Saturday, February 11, 2012

Software : Explained: BrowserID: what it is and why you should care

Software : Explained: BrowserID: what it is and why you should care


Explained: BrowserID: what it is and why you should care

Posted:

Explained: BrowserID: what it is and why you should care

BrowserID: what it is and why you should care

BrowserID is a method, presented in July 2011, to use email addresses to prove an identity and sign in to a website quickly and safely.

The system was developed by Mozilla Labs.

It's designed to be easier and faster than the esisting method of a site sending you an email and you clicking a link to verify your true identity.

So why is it important and how will it work? We decided to find out.

Q. How would it work in practice?

A. In order to log in on a website that supports BrowserID, you would only have to click on a Sign In button and then select from a menu what email address you want to use. Your browser and the website would take care of everything else.

Q. What about logging in via Facebook, Twitter or Google? That would be even faster and simpler, wouldn't it?

A. Yes, when you're browsing while logged in to any of those portals, you don't have to do anything, since any website connected with them will immediately know who you are. And that's the problem. Outsourcing these tasks to giant private providers creates lots of lock-in and privacy protection issues.

Q. That's surely true, but wait a second! Wasn't OpenID supposed to provide (more or less) the same service?

A. Indeed it was. In practice, it looks as if OpenID failed to reach critical mass for several reasons. Probably the biggest one was the need to temporarily go to another website to gain access to the one you wanted to visit.

Unless someone really understands the value of reliable online authentication services (and cares about it) that's much more cumbersome than just telling a browser to remember all passwords, or click on the Remember Me boxes provided by most log-in web forms. BrowserID tries to provide the same level of security and trust as OpenID, but in a much more transparent way.

Q. Tell me more about privacy protection in BrowserID, please.

A. First of all, unlike other sign-in systems, BrowserID does not force the user to share or transmit online personal, sensitive data, such as date of birth. In addition to this, BrowserID is designed not to pass to any server data about which web pages you visit.

Q. Why is BrowserID based on email addresses?

A. First of all, because everybody using the web on a regular basis already has at least one email address and knows it's already used as an identity and authorisation token. Next, because email addresses are not controlled or controllable by any single organisation.

Finally, because practically all websites that require their users to log in already store their email addresses to handle direct communications, password reset requests and other services: therefore, BrowserID gives them a better way to use for authentication some user data that they have already.

Q. Would BrowserID prevent me from using my favourite nicknames on those websites?

A. Not at all. The email address is used only for the initial authentication. BrowserID doesn't limit in any way how a website lets you configure your local account.

Q. Could I have multiple BrowserID identities then?

A. Of course. The only requirement is that each of them is associated with a different email address.

Q. What about other applications, such as chat clients? Could I use BrowserID with them too, or is it a browser-only thing?

A. Yes you could, as long as those programs implement the protocol, and provide their users with an interface to log in to their identity provider to get the keys. These may then be stored in Kwallet or any other desktop-based password manager.

Q. Sorry, what protocol and keys? Is BrowserID based on some sort of proprietary technology?

A. No. Technically speaking, BrowserID is an application of the Verified Email Protocol; a decentralised authentication system based on public/private key cryptography, through which users can prove to a website that they own an email address.

Q. Does BrowserID work on all browsers?

A. BrowserID can work on every modern browser, including mobile ones. The only requirement is that those browsers be compatible with the BrowserID JavaScript API. This said, even if you were forced to use a noncompliant browser, it would still be possible to use an equivalent web-based service.

Q. What should I do to start using BrowserID?

A. You should log in the old way to the website of your identity provider. That server will then tell your browser, through a JavaScript API, to generate a public/private pair of cryptographic keys.

Right after that, the browser will send the public key to the identity provider and get back a signed identity certificate. The browser will then store the private key and certificate as it would do with traditional passwords.

Q. What would happen next, when I visit a BrowserID-compliant website?

A. That website will tell your browser to run a JavaScript function that asks you if you want to log in and with which identity – that is email address.

Q. And when I accept...

A. The browser will send to the website the identity certificate, signed with the private key. At that point, the website will download your public key from your identity provider and verify that the signature is authentic.

Q. And that's how I'll prove to that website that I really am who I say I am?

A. Yes… and no. What this procedure provides is a third-party confirmation (unlike what happens with cookies!) that the authentication request comes from a browser that has the secret key associated to the provided email address. Which means that…

Q. I should never let other people use my browser!

A. That's absolutely true. However, that's the same risk you already face with every other authentication system that doesn't force you to enter a password every time, isn't it?

Q. I suppose that's true, but this also means I won't be able to authenticate from other browsers, right?

A. It depends. That's really up to you. In and by itself, BrowserID does allow you to have one certificate for each computer or smartphone you use, including borrowed or public ones such as internet kiosks. Of course, in those cases you would have to delete the private key and certificate as soon as you're done!

Q. Let's go back to identity providers. You keep mentioning them – who are they?

A. In the simplest and most natural scenario, your BrowserID identity provider would be your email provider.

Q. What if it doesn't support the system?

A. You could still use, without problems, a trusted, secondary identity provider that offers the same services. The Mozilla Foundation, for example, has set up a website called BrowserID.org for this very purpose, in order to speed up testing and adoption of BrowserID.

Q. Ah, yes, adoption. What is the current status of BrowserID? Is anybody already using it?

A. At the time of writing this piece (late November), BrowserID is still in its infancy. Most browser developers haven't announced any official plans to integrate BrowserID support in their software. That's not the main problem, though.

Q. Really? What is it then?

A. The real open issue is if and when the major email providers and online communities, such as Facebook and Twitter, will support BrowserID – that is become identity providers. Especially when, like Facebook, they have their own in-house alternative.

Besides, all these providers would need to agree on a standard way to make public keys accessible. Luckily, none of this makes it impossible to try BrowserID or implement it on your website.

Q. That's cool. How can I try it today?

A. For the moment, the best way to see how using BrowserID looks is to visit the official demo site at Myfavoritebeer.org.

Q. What about webmasters?

A If they use popular open source software, such as WordPress or Drupal, they're lucky: BrowserID plug-ins for those content management systems already exist.

Alternatively, they'd have to follow the instructions for developers published at browserid.org. Even in that case, though, they'd be able to use BrowserID without having to write any authentication code by themselves.

Tutorial: How to get started with Apple Mail

Posted:

Tutorial: How to get started with Apple Mail

How to get started with Apple Mail

Despite the popularity of social networks, no computer is complete without a great email app to help you keep in touch with friends and loved ones.

It's no surprise, then, that all Macs come with Apple's Mail program built into OS X. It makes it easy to set up your email account and browse and sort your messages, as well as write emails to others.

You'll need to have an email account. And for many email types, including Yahoo!, AOL, Gmail and Windows Live/Hotmail, Mail can set up your account using just your email address and password.

You can set up other kinds of accounts, but you may need to know the details of your incoming and outgoing servers, which your provider should be able to supply you with.

Once your account is set up, you'll see the Mail interface, with a list of emails on the left, and a preview box on the right. There's a Show button just above the messages list that enables you to see your list of account inboxes, which is handy if you have more than one set up, have created multiple mailboxes, or if you want to browse messages you've deleted from your inbox.

From the toolbar along the top of the Mail window, you can check for new messages, compose a new email, create a new note, delete emails, mark emails as junk mail, forward and reply to messages, and flag emails for your attention later.

There's also a search bar here, which enables you to find text anywhere in any of your emails, so you can easily search for its subject, or the person who sent it, for example.

In this walkthrough, we'll talk you through the basics of using the Mail app, including getting set up, reading your emails and writing messages, but once you're more confident with Mail, you can do a lot more.

For example, you can set up Rules such as having incoming messages sorted into different inboxes depending on the sender, you can change the default font and size that messages are displayed in, and create multiple email signatures.

Of course, if all you want to do is send and receive the occasional hello from family members, you can stick with just the steps on the opposite page and enjoy the full email experience.

How to get to grips with features in Apple Mail

1. Set up your account

step 1

When you first open Mail, or when you add a new account, it will ask for your name, email address and password. For many types of email, this is all you'll need to enter, but if Mail is unable to find the information it needs automatically, it'll ask you for more details.

2. Read a message

step 2

With your account set up, and email flooding in, select one in the left-hand inbox list to display it in the window to the right. Or, you can double-click on an email to open it in a new window. From here, you can click the arrow buttons at the top to reply or forward emails.

3. File attachments

step 3

If an email sent to you has an attachment, you'll see a paperclip next to the sender's name. A file icon will be displayed beneath the email text. You can click a file's name to open it, open it with Quick Look for a brief check, and save it by right-clicking.

4. Photo attachments

step 4

Attachments, such as photos and PDF files, are handled slightly differently. They are displayed in full under the email's text. Again, they can be opened or saved, and if there are several photos, you can view them in a slideshow with Quick Look.

5. Search through emails

step 5

In the top-right of the Mail window is the search box. Mail will search all emails for anything you type in here. Results appear in the inbox pane, and below the search box. You can use this list to search for emails from certain people, or by subject line, for example.

6. Compose a message

step 6

Click the paper-and-pencil icon to create a new message. In the To field, you can enter the email address of your recipient.

If they're stored in your Address Book, you don't need to type out their email address in full – start typing their name, and Mail will offer their email address. Add a subject line and type a message in the blank space below that.

To attach a file, click the paperclip icon at the top of the windows and browse to the file you want. Clicking the icon that looks like a mountain will open a photo browser, so you can insert a photo from your iPhoto library.

To the right of this icon is a button to open the stationery pane, which enables you to send colourful emails.

No comments:

Post a Comment