by Paul Downey
One of the most difficult decisions in developing a Web site is how to manage user identity. As a user you have to assess the implications of connecting your Twitter or Facebook user to other random services. Meanwhile, enterprises are challenged to evaluate ever more magical products for connecting their silos with other silos, often in direct conflict with any desire for a RESTful architecture. Did innovation in authentication on the Web stop at usernames, passwords, and the HTTP Cookie? Does Firesheep mean you should serve everything over HTTPS? What happened to OpenID? Can outsourcing your userbase to Twitter, Facebook, Google or some other commercial entity really be a good idea?
This talk has some answers, but mostly offers a wide-ranging and opinionated tour of the current state of identity on the Web. There will be URIs and angle-brackets, but mostly anecdotes involving venn diagrams, famous bridges, self-destructing kiosks and quantum computers.
Keywords: Web, REST, Identity, PKI, SAML, VRM, UMA, XAuth, OpenID, OAuth, Webfinger.
Audience: Anyone who wants to build a Web site, or uses the Web, or has to talk to Enterprise Architects about the Web.
10th–12th October 2011