nstic privacy and social login
play

NSTIC, Privacy and Social Login Presentation at the W3C Workshop on - PowerPoint PPT Presentation

Dec 09, 2023 •172 likes •255 views

NSTIC, Privacy and Social Login Presentation at the W3C Workshop on Identity in the Browser Francisco Corella and Karen P. Lewison Pomcor 1 05/03/2011 Pomcor Getting Rid of Passwords n is one long term goal of NSTIC n But it may

  1. NSTIC, Privacy and Social Login Presentation at the W3C Workshop on Identity in the Browser Francisco Corella and Karen P. Lewison Pomcor 1 05/03/2011 Pomcor

  2. Getting Rid of Passwords … n … is one long term goal of NSTIC n But it may be achieved in the short term by “ social login ” n Login with Facebook … n … or some other social site such as MySpace or LinkedIn or Twitter n … or a general purpose site such as Google or Yahoo n Is this a good thing? 2 05/03/2011 Pomcor

  3. Unfortunately Not! n NSTIC seeks increased privacy and security, OAuth-based social login achieves the opposite: n Social site can track user ’ s Web activity n Credential may be sent in the clear n Facilitates phishing attacks n RPs must register with social site n Social site can revoke registration n Registration requirement reinforces Facebook ’ s social network monopoly 3 05/03/2011 Pomcor

  4. Social Login Needed ASAP in the NSTIC Ecosystem n In the long term, the NSTIC ecosystem should be based on ZKP technology n But today ’ s social login may preempt NSTIC if we wait until ZKP can be broadly deployed by RPs n =>NSTIC needs an interim solution n The interim solution could be used to develop a trust framework and user interfaces ahead of the long term solution 4 05/03/2011 Pomcor

  5. HTTP Extension for Delegated Identity n Browser aware of double redirection n Browser retains callback URL n Browser generates one-time key pair, IdP binds one-time public key to attributes in one-time certificate n Browser receives generic identifier from IdP, sends RP-specific identifier to RP n Generic identifier is high-entropy secret, not included in one-time certificate 5 05/03/2011 Pomcor

  6. Social Login Using the HTTP Extension n IdP = social site n RP generates 2 nd one-time key pair, sends public key to social site via 1 st redirection n Social site binds 2 nd one-time public key to right to access user ’ s account, in 2 nd one-time certificate; sends certificate to RP via 2 nd redirection n RP accesses user ’ s account at social site using 2 nd one-time certificate 6 05/03/2011 Pomcor

  7. For More Info n A newly revised version of the position paper will be posted to the Pomcor site shortly after the workshop: n http://pomcor.com/whitepapers/ NSTICPrivacySocialLogin.pdf n Email addresses of the authors: n fcorella@pomcor.com n kplewison@pomcor.com 7 05/03/2011 Pomcor

Recommend

Social Login for SAS Visual Analytics Michael Dixon Please Come In! Social Login for SAS Visual

Social Login for SAS Visual Analytics Michael Dixon Please Come In! Social Login for SAS Visual

Social Login for SAS Visual Analytics Michael Dixon Please Come In! Social Login for SAS Visual Analytics Paper availa ilable at http:/ ://bit.l .ly/socia ialsas What is Social Login? From Wikipedia: So Socia ial lo login in, also

276 views • 12 slides
General LTL Specification Mining Caroline Lemieux , Dennis Park and Ivan Beschastnikh University

General LTL Specification Mining Caroline Lemieux , Dennis Park and Ivan Beschastnikh University

login attempt auth failed login attempt guest login login attempt authorized Texada auth failed login attempt G( x XF y ) login attempt G( guest login XF authorized ) guest login authorized auth failed login attempt Authorized

1.11k views • 59 slides
Social Network Privacy W2SP 2010: WEB 2.0 SECURITY AND PRIVACY 2010 Kurt Opsahl Why is privacy

Social Network Privacy W2SP 2010: WEB 2.0 SECURITY AND PRIVACY 2010 Kurt Opsahl Why is privacy

Social Network Privacy W2SP 2010: WEB 2.0 SECURITY AND PRIVACY 2010 Kurt Opsahl Why is privacy important? If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.

