Web Comm, 2017-18 edition

Minutes for lecture V

I am who I am: Identity on the web

14.45
-why trace people
	-businness optimization: user profiling
	-site  optimization: sufing stats
	-surf optimization: personalized site presentation

-how to trace people: 
	-how http works
		-HTTP is steteless (more or less): shot (many times) and forget.
		-What is a TCP connection: My IP
			-anonymize proxy
		
		-HTTP Header: User Agent	
	-Introduce steteful on HTTP: http sessions and cookies
		-definition
		-an example
		-EU directive
	
16:00	
How to indentify people (and servers)
	-The Server is the Server?? Give me the proof!
	
	-Criptograpic: symmetric keys
		-on the air "I have the key!" (The robber. "Now also me, hehehe")
		-on a secure pipe  "I have the key!" the server:"who give you the key??"
		-before the pipe: "How I can open a secure pipe?"
	-Criptograpic: asymmetric keys
		-Alice: on the air "I sign this stone with my (secret) sign" 
			Bob: "I check your (secret) sign with your (public) sign, good!"
	-"Who's on the first base? Who's on the first base!", Trust CA
		-Alice on the air "I sign this stone with my (secret) sign" 
		 Bob: "What is your (public) sign?"
		 Alice: "This is my (public) key! ITs signed by (secret) sign of Carl"
		 Bob: "What is the (public) sign of Carl?"
		 Alice: "This is the (public) key of Carl! Its signed by (secret) sign of Dan?"
		 Bob: "Oh Ok, I know Dan! good!"
			
	-Server identity, SSL/TLS
		- Server: I give you my public key trusted by CA
		- Client: I cript (sign) "a strong secret word" with your public key, 
			what is the secret word?
		- Server: I decript your secret word with my secret key, Its "a strong secret word"
		- Client: Ok, You are who you claim!
		- Server: And You??? Who you are?
		
	-Client Identity
		-user,password
		-two factor authentication
			-phisical token
			-two way chanel communication
		-biometrical password (fingerprint, voice scan, face scan)