Slashdot Mirror
Private Personal Agents vs. Microsoft's Passport
stefaanh asks: "With the recent MS Passport concerns, I remembered an 'IEEE Expert' 'JANUARY-FEBRUARY 1997 article called 'Managing your privacy in an on-line world' written by Michael McCandless. It talks about why you would hand out private information (on the Net), and proposes a personal agent that manages your info, in a way that you control, what, who and when to give out a selection of your sensitive data. Who benefits: you, and the companies that don't pay for outdated or inaccurate data anymore, but [pay you] for accessing correct data. Since I consider Passports 'security' not as serious as the potential of consumer tracking, what sits in the way for this personal agent to challenge the threat of Passport's centralized approach? Isn't the time right for such an implementation?"
Didn't you watch Ashcroft's announcement how fighting the terrorism means that you have you sacrifice your privacy to the FBI? If you haven't done anything, you've got nothing to fear, right?
The police will be able to come to your door and demand your electronic wallet. Or in an auto accident, the opposing party can demand it in discovery. Think of the black boxe in your totalled vehicle, now in the possession the insurance company. What if it contained GPS data?
Fight Spammers!
It keeps your personal data (optionally encrypted) and fills in forms for you. You can then select what data you want actually sent.
Is this what the asker referred to?
Make even shorter URLs - 8LN.org
I don't like tracking, and I can remember multiple, non-obvious passwords. A lot of other people can't, and most of us don't have any serious data to protect. Passport isn't perfect, but nothing is. It simplifies life for a lot of people, they like it, they WANT to use it, so why not just leave them alone?
Better yet, write another open source replacement that copies the commercial versions features, only make it WORK and don't do it in JAVA for Chrissake....
'Gassport' perhaps?
The software that manages your personal information should run on your personal computer.
a personal agent that manages your info, in a way that you control, what, who and when to give out a selection of your sensitive data.
Boy, I think I already have one of these. It's called my brain, and when a web site asks me for personal information, I consult with my brain to see if I want to give it to them. Then, I use another technology called my 'keyboard', and type in the relevant data. It takes about 30 seconds usually, and it has none of the potential vulnerabilities that come from entrusting my data to some 3rd party.
Are people really this lazy, or am I missing something?
Invisible Agent
This post is a mirror; when a monkey stares in, no hacker gazes out.
yeah, let's call it "Passport" and bundle it with XP so that we can manage our information from our desks and have it centralized at the same time. sure it will be suceptible to attack, but it would be convienent; oh wait, it alread is.
Website Hosting
Before you know it, when you go to a store to make a purchase, instead of being asked for your address and phone number, they will ask for your IP address.
http://www.askthevoid.com
Even if we have dedicated networks to homes, and even if those networks are deployed to everyone's home like telephones, and even if we create this cryptographically secure database, how do we prevent someone from getting information out of it, and then reselling that information to someone else?
I think that this guy has an interesting idea, but I don't think that it's necessarily a solution for the privacy problem. I do very much like the idea of flipping a switch on my home PC to invite people to advertise to me for services that I need at the current time (e.g. my washer just broke and I need a new one). But how do I then prevent the phone number, contact information, interests, etc that I just gave out to Sears (et al) from getting stored in their own database and being resold to someone else?
Did I miss something in the article that addressed this?
Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
Think air rage is bad now? Try arming those drunk businessmen and see what happens.
Myself i have the vision of a central Identity managing agent which basically
let's you define identities in one central place (name/pgp-keys/ssh-keys etc.)
provides interfaces (corba/c) to other programs (e.g. email-clients) to use the current identity settings
acts as an ssh-agent
acts as an pgp-agent (much the same way as the ssh-agent does)
generally manages Identity-Information in profiles (like business-profile1, privat1,privat2, anonymous)
spawns and configures proxies intercepting network communication (mostly smtp/http-proxy), filtering/altering cookies and other identification elements
aids in encrypting personal stuff
could run on embedded (more controalable) environments/chipcards
I guess the agent itself should be very lean. The gui to configure/login is separated. And the programs using the ident-information (email/browsing/logins/Formular filling) should be separate too. And this has to be a free project not owned or controled by any company, i guess.