725 views • 31 slides
xBook: Redesigning Privacy Control in Social xBook: Redesigning Privacy Control in Social

xBook: Redesigning Privacy Control in Social xBook: Redesigning Privacy Control in Social

xBook: Redesigning Privacy Control in Social xBook: Redesigning Privacy Control in Social Networking Platforms Networking Platforms Kapil Singh, Sumeer Bhola and Wenke Lee Social networking is growing 2 Privacy concerns are growing

779 views • 54 slides
What could kill NSTIC? A Friendly Threat Assessment In Three Parts January 2013 Phil Wolff

What could kill NSTIC? A Friendly Threat Assessment In Three Parts January 2013 Phil Wolff

What could kill NSTIC? A Friendly Threat Assessment In Three Parts January 2013 Phil Wolff Strategy Director Personal Data Ecosystem Consortium phil@pde.cc. @evanwolf. Linkedin Download the whitepaper: http://pde.cc/nsticrisks High hopes for

1.11k views • 85 slides
login Who is login? We make sure that the transport sector has the junior staff it needs for the

login Who is login? We make sure that the transport sector has the junior staff it needs for the

login Who is login? We make sure that the transport sector has the junior staff it needs for the future. 2 Overview Who is login? What fields do we work in? How do we manage our vocational education process ? What types of

422 views • 14 slides
May login with student login or parents login to register Firefox and Internet Explorer

May login with student login or parents login to register Firefox and Internet Explorer

May login with student login or parents login to register Firefox and Internet Explorer are recommended internet browsers for registration Google Chrome will not work for registration Go to Westlake High Schools Home, click

581 views • 17 slides
SHOULD SOCIAL NETWORK COMPANIES CARE ABOUT USERS PRIVACY? Ral Pardo pardo@chalmers.se

SHOULD SOCIAL NETWORK COMPANIES CARE ABOUT USERS PRIVACY? Ral Pardo pardo@chalmers.se

SHOULD SOCIAL NETWORK COMPANIES CARE ABOUT USERS PRIVACY? Ral Pardo pardo@chalmers.se @raparuldo OUTLINE Define privacy Look at privacy issues in Social Network Sites (SNS) Ethically Theoretically (Informational

296 views • 25 slides
CI Tracker Presentation/Instructions 2009 Login: The login is the same for all login screens.

CI Tracker Presentation/Instructions 2009 Login: The login is the same for all login screens.

CI Tracker Presentation/Instructions 2009 Login: The login is the same for all login screens. If you are at the Reception Desk , you have a choice of the Reports or Tracking program before you log in. The Tracking Program is the default when you

206 views • 19 slides
privacy (and trust) for SNS me ! " many social networks (fragmented?) diversity is good! How

privacy (and trust) for SNS me ! " many social networks (fragmented?) diversity is good! How

privacy (and trust) for SNS me ! " many social networks (fragmented?) diversity is good! How do we manage our diversity? (identities) Privacy is difficult. Tech? Legal? action: collecting current practices (many) Me, You, Us. social

438 views • 14 slides
K-anonymous algorithm in protecting privacy in social communication networks Jiacheng Wang

K-anonymous algorithm in protecting privacy in social communication networks Jiacheng Wang

K-anonymous algorithm in protecting privacy in social communication networks Jiacheng Wang 515030910412 ABSTRACT The rapid development of social communication network has increased the risk in privacy protection, the association between people has

385 views • 4 slides
Login to your Student Web Portal New Student Orientation 2016 Login Welcome Screen Go to

Login to your Student Web Portal New Student Orientation 2016 Login Welcome Screen Go to

Login to your Student Web Portal New Student Orientation 2016 Login Welcome Screen Go to http://fbu.empower-xl.com/ To login : Username: (Your Student ID) Default Password: (First 2 letters of your last name + Last 4 numbers of

640 views • 9 slides
CS525: Who s Your Best Friend? Targeted Privacy Attacks In Location sharing Social Networks

CS525: Who s Your Best Friend? Targeted Privacy Attacks In Location sharing Social Networks

CS525: Who s Your Best Friend? Targeted Privacy Attacks In Location sharing Social Networks Wei Wang ECE Dept. Worcester Polytechnic Institute (WPI) Security and Privacy Problems in the mobile and cloud computing Security and Privacy

608 views • 19 slides
Social Media Privacy WHAT IS PUBLIC, WHAT IS NOT? C H R I S T Y M A N N E R I N G , W E B D E

Social Media Privacy WHAT IS PUBLIC, WHAT IS NOT? C H R I S T Y M A N N E R I N G , W E B D E

Social Media Privacy WHAT IS PUBLIC, WHAT IS NOT? C H R I S T Y M A N N E R I N G , W E B D E V E L O P E R , U N I V E R S I T Y O F D E L A W A R E Rule #1 It is safe to assume if you put information online it isnt 100% private.

