Skip to content
Pomcor

Pomcor

Research on Web and Mobile Technology

  • Home
  • Blog
  • Research
    • Remote Identity Proofing
    • JavaScript Cryptography
    • Cryptographic Modules
    • Derived Credentials
    • Archived Research Pages
  • PJCL
  • Patents
  • About Us
    • Company
    • People
    • Recent Funding
    • Earlier Funding
    • CONNECT Springboard Mentoring
    • Contact
  • Archive
Pomcor

Tag: Altly

Altly Needs PKAuth

I was happy to read Dmitry Shapiro’s blog post about Altly, a startup that plans to challenge Facebook on privacy grounds. We need competitors to Facebook for all the reasons mentioned by Dmitry, plus a few others.

Facebook uses OAuth to implement social login (“Facebook Connect”, now called “Login with Facebook”). OAuth is insecure, because it allows an authorization code to be sent in the clear from Facebook to the relying party (the application or site that features the Login with Facebook button). If you log in with Facebook in a cafe, an attacker may be able to intercept the code and use it to impersonate you.

Another problem with OAuth is that it requires prior registration of the relying party with Facebook. This means that, if Login with Facebook becomes ubiquitous, Facebook will have the unchecked power to effectively disable most Web applications by revoking their registrations.

The registration requirement is also an additional barrier to entry for Facebook competitors such as Altly. To implement “Login with Altly” competitively, Altly will have to persuade over a million sites and applications to register with it.

To address this competitive barrier we have suggested a social login protocol, called PKAuth, that does not require prior registration. We would be happy to work with Altly and any other social site (including Facebook) that would be interested in implementing PKAuth, writing open source libraries for relying parties, and codifying the protocol as a Web standard.

Author Francisco CorellaPosted on May 31, 2011Categories Authentication, Network Security ProtocolsTags Altly, Authentication, Facebook, Identity, Network Security Protocols, PKAuth, Social Login1 Comment on Altly Needs PKAuth

Forums

  • PJCL User Forum

PJCL User Forum Login

Log In
Register Lost Password

RSS Feeds

RSS logo Subscribe to blog posts
RSS logo Subscribe to comments

Recent Blog Posts

  • Easy, Password-Free, Cryptographic Authentication for Web Applications
  • PJCL Can Now Be Used in Node.js Server-Side Code Exactly as in the Browser
  • Second Release of PJCL Expands Functionality Following NIST Cryptographic Specifications
  • Pomcor Releases JavaScript Cryptographic and Big Integer Library
  • Storing Cryptographic Keys in Persistent Browser Storage

Blog Archive

Blog Post Categories

Blog Post Tags

  • ABC4Trust
  • Altly
  • Android
  • Apple Pay
  • Authentication
  • Big Integer Arithmetic
  • Biometrics
  • BrowserID
  • CAC
  • Cryptography
  • Cybersecurity
  • Data Protection
  • Derived Credentials
  • Do Not Track
  • Facebook
  • Google Wallet
  • Identity
  • Identity Proofing
  • Idtrust2011
  • IIW
  • iOS
  • JavaScript
  • Karatsuba
  • Microsoft
  • Mobile
  • Multifactor
  • Network Security Protocols
  • NIST
  • NSTIC
  • OAuth
  • OpenID
  • OpenID Connect
  • Patents
  • Payments
  • PIV
  • PJCL
  • PKAuth
  • Privacy
  • Real Time
  • Search
  • Smart Cards
  • Social Login
  • Surveillance
  • TEE
  • TLS
  • Home
  • Blog
  • Research
    • Remote Identity Proofing
    • JavaScript Cryptography
    • Cryptographic Modules
    • Derived Credentials
    • Archived Research Pages
  • PJCL
  • Patents
  • About Us
    • Company
    • People
    • Recent Funding
    • Earlier Funding
    • CONNECT Springboard Mentoring
    • Contact
  • Archive
© 2011-2018 Pomcor