Who are You? Who am I? Who is Anybody?
Who am I? Who are You? Who is Anybody?
Who am I?
I’m not ...
<a href="http://lanyrd.com/people/psd" rel="me" >Lanyrd</a>
http://tools.microformatic.com/help/xhtml/rel-lint/
http://socialgraph-resources.googlecode.com/svn/trunk/samples/findyours.html
Social Graph API
https://twitter.com/hotdogsladies/status/121634890612617216
FAIL!
http://inmaps.linkedinlabs.com/share/Paul_Downey/254787113202758123919768153472111744090
Who are you?
https://twitter.com/Jermolene/status/121537205608001536
https://twitter.com/paulmadsen/status/122271400336699392
Basic Authentication
http://en.wikipedia.org/wiki/Basic_access_authentication
Digest Authentication
http://en.wikipedia.org/wiki/Digest_access_authentication
PASSWORDREHABILITATION
sha1
Secret URIs
• http://farm3.static.flickr.com/2291/1806225034_50df5b8ba4_o.png
• http://inmaps.linkedinlabs.com/share/Paul_Downey/254787113202758123919768153472111744090
http://en.wikipedia.org/wiki/HTTP_cookie
http://softwareas.com/signing-up-to-websites-1999-2009-a-montage
https://github.com/hanssonlarsson/express-csrf
EU Privacy Directive on Cookies
http://www.davidnaylor.co.uk/eu-cookies-directive-interactive-guide-to-25th-may-and-what-it-means-for-you.html
UX
MoreSecure
Less pleasant to use
DNS Is B0rken
http://blog.icann.org/2008/11/why-the-dns-is-broken-in-plain-language/
HTTPS
$ openssl s_client -connect www.google.com:443 < /dev/null | openssl x509 -outform DER | openssl sha1
depth=1 /C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CAverify error:num=20:unable to get local issuer certificateverify return:0DONE405062e5befde4af97e9382af16cc87c8fb7c4e2
http://googleonlinesecurity.blogspot.com/2011/04/improving-ssl-certificate-security.html
$ dig +short 405062e5befde4af97e9382af16cc87c8fb7c4e2.certs.googlednstest.com TXT
"14867 15062 74"
Client Certs?
http://codebutler.github.com/firesheep/
https://www.eff.org/https-everywhere
http://xauth.org/
you have to opt-out ..
.. in every browser ..
.. this is evil .... and doomed to failure
http://en.wikipedia.org/wiki/OpenID
<XRD> <Subject>http://blog.example.com/article/id/314</Subject> <Alias>http://blog.example.com/cool_new_thing</Alias> <Expires>2010-01-30T09:30:00Z</Expires> <Type>http://blgx.example.net/ns/version/1.2</Type> <Type>http://blgx.example.net/ns/ext/language</Type> <Link> <Rel>author</Rel> <URI>http://blog.example.com/author/steve</URI> <MediaType>text/html</MediaType> </Link></XRD>
http://hueniverse.com/2009/03/xrd-sneak-peek/
https://dev.twitter.com/docs/auth/oauth
Delegation UX
The “F” Word
Federated
https://twitter.com/hipsterhacker/status/77716476873801728
https://twitter.com/jtauber/status/60586912196460544
Transport Independence
<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:Address>http://www.w3.org/
2005/08/addressing/none</wsa:Address><wsa:ReferenceParameters xmlns:customer="http://example.org/
customer"><customer:CustomerKey>Key#123456789</customer:CustomerKey></
wsa:ReferenceParameters><wsa:Metada><definitions xmlns="http://schemas.xmlsoap.org/wsdl/">
<!-- load of WSDL 1.1 here! --></definitions><description xmlns="http://www.w3.org/2006/01/
wsdl"><!-- more WSDL 2.0 here! --></description></wsa:Metadata></wsa:EndpointReference>
<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://sdk.bt.com/2007/01/WhiteLabelAuthentication" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <SOAP-ENV:Header> <wsse:Security> <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#ac016ffe-a6e9-23d4-ebd1-ccef7ea31db7"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>bwlAKau7KQAubgGNJzysZoEEF8o=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#78223460-ef68-5501-83d6-a5edb6d452b6"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>kyBw9fnMjhi2I39+wfBIklyk8g4=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>XW2FqP9o/A1J+NOg6Kv3ncn3PvSg5lzr2V4H/AQpRycXUSk7bzWK8kzhtMrlXUwkykrJ2AyEzw+xrRtSBIeaId1Iveme2KO02p21MTglr73cPCft/GHvEvAHZ4B6N6gSaX7NcGFrYnsYKP0nX5vT7jBh7WZ7Euqn0PyjCHyYxbU=</ds:SignatureValue> <ds:KeyInfo> <wsse:SecurityTokenReference> <wsse:Reference URI="#CERTID"/> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <wsu:Timestamp