845 views • 28 slides
Guest IdP and Social login Eefje van der Harst SURFnet Once upon a timein 2010

Guest IdP and Social login Eefje van der Harst SURFnet Once upon a timein 2010

Guest IdP and Social login Eefje van der Harst SURFnet Once upon a timein 2010 SURFfederatie: 50 IdPs & 500k users Potential:160 IdPs 1.000.000 users What about non-fed users? They wanted to access our services Main

256 views • 11 slides
Go to www.gotsoccer.com and click on User Login Click on Teams & Team Officials Login Enter

Go to www.gotsoccer.com and click on User Login Click on Teams & Team Officials Login Enter

Go to www.gotsoccer.com and click on User Login Click on Teams & Team Officials Login Enter your team Login Username and Password and click Login Click on Team profile Click on Documents tab to see FYSA Rosters. On this page you can also

391 views • 10 slides
Privacy Implications of Social Networks Gates Scholars' Symposium 1 March 2009 Joseph Bonneau

Privacy Implications of Social Networks Gates Scholars' Symposium 1 March 2009 Joseph Bonneau

Privacy Implications of Social Networks Gates Scholars' Symposium 1 March 2009 Joseph Bonneau Security Research Group Computer Laboratory Outline Why Privacy Matters How Social Networks Change The Game The Current Mess

495 views • 46 slides
Slido Login (https://www.sli.do/) Event Code: x959 Login in and set up your profile, if you

Slido Login (https://www.sli.do/) Event Code: x959 Login in and set up your profile, if you

CONFIDENTIAL Slido Login (https://www.sli.do/) Event Code: x959 Login in and set up your profile, if you want to stay anonymous you dont have to do this step 1 Test question Go to the POLLS section and rate the question: How energized

1.28k views • 16 slides
PRIVACY IN EVOLVING SOCIAL NETWORKS Ral Pardo, Musard Balliu, Gerardo Schneider - @raparuldo

PRIVACY IN EVOLVING SOCIAL NETWORKS Ral Pardo, Musard Balliu, Gerardo Schneider - @raparuldo

PRIVACY IN EVOLVING SOCIAL NETWORKS Ral Pardo, Musard Balliu, Gerardo Schneider - @raparuldo NWPT 2015 DataBIN Data-driven Secure Business Intelligence FACEBOOK PRIVACY SETTINGS Imagine you only want your friends to know your location 2

683 views • 27 slides
Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Ariel

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Ariel

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Ariel J. Feldman Princeton UPenn Joint work with: Aaron Blankstein, Michael J. Freedman, and Edward W. Felten Social Networking with

661 views • 27 slides
Building Blocks for Privacy- Preserving Decentralized Online Social Networks iSocial Summer

Building Blocks for Privacy- Preserving Decentralized Online Social Networks iSocial Summer

Building Blocks for Privacy- Preserving Decentralized Online Social Networks iSocial Summer School Sonja Buchegger, Assoc. Prof. Computer Science KTH ! Online Privacy Problematic Current services (FB, GMail, GCal, Flickr, Pinterest) are

398 views • 18 slides
Privacy & PETs Simone Fischer-Hbner SWITS PhD course, 2012 1 st Session, 3rd May 2012, KTH

Privacy & PETs Simone Fischer-Hbner SWITS PhD course, 2012 1 st Session, 3rd May 2012, KTH

Privacy & PETs Simone Fischer-Hbner SWITS PhD course, 2012 1 st Session, 3rd May 2012, KTH Overview I. Privacy - Definition II. EU Directives & Basic Privacy Principles III. Privacy Issues (LBS, Social Networks, RFID...) IV.

683 views • 56 slides
Login in to the Two Rivers Public Schools website: www.trschools.k12.wi.us Under the Families

Login in to the Two Rivers Public Schools website: www.trschools.k12.wi.us Under the Families

Login in to the Two Rivers Public Schools website: www.trschools.k12.wi.us Under the Families tab, go to Skyward Family Access. Enter your login and password. Contact your school office if you do not know your login and password. If you

343 views • 18 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides

More recommend