout: function () { window.location = '/logout'; }});
![Page 61: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/61.jpg)
navigator.id.watch({ loggedInEmail: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; }});
![Page 62: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/62.jpg)
def verify_assertion(assertion):
page = requests.post( 'https://verifier.login.persona.org/verify', Data={ "assertion": assertion, "audience": 'http://123done.org'})
data = page.json return data.status == 'okay'
![Page 63: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/63.jpg)
{ status: “okay”,
audience: “http://123done.org”,
expires: 1344849682560,
email: “[email protected]”,
issuer: “login.persona.org”}
![Page 64: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/64.jpg)
![Page 65: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/65.jpg)
navigator.id.logout()
![Page 66: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/66.jpg)
![Page 67: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/67.jpg)
navigator.id.watch({ loggedInEmail: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; }});
![Page 68: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/68.jpg)
1. load javascript library
![Page 69: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/69.jpg)
1. load javascript library
2. setup login & logout callbacks
![Page 70: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/70.jpg)
1. load javascript library
2. setup login & logout callbacks
3. add login and logout buttons
![Page 71: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/71.jpg)
1. load javascript library
2. setup login & logout callbacks
3. add login and logout buttons
4. verify proof of ownership
![Page 72: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/72.jpg)
decentralization status
![Page 73: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/73.jpg)
1. identity providers
![Page 74: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/74.jpg)
{ status: “okay”,
audience: “http://123done.org”,
expires: 1344849682560,
email: “[email protected]”,
issuer: “eyedee.me”}
![Page 75: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/75.jpg)
fallback IdP:
login.persona.org
![Page 76: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/76.jpg)
{ status: “okay”,
audience: “http://123done.org”,
expires: 1344849682560,
email: “[email protected]”,
issuer: “mozilla.com”}
![Page 77: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/77.jpg)
{ status: “okay”,
audience: “http://123done.org”,
expires: 1344849682560,
email: “[email protected]”,
issuer: “login.persona.org”}
![Page 78: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/78.jpg)
![Page 79: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/79.jpg)
![Page 80: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/80.jpg)
support for all email providers
![Page 81: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/81.jpg)
2. browser support
![Page 82: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/82.jpg)
navigator.id.*
![Page 83: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/83.jpg)
<head><script src=”https://login.persona.org/include.js”></script></head>
![Page 84: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/84.jpg)
support for allmodern browsers
>= 8
![Page 85: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/85.jpg)
![Page 86: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/86.jpg)
3. assertion verification
![Page 87: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/87.jpg)
https://verifier.login.persona.org
![Page 88: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/88.jpg)
=
![Page 89: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/89.jpg)
Persona is open for business!
![Page 90: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/90.jpg)
To learn more about Persona:
https://login.persona.org/http://identity.mozilla.com/
https://developer.mozilla.org/en-US/docs/BrowserID/Why_BrowserIDhttps://developer.mozilla.org/en-US/docs/BrowserID/Quick_Setup
https://github.com/mozilla/browserid-cookbook/tree/master/pythonhttps://github.com/mozilla/browserid/wiki/BrowserID-Librarieshttps://github.com/mozilla/django-browserid
http://123done.org/
@fmarier http://fmarier.org
![Page 91: The web beyond "usernames & passwords"](https://reader034.vdocuments.net/reader034/viewer/2022052410/554be381b4c90556328b48d0/html5/thumbnails/91.jpg)
© 2012 François Marier <[email protected]>This work is licensed under aCreative Commons Attribution-ShareAlike 3.0 New Zealand License.
Laptop password: https://secure.flickr.com/photos/reidrac/4696900602/
Top 500 passwords: http://xato.net/passwords/more-top-worst-passwords/
Parchment: https://secure.flickr.com/photos/27613359@N03/6750396225/
Photo credits: