We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Designing for Participation and Web Litteracy

00:00

Formal Metadata

Title
Designing for Participation and Web Litteracy
Title of Series
Number of Parts
199
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Mozilla has 4 pillars of activity, to build, empower, teach, and shape the web. One of the ways we can help others join with these activities is to design our systems and processes with participation in mind, but why stop there? We also try to teach, and its a waste to teach someone a proces, and not tie it into a broader understanding. This interactive talk, derived from the "Desigining for Participation" session at the Mozilla Summit, and spured on by the release of the Web Literacy Standard v1.0, aims to not only help drive better participation by making systems and processes more accessible, but connect skills people learn + use within these to a broader understanding and web literacy
Arithmetic meanInformationTask (computing)Process (computing)Event horizonWage labourFacebookPrologWeb browserPhysical systemData managementCellular automatonWebsiteSelf-organizationAreaState of matterBoss CorporationGaussian eliminationOrder (biology)Formal languageSimilarity (geometry)NumberOpen setInformation privacyLiquidBitExecution unitAnnihilator (ring theory)Product (business)Image registrationLipschitz-StetigkeitWeightSemiconductor memoryWord1 (number)Identity managementQuicksortSign (mathematics)Mixed realitySummierbarkeitDecision theoryShape (magazine)Single sign-onAmenable groupSet (mathematics)Software developerComputer fileCommunications protocolNoise (electronics)EmailAddress spaceLoginPasswordError messagePatch (Unix)Revision controlImplementationForm (programming)Data storage deviceRight angleShared memoryWorld Wide Web ConsortiumSource codeMultiplication signDatabaseUniqueness quantificationIntrusion detection systemMathematical singularityDemo (music)StapeldateiLecture/Conference
Bit rateLoginIdentity managementInternet service providerSign (mathematics)outputWeb browserUnicodeGoogolRight angleCommunications protocolEmailAddress spaceDomain nameKey (cryptography)SynchronizationLibrary (computing)Computer configurationPlug-in (computing)Dot productWebsiteMultiplication signPasswordDemo (music)World Wide Web ConsortiumAuthorizationValidity (statistics)Public-key cryptographyPublic key certificateParticle systemState of matterData storage deviceFamilyLimit (category theory)System callPersonal digital assistantArithmetic meanVideoconferencingRule of inferenceDirected graphDependent and independent variablesSound effectDifferent (Kate Ryan album)Form (programming)Cellular automatonExecution unitComputer animationLecture/Conference
View (database)Bridging (networking)3 (number)Identity managementStructural loadInternet service providerInternetworkingPublic-key cryptographyPublic key certificateMultiplication signDomain nameOffice suiteAddress spaceCalculationClosed setGoodness of fitWebsiteData miningFormal verificationEmailComputer animationLecture/Conference
XMLUML
Transcript: English(auto-generated)
Hello, a very good afternoon to one and all First of all, welcome to phosdom seeing a lot of geeks around here Yeah Topic for like my session is persona like how many of you actually know or ever heard about person?
Can I have some hands? Okay so Yeah person is generally It's login system, it's a similar to
Single sign-on, but let's see how it is different and why you have to opt for this and How we can on which protocol it's working and we'll see it specs and all so how a Mozilla Persona like is useful for users how it how it is easy to implement this for developers and how
The port protocol of works on this So a Mozilla persona as I said, it's better way to sign in or a login system like single sign-on so this basically Helps users to log in
quickly say on secure manner and It doesn't ask you a password So it's something which is a different from single sign-on So when you are do single sign-on we need to actually
depend on third parties like in order to authenticate the credentials, right and It has to share your privacy information like maybe your phone number Like let's consider an example when whenever we login a true Facebook via Facebook or to any other site
It asks you to share Information to access the information of your email and phone number or So that we get a lot of mails and they can post on your wall Without asking your permission and it also has many privacy issues. So Like I just show you like what's the current state of us and
so This is how when we see a website it asks you to log in my face Google or Facebook or Yahoo so when you say These kind of errors we come across When even we use when try to login via Facebook and all so and this is the main person main concern of everyone
That everyone's information is being shared on social so which in turns have like lot of So the better way to sign in is I use Mozilla persona
Which actually helps you to sign in very easily just create an account And next it asks you are it asks you to enter your email ID. So the persona mainly Takes email addresses as a unique values and then proceeds for the login So you can it
So this is like a screenshot of how you manage email IDs in the Browser so and the supported browsers are like almost every version of Firefox supports it and Remaining all and as you know, everyone know that
Firefox Mozilla Mozilla Firefox has introduced the Firefox OS and in that we natively supports this persona sing sign on So why we have to focus specially on Developers and why it is easy for them to implement this kind of
sign-in system so as I said it's Very easy to implement there are like about four steps you just include the The JavaScript a file of that and then put login buttons and then verify it and that's it
So I say it's a federated protocol because It doesn't actually ask you to login It's like a database only with unique values of email IDs. It doesn't want any other information So whenever you just give your email ideas and login It actually validates of if it if you give it your email ideas at the rate yahoo.com
So it in turns ask you for the first time to log into Yahoo and then it actually checks whether the email ID is existing and whether it is Correct or not. And then it turns back to your site and then it's login and as I said it helps not to share your personal and privacy information into other websites and
you don't need to store passwords and You don't need to rely on third parties So again, this internal eliminates the registration form whenever you visit a new website It's horrible to register every site and keeping
