Hosted by Mozilla
in Mountain View (USA)
Workshop sponsors:
Workshop Agenda
Workshop sessions will focus on focussed discussion amongst all participants. Presentations will be brief and done in a panel style in order to start the discussion, with the moderators will enforce time limits and then summarizing the results at the end of the discussion.
Note: This agenda lists the papers' authors and, if information provided, the individual presenting the paper. In some cases, papers are presented by different individuals.
Hash tag: #idbrowser
Tuesday May 24th, 2011
9:00 Registration open
9:30 Introduction and discussion of agenda, process, and goals
Moderator: Halpin
10:00 Morning break
10:30-11:45 Learning from the Past
Over the last number of years, there have been numerous attempts at embedding a notion of identity into the browser using various technologies, and yet none have reached large-scale deployment. What can we learn from these efforts?
Moderator: Adams
- Introductory remarks (slides) by J Trent Adams
- Browser support for identity federation
with many identity providers (slides)
by RL "Bob" Morgan (University of Washington / InCommon Federation) - Identity In The Browser at 5. Lessons
learned (slides)
by Paul Trevithick (Azigo) - Identity in the Browser - Avoiding Common
Flaws (slides)
by Brad Hill - Importance and Impact of Requirements on
Technical Solutions for Identity (slides)
by Frederick Hirsch (Nokia)
11:45-13:00 Definitions, requirements, and scope
What are our goals, requirements, and constraints? What are the key benefits we wish to achieve, and how can we focus our work in order to achieve them?
Moderator: Halpin
- Goals, Constraints, and Issues for
Identity in the Browser (slides)
by John Linn (RSA, the Security Division of EMC) - Identity in the Browser – Putting the Cart
Before the Horse (slides)
by Andy Steingruebl and Jeff Hodges (PayPal) - Considering Browsers’ Role in a
User-Centric Online Identity Ecosystem: Privacy and Context
by Aaron Brauer-Rieke (Center for Democracy and Technology) - Thoughts on Trust Infrastructure, User
Interface, and Legal Issues (slides)
by Stephen Schultze and Thomas Lowenthal (Princeton)
- Goals, Constraints, and Issues for
Identity in the Browser (slides)
13:00 Lunch
14:00-15:15 Browser Proposals
A number of technical proposals for improving support for identity in the client have been developed. Are these proposals within scope and do they achieve our requirements?
Moderator: Adams
- introductory remarks (slides) by J Trent Adams
- A Vision for Browser-Assisted Web
Authentication (slides
by Siddharth Bajaj and Slawek Ligier (Symantec) - Mobile Provided Identity
Authentication on the Web (slides)
by Jonas Högberg (Ericsson) - The Emerging JSON-Based Identity
Protocol Suite (slides)
by Mike Jones (Microsoft) - Browser Support for the Open
Authorization (OAuth) Protocol (slides)
by Hannes Tschofenig, Barry Leiba, Blaine Cook and Rob Van Eijk - Bridging the disconnect between Web
Perception and User Perception (slides)
by Mike Perry (The Tor Project)
15:15-16:30 Position of Browsers
Today, browsers already have diverse identity systems and plans for the future. Given the requirements and technical proposals previously suggested, do any of them realistically fit within the possibility of future standardization and co-operative work between browsers?
Moderator: Halpin
- Federated Browser-Based Identity using
Email Addresses (slides)
by Mike Hanson, Dan Mills and Ben Adida (Mozilla) - Identity in the Browser: Easy Wins and
Guiding Principles (slides)
by Naveen Agarwal, Miranda Callahan, Travis Mccoy, Tyler Close, Chris Messina, Glen Murphy and Dirk Pranke (Google) - Consumer Third Party Authentication:
Challenges and Potential Solutions (slides)
by Craig Wittenberg (Microsoft) - Do you know who I am? (slides)
by David Singer and Edward O'Connor (Apple) - Improving password managers and multidevice
synchronization (slides)
by Yngve Pettersen and Esteban Manchado Velazquez (Opera)
- Federated Browser-Based Identity using
Email Addresses (slides)
16:30 break
17:00-18:30 Gathering results and agenda
Moderator: Adams
The results from each session will be presented in order to determine if technical consensus on requirements and feasibility is emerging. Based on the results of this discussion, the program of the next day may be altered.
19:00 Dinner at Shiva's
Wednesday May 25th
Note that the agenda on this day may be subject to change depending on results of first day.
