CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens

Click here to load reader

  • date post

    18-May-2015
  • Category

    Technology

  • view

    534
  • download

    1

Embed Size (px)

description

Dirk Balfanz and Adam Dawes, Google A discussion of two efforts at Google, both designed to incrementally add public-key cryptography to existing authentication mechanisms—one aimed at cookies, and one aimed at passwords—that offer the security of public-key-based challenge-response protocols without getting rid of cookies or passwords.