Brrrr... Is it ever cold outside. I think I'll just stay home. I love hanging out beside my wood stove, it keeps me warm. It, however, doesn't ever get warm enough to melt my igloo.
Having to carry all that information with you (maybe in a PDA or something?) if you want access to it is an additional burden.
Perhaps having an open standard for exchange of this type of information such as done by http://xns.org/, would allow multiple competing agencies to act as costodians. Give people choice and perhaps some of the control and privacy (and cost) issues would be less pressing than if all data was held by a single player such as Microsoft.
The article by Michael McCandless (stupid PDF file!) addresses some of the issues that XNS tries to address - albeit with the idea of the personal information residing on your network connected home computer rather than on an XNS-server run by some company that you decide to trust.
Now if XNS would get around to releasing their open source code examples and the detail technical specifications perhaps there could be more motion to widespread adoption. They claim plans to do so "real soon now".
With that said, XNS's ecard address book features are pretty nifty even at this early development stage.
I used to work for Intermind, which morphed into 'OneName', which was the commercial counterpart to xns.org. The open source community just hasn't picked up the XNS ball for some reason. *shrug*
From what I understand this only works for previously filled out forms.
.net authentication less attractive.
What is really needed is someone to release a standard for form field naming (i.e. name_first) then when confronted with a form you can select to fill all recognized form fields from an encrypted password protected database kept on your computer. Then it would nice if you could transfer this this database, encrypted and password protected, to sync up your other computers. This would make MS
Rabid Linux Geek: 'Evening, squire!
Squire: (stiffly) Good evening.
Rabid Linux Geek: Is, uh,...Is your wife a goer, eh? Know whatahmean, know whatahmean, nudge nudge, know whatahmean, say no more?
Squire: I, uh, I beg your pardon?
Rabid Linux Geek: Your, uh, your wife, does she go, eh, does she go, eh?
Squire: (flustered) Well, she sometimes "goes", yes.
Rabid Linux Geek: Aaaaaaaah bet she does, I bet she does, say no more, say no more, knowwhatahmean, nudge nudge?
Squire: (confused) I'm afraid I don't quite follow you.
Rabid Linux Geek: Follow me. Follow me. That's good, that's good! A nod's as good as a wink to a blind bat!
Squire: Are you, uh,...are you selling something?
Rabid Linux Geek: SELLING! Very good, very good! Ay? Ay? Ay? (pause) Oooh! Ya wicked Ay! Wicked Ay! Oooh hooh! Say No MORE!
Squire: Well, I, uh....
Rabid Linux Geek: Is, your uh, is your wife a sport, ay?
Squire: Um, she likes sport, yes!
Rabid Linux Geek: I bet she does, I bet she does!
Squire: As a matter of fact she's very fond of cricket.
Rabid Linux Geek: 'Oo isn't? Likes games, eh? Knew she would. Likes games, eh? She's been around a bit, been around?
Squire: She has traveled, yes. She's from Scarsdale. (pause)
Rabid Linux Geek: SAY NO MORE!!
Rabid Linux Geek: Scarsdale, saynomore, saynomore, saynomore, squire!
Squire: I wasn't going to!
Rabid Linux Geek: Oh! Well, never mind. Dib dib? Is your uh, is your wife interested in....photography, ay? "Photographs, ay", he asked him knowlingly?
Squire: Photography?
Rabid Linux Geek: Snap snap, grin grin, wink wink, nudge nudge, say no more?
Squire: Holiday snaps, eh?
Rabid Linux Geek: They could be, they could be taken on holiday. Candid, you know, CANDID photography?
Squire: No, no I'm afraid we don't have a camera.
Rabid Linux Geek: Oh. (leeringly) Still, mooooooh, ay? Mwoohohohohoo, ay? Hohohohohoho, ay?
Squire: Look... are you insinuating something?
Rabid Linux Geek: Oh, no, no, no...yes.
Squire: Well?
Rabid Linux Geek: Well, you're a man of the world, squire.
Squire: Yes...
Rabid Linux Geek: I mean, you've been around a bit, you know, like, you've, uh.... You've "done it"....
Squire: What do you mean?
