Tuesday, August 14, 2007
CookieInjector, part 3
I've got a first cut of an end-to-end CookieInjector session - check out a sample video below, where I log in to Gmail and Quest (my university's student management system). When logging in to Gmail, I actually log in twice, to demonstrate that separate sessions are being created.
Note that the Cookie Jar claim value holds all the cookies needed to log in, but the display value is simply a hash of the cookies. It's basically a placebo for the user so they know that something happened.
When logging in to Quest, I skip the preview/retrieve steps and do a one-click log in.
This demo should illustrate the concrete improvements that CookieInjector and CardSpace give us:
Note that the Cookie Jar claim value holds all the cookies needed to log in, but the display value is simply a hash of the cookies. It's basically a placebo for the user so they know that something happened.
When logging in to Quest, I skip the preview/retrieve steps and do a one-click log in.
This demo should illustrate the concrete improvements that CookieInjector and CardSpace give us:
- consistent UI for authentication to different websites
- centralized tracking of authentication
- ...you can't see it, but my IP/STS records every time I authenticate to a specific service
- and, of course, you never need to enter a primary, long-lived password at a web site!
- ...this has other ramifications, too: if I want to allow my housemates access to the online portals that show our internet, cable, and power bills, I can do that by granting them their own cards that are allowed to authenticate to a subset of my accounts
Labels: cardspace, cookieinjector
Comments:
<< Home
consistent UI?
Like, that comes in handy when you're out of work, eh?
Let me guess, "user interface"?
Dad
Post a Comment
Like, that comes in handy when you're out of work, eh?
Let me guess, "user interface"?
Dad
# posted by 
: 11:38 PM
: 11:38 PM << Home