09:00-10:00 Beyond the Browser
Identity solutions can be integrated not only into the browser, but integrated into the device platform itself either on the level of hardware or software. How can we broadly define identity in a way that produces future standards capable of taking advantage of the capabilities of a broad range of devices?
Moderator: Halpin
- Identity is a Wicked problem (slides)
by Dirk Pranke (Google) - Account Management: A Deployment and Usability
Problem (slides)
by Philip Hallam-Baker (Comodo Group) - Identity as a Platform Service (slides)
by Sam Hartman (Painless Security) and Josh Howlett (JANET/UK) - Identity in the Platform - Thinking
Beyond the Browser (slides)
by Dirk Balfanz (Google) - Netflix position paper for Identity in
the Browser Workshop (slides)
by Mark Watson, Mitch Zollinger and Wesley Miaw (Netflix) - Identity Security within Web Browsers
(slides)
by Kevin Jones, Jack Matheson and Narm Gadiraju (Intel)
- Identity is a Wicked problem (slides)
10:00 break
10:30-11:45 Inspecting the Value Proposition
Moderator: Adams
One important aspect of the notion of identity in the browser is the value proposition it has across the entire Web eco-system, from end-users to server-side advertising to enterprise identity. How can we achieve wide-spread deployment across the entire Web?
- Empowering Individuals with Tools to Manage
Their Personal Data for the Identity in the Browser (slides)
by Kaliya Hamlin and Mary Hodder (The Personal Data Ecosystem Consortium) - Expression of Interest - Improving
Identity Management on the Internet (slides)
by David W Chadwick, George Inman, Kristy Siu (University of Kent - The Nexus of Identity (slides)
by Maryann Hondo, Mary Ellen Zurko, Matthew Flaherty, Paula K. Austel, Sridhar Muppidi and Steve Holbrook (IBM) Digital Identity in Perspective (slides)
by John Tolbert (The Boeing Company)- The Chained Identity Systems of Online
Entertainment (slides)
by Wendell Baker (Yahoo!)
- Empowering Individuals with Tools to Manage
Their Personal Data for the Identity in the Browser (slides)
11:45-13:00 The Identity Eco-system
As demonstrated by the recently announced National Strategy for Trusted Identities in Cyberspace (NSTIC) of the USA and by the privacy regime of the EU, having legally-binding frameworks are an essential part of the larger identity eco-system. How does identity in the browser fit in within these frameworks?
Moderator: Halpin
- The Financial Services Roundtable Statement
of interest and requirements (slides)
by Dan Schutzer (The Financial Services Roundtable/BITS) - On OIX and NSTIC (slides)
by Don Thibeau (OpenID Foundation) - NSTIC, Privacy and Social Login (slides)
by Francisco Corella and Karen Lewison (Pomcor) - Building the Legal Framework for
Browser-Enabled Identity (slides)
by Thomas J. Smedinghoff (Wildman Harrold, Allen and Dixon)
- The Financial Services Roundtable Statement
of interest and requirements (slides)
13:00 Lunch
14:00-15:15 Protocol and API Proposals
As the browser is only one part of the Web, what improvements are needed on the level of protocols like HTTP and certificate handling in order to better enable identity? What APIs are needed to provide developers with the ability to create secure Web applications that take advantage of identity?
Moderator: Halpin
- Repairing HTTP authentication for Web
security (slides)
by Yutaka Oiwa (AIST Japan), Tatsuya Hayashi, and Boku Kihara (Lepidum Co. Ltd.) - The WebID Protocol and Browsers (video presentation)
by Henry Story and Jeff Sayre and David W. Chadwick - GSS-REST, a Proposed Method for HTTP
Application-Layer Authentication (slides)
by Nicolas Williams (Crytonector) - Backplane Protocol and Identity Scenario
(slides)
by Brian Mcginnis, Johnny Bufu and Vlad Skvortsov (Janrain) - The Need for a Web Security API
(slides)
by Sean Turner, Stephen Farrell, Peter Saint-Andre, and Jeff Hodges (IETF)
- Repairing HTTP authentication for Web
security (slides)
15:15-16:30 Open Discussion
Moderator: Adams
Final Summing up by members of each browser team of the proposals made during the day, followed by open discussion of the scope, requirements, and technical proposals.
16:30 break
16:30-17:45 Moving Forward: Strategy and Tactics
Moderator: Halpin
Open discussion on next steps for standardization and final summing up of workshop results.
17:45 Adjourn