in memory that Each every website every login and password. It's very difficult and sometimes they ask for username Sometimes they ask for a user email ID. So it's it's like a complicated So this this person are like internal needs the registration and all stuff. So again, it's open and
Whenever you use this persona implementation for your websites You don't need to whenever there is a patch submission or patch the next version of This system releases you don't need to take care of Again updating your source code or single sign-on system on your website. So it turn takes
from the update and it just updates So this like the freedom Give for we give for developers is like you can change as you UX as you want and in turn, it's like translated and available in like 48 languages and
So where we actually use in Mozilla the persona login. So in like everyone knows like Mozilla's daughter is very Profile for for every moselian who is actively volunteering So in that we use this sign a single sign-on persona and even in Firefox marketplace and even
Bugzilla and even in open batches and batch pack So in the morning, they were discussing about web maker So in that also in order to login you can just log in via persona where it ask you the credential I'll just show the show you the demo afterwards and
There are other sites which? Uses person as an login system is like who's which is event management system and This thing might be like people may be knowing this site basically deals with the amount of data you the amount of Mrs. And
Discussion form like these are few websites which actually have implemented this persona and it was like very success so and Even if you are it's not like if if your website is like HTML or some HTML you can use a persona if it is like implemented on PHP
you can use this and it has like lot of libraries and plugins as I showed you and Let me tell you like this persona is basically working on a browser ID protocol So let me even tell you like how that browser ID protocol works
Mainly this protocol has three actors users relying parties and identity providers our users are quite like common who used to log in the web and relying parties where Like let's take as example as web maker a web maker
Dot org is like relying party and identity provider is something like which we use as a login like if you're tall you use Yahoo At the rate sorry something at the rate Yahoo.com as a login so that would be like identity provider So like how the how the this work? I'll just tell in like three steps
Like this is how when you click on sign in it takes your email and as an input and browser ID is password like I mean to say a person has password for the first time and then it Generates a key value pair stores. It's a private key in the PC and send its public key to
identity authority and then they sign with the public key and then email ID and they'll have they'll issue with validity interval like certificate certificate and then it's it sends that certificate again back to a
user and After it received by the user It it has to prove the ownership so again the users browser writes some kind of assertion in which its email ID and key and other details are present and
That assertion is again sent to relying party Like with the with user certificate, and then it's validated So This is something like over you like where your user threat you log in and from identity provider It is like validated, and then you can just log into the website
I'll just show you a demo of that So like in the morning they were saying that we want to like login into web maker site Then we have to use like login persona
So I say I have already used many times login if someone could come and try They want to log in into this site, then we can so it's it's not asking me any password or anything I'm just yeah, I'm logged in
So it's like very easy or someone wants to try Yeah, yeah
I don't like if it is Firefox browser then With the option called Firefox Inc if suppose you are You have logged in your desktop Firefox browser, so and you have the same
Sync key in your Android phone, then it's you can directly login, so I think it's clear so he this we have Sync now So this is option I was telling about I think I will use my other email ID rather than this
Just remove this or else Yeah, so it's not verifying with gmail because I have entered at the right gmail I'm already
Might be if someone wants to can try restrictions on the email address
As of I knew it's it yahoo gmail Hotmail it's working fine Yeah Because I haven't
Domain with a unicode character, and it's a google apps domain, but I just don't have it here
This one second once look suspicious
So now I can try yeah Yeah Yeah for the first time
oh Yeah, it only
Wow there we go. That's a good start Okay, what do I do now? You have logged into the website so you can
Yeah, yeah
Yeah
Yeah, I think it will show you I Just try to log in mine or his I have to remove your name
verify Yeah, yeah, yeah, I'm done
Yeah
Like I do not understand okay, that means to see like it's I
Think I can answer this question you can Go to login that persona org and you can dare clear clear all the persona logins
So that it will not log you in anymore So you can I think Not yet, they're still thinking about that when you run your personal identity provider Then you could take down your identity provider to do something like it and that would probably work
So for example, I have my own IDP and if I would want to revoke any certificates that are out there for me I could take down My IDP to prevent people from logging in with those certificates signed with my earlier private key
Yeah Yes, the question I will repeat the question for you the question was that you said that since identity providers are bound to the domain for the email address and We just showed log in in with Gmail the question is if
Google supports persona and the answer is it does not directly but the persona team has built a couple of bridges that allow using the Google of API to Act as an identity provider. So you're really logged me into Gmail dot login dot persona org and it uses the Gmail API's to reuse
Their credentials and that works for Yahoo Yahoo and Gmail today Does this work with Internet Explorer, yes how
No, I think he's already saying so yes it does work and it's because it's all JavaScript
Thank you. Thanks all Yes, a bigger bigger close for him because he has done a lot of kilometers to come here
So really in it ourselves