Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Issues in the Web Application Landscape and webinos Architecture
1. Issues & Architecture
from a technical perspective
by Nick Allott, Impleo
Webinos Technical Coordinator
w w w. w e b i n o s . o r g
1
2. We need communal
innovation
Innovate in Private Innovate Collaboratively
Negotiate
Standardise
Standardise
Speed and Open Source
3. We need open
governance framework
Where we are in mobile
Chrome: Google dominance
Android: Google dominance
Webkit: Apple dominance
WAC: Operator dominance
Meego: Nokia dominance
Limo: Samsung dominance
Adoption requires balance
4. We need to give the web
APIs
APIs
Browser
Web is
5. We need standardised
security
Developer App Store Device
App App App
intent intent intent
signature signature
permission
Without standardised security
HTML5 will be siloed ecosystem
Cannot port apps between devices
Security risk profile will be greater (cognitive load)
6. We need better offline
functionality
Requirements for offline
– Native OS level file access
– Secure file access
– Synchronised file structures
– Binary file management
EU cyber-security Agency ENISA flags security fixes - http://bit.ly/pgvuk3
Defcon Abusing HTML5 - http://bit.ly/nYWp9I
W3C New browsing group - http://bit.ly/lgABrI
7. We need better network
behaviour
HTTP was not design as a transport for
programming messages
XHR is chatty and inefficient
Too many TCP Connections
Operators Urge Action Against Chatty
Apps http://bit.ly/mR34k0
8. We need network
innovation
Need mutual authentication
User authentication
Device authentication
Application identity
– What is a user agent…….?
Platform attestation
Safe session IDs
9. We need our devices to
talk to each other
All devices
Talk to each other
Connect when there is
no internet
Even M2M – the
internet of things
10. We need to be able to
“share” “stuff”
“socially” “securely”
I want to share data with “my” social
network
With any application I choose
Over any service I choose
I want to be able to revoke that permission
I want to control what I disclose
I want access to rich context
Calendar sharing user case is perfect example
Why do I need an intermediate service
11. We need to give
consumers control over
their data
G Advertisers
Website A
Users
Users NO Advertisers
Users
Users Consent Website
G
A Consent Google Consent
G Advertisers
Website A
No Consent
12. We need it all to work
together
Interoperability
Ubiquity
14. Personal Agent
PZH
Authentication Certs
User Tokens
App IDs
Service IDs
Routing
Friend IDs
Personal Agent is you –
Policy when your not online
Context PZH can receive messages on
your behalf
PZH is an authority you can
Messaging
Sync JSON-RPC authorise yourself against
Sync
TLS
Packets Packets PZH manages: sync, context,
message routing, data and
policy
PZP PZP: does what a PZH does
Authentication Certs
when the PZH is not there
User Tokens
App IDs
Service IDs Routing
Friend IDs
Policy
Context
15. Different webinos
processors – and bearers
Smart Device with WRT
Webinos client
Bearers WRT PZP
API
Routing
Wireless
Bluetooth Dumb Device No WRT
Zigbe PZP
API
RFID Routing
USB
Other…
Super Dumb Device No WRT No
PZP
API
16. New Networking Model
Server Server
Symmetric
Asymmetric Mutually
JSON - RPC
Unilateral authenticated T
authentication
Padded H Streamlined L
User ID
Multiple T Device ID
S
connections T App ID
Manual javascript
bindings
P Multiplexed
Integrated
Javascript
bindings
Client Client
17. Local and Remote APIs
Remote Browser
OR
PZP
Widget Runtime
JSON RPC
Contacts-API
Location-API
Sensor-API
Gallery-API
File-API
Local Browser
OR
Widget Runtime
18. Internet of Things
Web The webinos model gives
Server PZP
a lightweight protocol for
Policy “things” to connect to the
Internet (securely) and
issue and respond to
events with well defined
semantics
JSON RPC
Web John: PZH Secure
Session
Browser Policy