François Marier
Mozilla
François is a software engineer on the Mozilla Identity team where he fights for the open Web by building alternatives to proprietary silos.
When he's not busy reimplementing Open Source versions of popular Web services (libravatar.org) or dreaming about solving the password problem on the Web once and for all, Francois likes to move closer towards his goal of completing all of the New Zealand Great Walks.
You can follow him on Twitter (@fmarier) or on his blog: http://feeding.cloud.geek.nz
Topic
The year is 2012. Sites are getting owned left and right. Password databases are leaked for the lulz. You look at the hashed passwords in your database and hope your site's not gonna be next.
As with most other problems on the web, the answer, it turns out, is Javascript. As a wise man once said: "When in doubt, always bet on Javascript."
Mozilla has just gone beta with a new cross-browser login system for the web that's built entirely in Javascript. Powered by node.js on the backend, it pushes most of the crypto to the browser in order to create a secure and privacy-sensitive experience.
All you need to get started is an email address and a handful of Javascript. No passwords to hash, no confirmation emails to send.
Welcome to the future.
This talk will include:
- the reasons why we need a new identity standard on the web
- an overview of the crypto behind BrowserID (the protocol that Persona implements)
- the Persona federation approach: fully distributed with fallbacks
- demos and actual code from sites that have implemented Persona
- an intro to the LIFD pattern: using Javascript and HTML5 to hack new APIs into web browsers
Come see how node.js and Javascript will rock your web and take your passwords away!