Rabid Linux Geek: Well, I mean like,....you've SLEPT, with a lady....
Squire: Yes....
Rabid Linux Geek: Do they run Linux?
Make it a law: in order to email me or send me junkmail or otherwise harass me with advertising, you must pay me to get my updated contact information. (It'd be like $0.001 per but you know, when someone sends out 1,000,000 emails that's $10000 extra. At the rate of emails that I get, about 30 spams a day prefilter, that'd add up after a while).
Even if it was like $0.0001 the advertiser could benefit because they would have up-to-date advertising information.
And if I could indicate what I like and don't like, then they can also target better.
So $0.0001 if you just want my updated email address, or $0.001 if you want to know what I don't like, or $0.005 if you want to know what I like.
Pay per use advertising. Nice!
Scary thing is that it could benefit the advertisers too. =)
If God gave us curiosity
They are called financial managers. They get all the bills, they keep tabs on all expenses, they handle all dealings with the financial world. All the rich person does is spend it and read reports on the interest they've earned.
So why shouldn't the rest of us have the same thing? I hate having to update dozens of records across the country every time i change an address or lose a credit card. Switching banks caused a huge uproar in my automatic online banking.
It's like e-mail. I would have to be a complete idiot to use my ISP-given e-mail box. As soon as a switch providers, its worthless since no ISP wants to offer a nice handy eForwarding option (even for a small fee). They want to punish you for leaving. Not even that, sometimes ISPs decide on their own to change their addresses (like what Netscape did when it bought some free webmail thing, or like MediaOne did when they became part of @Home).
So what do I do? I get my own domain and give that out. When my ISP changes, I don't care. Update the record in a single place and I'm done.
Extra layers of abstraction, like this, are desperately needed in the financial sector. I would love to see some AI that could handle the same functions as a financial manager without me having to make enough interest off of my measly savings account to be able to pay his salary.
- JoeShmoe
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
Jedidiah
Craft Beer Programming T-shirts
A recent MSDN article quotes, "Microsoft will not mine, target, sell, or publish any data contained within the Hailstorm data store without explicit user concent."
Is there any way to have a "EULA" type thing from the USER instead of the company? Could we take legal action in the same way they can if we violate thier EULA?
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
I believe that there are several options available to do some similar things today. Zero Knowledge's Freedom Firewall provides an encrypted personal info tool with it's free firewall and cookie manager. You don't even need to sign up for their anonymous web browsing service to get it.
http://www.JournalOfTheRandom.com
This truely scares me. No words can describe the terrible events of Sept. 11 and there are things that can be and should be doen to improve security like having well paid, well trained FAA people at security checkpoints, and although im loath to say this face recognition software at those bording gates as well.
However, for the Atty General to want to trash the Bill of Rights which is was supposededly sworn to uphold is a far greater threat than any terrorist act.
Think of all the people that fought in previous wars and gave their lives to protect us from random police searches.
This is one of the most fundimental freedoms we have.
Am iI the only one to see Mr Ashcrofts actions as spitting on all the veterens of every war since 1776?
I hope those who cherish freedom can help in this, I for one am going to donate to the EFF.
If we let the FBI (et al) randomly scoure our comunications, then the terrorists have won, and iI am not ready for this.
I do not want to live in a 'banana republic' however if we allow this invasion of our privacy, the next White House news conference may very well look like THIS
* Carthago Delenda Est *
I've found that the *only* way to effectivly manage your personal information is to fabricate it when the request for it viloates your personal boundaries.
.com boom going got a little tough), I'm very glad I made this decision. This does go to show you just how careful you have to be when making this call.
r s-resume?
Everybody treats identify theft as a bad thing; however, I believe that as long as you are ethical in your use of another person's or fabricated identity (ie you aren't using their idenity to commit some sort of tanageable fraud that results in loss to another person or company for the direct purpose of evading prosecurtion), there's absoluetly *nothing* wrong with it.
Case in point: ebay has *never* had any of my personal information. They might have enough to eventually track me down to a phone number, but then who's to say if actually that means anything. In retrospect (when the
My windows boxes? All registered to "_" who works for a company called "_@-.com". My word documents? All check with strings and binary edited to remove unwanted tracking information. I'd suggest everyone out there do the same and show microsoft just how irrelivant their user ID is (something that I hope they're not using for passport).
