IIW 24 Demo's

From IIW

IIW XXIV #24 DEMO Hour List - Wednesday May 3, 2017

Table Number #

1. Serverless Sign In with Blockstack Auth: Ryan Shea, Co-Founder of Blockstack URL: https://blockstack.org/ We are pleased to demo Blockstack Auth - an authentication system that will allow users to sign in to websites without relying on any third parties or remote servers.Verifiable Claims Ecosystem

2. A Peer-to-Peer Trust Protocol: Jon Nash URL: https://fiatdata.org A distributed, open source solution to identity confirmation.

3. Consent-Informed Attribute Release (CAR): Ken Klingenstein URL: https://spaces.internet2.edu/display/ScalableConsent/Scalable+Consent+Home We demo "Consent-Informed Attribute Release," an open system that enables user choice about release of their personal information-- or use of scopes, e.g “view family photos”--on a per-relying party basis. It can play with SAML and OAUTH/OIDC and is mobile and browser independent.

4. uPort - Ethereum based digital identity platform: Christian Lundkvist, Pelle Braendgaard, Rouven Heck URL: https://www.uport.me/ We will demo the mobile application with a decentralized Ethereum application. uPort is building a global, unified, self-sovereign identity platform. On uPort, users and businesses create their identity and control their data, while securely authenticating to the world around them.

5. digi.me –current PC/Mac, iOS and Android version application: Jim Pasquale & Julian Ranger URL: http://digi.me for product & http://digi.me/video for vision Demo shows what users can do when they own and control their own data on their own devices(s), simply by “get it”, see it”, share it” for social, health, and financial data fully curated from multiple sources. Sharing data through Consent Access feature, flashbacks perspectives on social interactions with likes and comments, and universal search, customizable widgets for building collections, creating journals. Empowering individuals to gaining more insight and making better decisions sharing data on their terms with digi.me enabled apps.

6. MessageGuard: Kent Seamons URL: http://messageguard.io/ MessageGuard is a browser plugin for secure webmail. It has received high usability scores in the lab. It has a pluggable key management scheme. We recently compared PGP, IBE, and passwords. MessageGuard is the first usable PGP in a lab study, and scored almost as high as IBE.

7. Cirrus Identity/Invitation Service for Sponsored Accounts: Dedra Chamberlin, CEO URL: http://www.cirrusidentity.com/invitation/ Cirrus Identity’s Invitation Service - the convenience of social login for “guest” users, with the security of access control. Easily integrated with your SAML SSO! Enterprise accounts for guest users is a pain. Solution: secure social login from @cirrusidentity-all guests authorized by internal sponsors. Pre-built email flows.

8. Videntity/Pre-OAuth Entity Trust (POET) - A mechanism for 3rd party application endorsement/trust: Alan Viars URL: http://github.com/transparenthealth/poet & https://github.com/transparenthealth/python-poetri Pre-OAuth Entity Trust (POET) is a mechanism for 3rd party application endorsement and trust. It's based on JWT. Although it was designed for consumer-based health care applications functioning as OAuth2 clients, POET can be applied broadly in non-health and non-OAuth situations.

9. Token Bound OpenID Connect SSO: Brian Campbell URL: https://www.ietf.org/mail-archive/web/unbearable/current/msg01332.html Token Binding enables long-lived, uniquely identifiable TLS bindings spanning multiple TLS connections. Cookies and tokens can be cryptographically bound to the TLS layer, preventing token export and replay attacks. Demo will show a token bound OIDC login and resulting session.

10. YubiKeys & Evolving the use of hardware backed identity: Chris Streeks URL: https://www.yubico.com Yubico is the co-creator of the FIDO U2F open standard and the inventor of the YubiKey. We will provide a brief demonstration of an OAuth 2.0 flow using YubiKeys and FIDO U2F as the authentication mechanism. We'll also update you on the latest news regarding 2FA adoption and the FIDO ecosystem.

11. Yoti: Bruce Nash and Paco Garcia URL: https://www.yoti.com Yoti is your ID, on your phone. It helps you prove who you are to companies and people, online and in person. It takes 90 seconds to create your digital identity, which you can use to log into websites using your face, instantly know who you’re talking to online and prove your age.

12. TruSphere mobile app sign up / sign in without passwords: Omar Shafie (Co-Founder of TruSphere) TruSphere’s login technology enables a mobile app to sign up and authenticate its users without passwords. A sample Android app will be shown. The software tech is built atop unique asymmetric cryptographic keys, JWTs, and OAuth 2.0. No special hardware required.

13. Auth0 - : Jared Hanson, Chief Architect URL: https://auth0.com Auth0 is an extensible identity management platform that allows authentication and authorization to be easily added to consumer and enterprise applications. Supports industry standards including OpenID Connect, OAuth, and SAML

14. Picos Everywhere: Bruce Conrad URL: https://picolabs.io Extending the world wide web with persistent compute objects,supporting the Internet of Things while preserving personal freedom with an open-source pico engine that belongs to no one; everyone can use it and anyone can improve it.

15. The Data Beyond Login: Robert Burgess URL: http://www.gigyamedia.com/ A discussion of CIAM authentication flow and progressive profiling.

16. HIE of One Self-Sovereign Identity Container: Adrian Gropper We demonstrate how a licensed physician writes a prescription into a patient-sovereign health record. Both the physician and the patient use self-sovereign blockchain IDs (uPort) and both have health record code running in their identity container.