GOTO is a vendor independent international software development conference with more that 90 top speaker and 1300 attendees. The conference cover topics such as .Net, Java, Open Source, Agile, Architecture and Design, Web, Cloud, New Languages and Processes

Paul Downey, the doodler behind 'The Web is Agreement'

Paul Downey

Biography: Paul Downey

Paul Downey is mildly infamous as the doodler behind 'The Web is Agreement' and other Web architecture drawings. His work is informed by his time as a Chief Web Services Architect, chairing and participating in a number of working groups at the W3C, WS-I and OASIS, as well as a member of, a team of Open Source developers at BT. He co-organises, an Open Source Hardware monthly meet-up in and around London, and is a co-founder of — a hub for collaborative electronics projects. Paul infrequently posts on
Twitter: @psd

Presentation: Who are You? Who am I? Who is Anybody?

Track: Web as a platform / Time: Tuesday 14:30 - 15:20 / Location: Store Sal, BORA BORA

One of the most difficult decisions in developing a Web site is how to manage user identity. As a user you have to assess the implications of connecting your Twitter or Facebook user to other random services. Meanwhile, enterprises are challenged to evaluate ever more magical products for connecting their silos with other silos, often in direct conflict with any desire for a RESTful architecture. Did innovation in authentication on the Web stop at usernames, passwords, and the HTTP Cookie? Does Firesheep mean you should serve everything over HTTPS? What happened to OpenID? Can outsourcing your userbase to Twitter, Facebook, Google or some other commercial entity really be a good idea?

This talk has some answers, but mostly offers a wide-ranging and opinionated tour of the current state of identity on the Web. There will be URIs and angle-brackets, but mostly anecdotes involving venn diagrams, famous bridges, self-destructing kiosks and quantum computers.

Keywords: Web, REST, Identity, PKI, SAML, VRM, UMA, XAuth, OpenID, OAuth, Webfinger.
Audience: Anyone who wants to build a Web site, or uses the Web, or has to talk to Enterprise Architects about the Web.