Some suggested reading:
Who Are you?
Inetrrupted Identity
From Victim to Victor
The degree to which an alternate identity is used is, of course, up to the users. And obviously, there's some funadmental line in the sand that each of us draw. Mine is my employer. Basically, I believe that it is funadmentally wrong to use an alternate identity for employment. That usually goes a long way towards abreviating any run-ins I might have with the Feds. regarding victimless forms of "fraud" as interperted by the letter of the law. If you're cleaver, other ways to sign documents and fill out government forms that will keep you clear of these issues, but, for me, it's not worth the hassel.
One of my biggest pet peeves is recruiters and placment sites/agencies that take liberties with my resume, references or other personal information. Recruiters are such information whores (part of their job) and job web sites are even more poorly secured that most ecommerce sites... once the information goes into the hands of recruitment, it's basically public domain. What *really* pisses me off are the government job-kit sites that require your SSN (and threatens the force of fenderal fraud law if you don't supply the correct one). If you've shopped around for a government job, one thing you'll notice is that government bureaucrats required the use of these sites and have you fill out all manner of paperwork and forms in order to reduce their work load. Often, they'll require your SSN to be actually listed *on* your resume (god help you if you mix that up with the regular recruitment agencies).
Consequently, I use web bugs to track the distribution of documents I write. In particular, my resume:
http://www.datadoctors.com/webbugs/
Adding a web bug to your resume is so incrediably easy I don't understand why more people don't do it:
Microsoft Word
Main menu
Insert
Picture
From file
URL in the filename box
Pulldown: link to file.
Of course you have to have a transparent 1 pixel gif/jpg out on a web server to which you have access to the log, but hey doesn't every self-respecting geek have one of those?
I only which this microsoft word feature had the ability to send more information back and perhaps execute some server side code; it would be really nice if you could gain access to word environment variables via the url specification, like this:
http://www.resume-tracker.com/cgi-bin/trackit?use
Which would serve up a 1 pixel transparent gif/jpg while recording the reader's e-mail address in my log file.
Or, how about a word macro that automatically inserts a web bug with the date as a filename in each document you write (of course, you'd have to load up your webserver with a bunch of 1 pixel gifs or the macro would have to dynamically publish the new file name out to the server).
I've also been thinking about extending this technique to web-based or HTML e-mail using javascript/activex, but I don't write a lot of HTML mail (it's fundamentally evil in my opinion).
Also Adding embedded javascript/active-X into the text input at various job sites meets with varying amounts of success.
Of course, sending a word or html document that would load the core information (payload?) from a central location using strong encryption would be best
Upon sending out a few resumes, I've noticed serveral things. First, I can identify those who are well networked. Second, I can track resume age/versions fairly accurately. And finally, I can easily discover which job search sites are the best with respect to the privacy vs. dispersion trade-off.
A resume isn't a fully fleged meme, but it's close and, as a consequence, I would like to have a little control/information about how it propagates.
Is that too much to ask?
Since there are a lot of people behind NAT'd IP's the store clerks will probably hear a lot of ..
"Yeah, it's 10.0.0.1" or "192.168.0.45" etc.
Looking at online stores I think it's a fair deal that they collect the information _they_need_ to do their business in a database - but only that bits they need and with a grant that they use this information only for their business.
So the problem remains with logging in to their site and people today seemingly unable to remember username&password. So what we need is a standardized login interface (xml-rpc, soap whatever) and a facility in the browser to talk to it.
The browser would hold a database with URIs (https of course) and login/pw. To add security, this database could be encrypted globally with a user password and per-site with a key the site transmits (or just with the URI said information gets POSTed to).
The problem the open source community I think is in it's lack of innovation. Rather than just trying to do "that", only make it open source is a bad approach to ever making any real change, or ever getting people to use your software. The idea should be to do "that", first. When it matters. Just something to think about.
Are people really this lazy, or am I missing something?
Passport isn't about saving keystrokes, it's about control, specifically who has access to your personal data and for how long.