wsu:Id="ac016ffe-a6e9-23d4-ebd1-ccef7ea31db7"> <wsu:Created>2007-02-23T07:47:01Z</wsu:Created> <wsu:Expires>2007-02-23T08:47:01Z</wsu:Expires> </wsu:Timestamp> <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CERTID">MIICdzCCAeCgAwIBAgICAX0wDQYJKoZIhvcNAQEEBQAwezEnMCUGA1UEChMeQnJpdGlzaCBUZWxlY29tbXVuaWNhdGlvbnMgUExDMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxDzANBgNVBAcTBkxmRvbjELMAkGA1UEBhMCR0IxEjAQBgNVBTCUJUIFNESyBDQTAiFxEwNzAxMDMxNTE5MjIrMDAwMBcNMDgwMTA0MTUxOTIyWjCBgjELMAkGA1UEBhMCR0IxDzANBgNVBAgTBkxvbmRvbjEPMA0GA1UEBxMGTG9uZG9uMQ8wDQYDVQQKEwZCVCBTREsxLTArBgNVBAsTJDM0ZDU0NTkwLTRkZTEtNGJmNi04ZGMxLWZjODQzNzM1MmM4MjERMA8GA1UEAxMIcGhvbmVib3gwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANKIQf+DOAKNZqs+HvCBYJ7+Q/wdCQBfFslIOGMnKN5zxpCuwB/pPW4DjLnqcWkIIVIH4A7RlWRemIO5e5caTW9bwvz0Fl1ZM6e2Mx9XKT0ZkxvXq8Dxn0abqWzoKyD3IJ2/tUhqriWveFR+6PY3PSBcj7NpJaqr7yH3z6RtEGNlAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAmabZVFeAXfXcBKR6NUK7kYqHhtX7YdNtxZcULRMMpFEkCMGERWCH5bK6/xnFtNXG09RkwkSTGs2dhM6/jQNvd1jJhLR6E2ejYrYWWf6Sap0Etok7sJqrS9awdbFmQGenFZKRUAEeyHeZhdFil8trzyJv1VzgPIjDRZmhnpItzQ8=</wsse:BinarySecurityToken> </wsse:Security> <wsa:Action>http://sdk.bt.com/2007/01/WhiteLabelAuthentication#login</wsa:Action> <wsa:MessageID>urn:uuid:e12edac3-f87d-3e0a-b621-04fa4d0b8cda</wsa:MessageID> </SOAP-ENV:Header> <SOAP-ENV:Body wsu:Id="78223460-ef68-5501-83d6-a5edb6d452b6"> <ns1:login> <ns1:userName>[email protected]</ns1:userName> <ns1:password>2344324t</ns1:password> </ns1:login> </SOAP-ENV:Body></SOAP-ENV:Envelope>
HEADERS?
http://www.xmlgrrl.com/blog/2007/03/28/the-venn-of-identity/
http://www.xmlgrrl.com/blog/2007/03/28/the-venn-of-identity/
http://www.xmlgrrl.com/blog/2008/09/04/venn-and-the-art-of-data-sharing/
http://kantarainitiative.org
http://en.wikipedia.org/wiki/OpenID
http://www.bbc.co.uk/news/technology-13749010
https://twitter.com/IdentityWoman/status/110622242127364096
https://twitter.com/robinberjon/status/109611765435875329
very cool!
correcthorse
battery staple
http://nigelparry.com/news/guardian-david-leigh-cablegate.shtml
.. but .. wait!
https://twitter.com/rem/status/123392299320344579
Verified by Visa not only protects your card against unauthorised use, it also means you can have confidence that the online retailer you’re buying from has made your security a priority.
http://www.visaeurope.com/en/cardholders/verified_by_visa.aspx
http://cyberelk.net/tim/2008/11/20/chip-and-pin/
http://krebsonsecurity.com/2011/09/gang-used-3d-printers-for-atm-skimmers/
http://berglondon.com/blog/2009/10/12/the-ghost-in-the-field/
http://gizmodo.com/5366022/sniff-the-rfid-dog-likes-to-smell-your-credit-cards
http://www.cerealbits.com/
http://en.wikipedia.org/wiki/Blue_box_(phreaking)
https://bitcointalk.org/index.php?topic=9047.0
http://cs-exhibitions.uni-klu.ac.at/index.php?id=258
Bio-meh-trics
http://www.flickr.com/photos/jeff-barnes/76948611
Something you have
Something you are
Something you know
The Mobile is
The Donglenot really
™
Who is anybody?
http://isaach.com/2011/07/mention-constellations.html
BUTTON SLUTS
https://twitter.com/beng/status/118026274148073472
https://twitter.com/monkchips/status/117246164839043072
Yikes!
evercookies
• Standard HTTP Cookies • Flash Local Shared Objects• Silverlight Isolated Storage • auto-generated force-cached RGB values • PNG/HTML5 Canvas tag to read pixels• Web History • HTTP ETags • Web cache • window.name caching• Internet Explorer userData storage• HTML5 Session Storage • HTML5 Local Storage • HTML5 Global Storage • HTML5 Database Storage (SQLite)• HTTP Authentication • Java NIC based unique key
https://twitter.com/9600/status/117309784130199553
“The thing that makes newspapers so fundamentally fascinating — that serendipity — can be calculated now.
We can actually produce it electronically.
The power of individual targeting — the technology will be so good it will be very hard for people to watch or consume something that has not in some sense been tailored for them”
— Eric Schmidt
http://googlesystem.blogspot.com/2010/08/eric-schmidt-on-future-of-search.html
Privacy Window
four legs good,two legs better ...
https://twitter.com/danbri/status/114241481346252801
Test Driven Development
Behaviour Driven Development
Jenga Driven Development
Domain Driven Design
Design Driven Driving
Development Driven Development
Investor Driven Development
ConfusionConclusion
Who am I? — someone who treasures linking
Who are you? — someone who deserves grokable security
Who is Anybody?— mind your own bloomin’ business!
Top Related