Websites that need to identify their users commonly use one of two methods: a username & password scheme that's hard to secure and creates a lot of pain for users, or a centralized proprietary service on which many of their users already have accounts. There must a better way. A cross-browser solution for authenticating users which feels like the Web and preserves the decentralized architecture necessary for an open network. We present Mozilla Persona.
Video recording: http://hemingway.softwarelivre.org/fisl14/high/41a/sala41a-high-201307051001.ogg
14. bcrypt / scrypt / pbkdf2
per-user salt
site secret
password & lockout policies
secure recovery
15. bcrypt / scrypt / pbkdf2
salt por usuário
site secret
password & lockout policies
secure recovery
16. bcrypt / scrypt / pbkdf2
salt por usuário
segredo de site
password & lockout policies
secure recovery
17. bcrypt / scrypt / pbkdf2
salt por usuário
segredo de site
políticas de senha e bloqueio
secure recovery
18. bcrypt / scrypt / pbkdf2
salt por usuário
segredo de site
políticas de senha e bloqueio
recuperação segura
19. bcrypt / scrypt / pbkdf2
salt por usuário
segredo de site
políticas de senha e bloqueio
recuperação segura
recomendações
recomendações
de senha para
de senha para
2013
2013
108. Para saber mais sobre o Persona:
https://login.persona.org/
https://developer.mozilla.org/docs/Persona/Why_Persona
https://developer.mozilla.org/docs/Persona/Quick_Setup
https://github.com/mozilla/browserid-cookbook
https://developer.mozilla.org/docs/Persona/Libraries_and_plugins
https://wiki.mozilla.org/Identity#Get_Involved
@fmarier http://fmarier.org
114. identity provider API
1. check for your /.well-known/browserid
2. try the provisioning endpoint
3. show the authentication page
4. call the provisioning endpoint again
115. identity provider API
1. check for your /.well-known/browserid
2. try the provisioning endpoint
3. show the authentication page
4. call the provisioning endpoint again
116. identity provider API
1. check for your /.well-known/browserid
2. try the provisioning endpoint
3. show the authentication page
4. call the provisioning endpoint again
117. identity provider API
1. check for your /.well-known/browserid
2. try the provisioning endpoint
3. show the authentication page
4. call the provisioning endpoint again