As slashdot has reported in the past, Failed Dotcoms Like Selling Private Customer Data, and a most recent example of this is Egghead.com selling its customer list to Fry's Electronics Twice already I personally have knowingly been bitten by this (CDNow and Egghead) and I have no idea what websites I may have bought a book or CD from in the past that may have failed with my personal info in their databases or haven been sold to a competitor. With a system like Passport, I specify what which websites have information about me, what information they get to see and exactly how long keep this information.
This is just one of dozens of possible Passport usage scenarios.
Digitalme from Novell already did it before passport came along. Gives you the option of giving out any one of your many identities and controlling what info they get. Combined with a personal directory this could be used to "sell" your identity info to any company you trust.
Geez...one day they may come up with something unique.
I don't want to dismiss the fear, because I think it is important.
But why attack Passport? How is Passport any more centralized than Visa or Mastercard?
You don't think credit card companies track your purchases? You don't get a statement at the end of the month? In the case of American Express they send you a statement at the end of the year that even classifies your purchases, so much at restaurants, so much for travel, etc...
These reactions seem to be more anti-Microsoft kneejerk reactions than any serious discussion of the problems and solutions. I don't see much value in that tactic.
Maybe I'm missing the point, but hasn't Gator been doing this for years? I'm not sure about it's backend and whether it encrypts your data or not, but it keeps your information on your computer and fills in forms semi-automagically. Despite it's reputation as spyware I know a lot of people who use it to simplify their online lives.
perl -le 's;;uoli;;$a=length;y;g-w;e-u;;$a--;s;j;$a;;print'
We must absolutely protect our privacy, as it will come increasingly under attack. The war on terrorism will (in my opinion) never be won, and every time there is an attack, privacy will slip away more and more.
Ohh, and why the heck aren't there security guards on aeroplanes?
...is that they run on hostile computer systems.
How can you make code that securely holds data, can unlock that data, can not be altered, and runs on systems that you do not control?
Sooo, which is worse, MS holding data about you on the terms that they won't do anything with it without your permission, or a piece of code running on hostile systems in every corporation that holds more data about you?
Nothing's perfect, but some things are more perfect than others. Passport is not perfect in many ways-- security, the group that controls it, single-point-of-failure concerns, scaling concerns, etc.
*I* want to manage my own personal data; it should be up to *me* to handle it. There is no reason a public-key system shouldn't work in a peer fashion for single-login authentication. Security would still be a problem, but a security breach means only one person has to deal with it. An *individual* should be responsible for maintaining their own identity, just as they are responsible for maintaining their own wallet or house.
Just my views on this, but I think a combination would work well-- by default, a person can manage their own data, but proxy sites can be set up to manage it for them, like passport does currently.
Microsoft is to software what Budweiser is to beer.
Another alternative is network based peered agent services that are operated by third parties on the behalf of consumers. This would be similar to having someone run your personal agent for you, or being able to choose between a bunch of different passport service operators. This eliminates the operations burden on end users who are then able to use the trusted third party of their choice to host their information. Access to the information would still be governed based on rules defined by the end user.
-n
Short and simple: Microsoft is evil and untrustworthy.
Unlike Visa or Mastercard.
Oh, both Visa and Mastercard are evil-- but they already own the financial world. This is just Microsoft's attempt to take over the financial world.
They need a source of recurring cash flow, which Visa and MC already have.
Microsoft is to software what Budweiser is to beer.
This seems like a good idea until you think of what would happen. I believe (correct me if I am wrong) that most handgun and nearly all rifle rounds would puncture holes in the cabin if they missed or went clean through their target. That means depressurization and death for all occupants. While I all for arming the public, this might be one of those few places projectile weapons should not be allowed. If everyone were carrying knives, however, that would be a good defense.
I need to get some sleep...
:-b
I read something about a Microsoft agents' personal privates...
Now my stomach is really upset...
I personally hate Passport. However, if a centralized system were done *correctly*, there are a couple of advantages.
You can use it from any PC. A "wallet" system is just too complicated for most users (it can be transported, but most users won't bother). Plus, if I'm not mistaken, Passport would work from any browser. Wallet systems (which I believe IE and Mozilla both have an implementation) work only on that browser, and on that PC unless you export.
On top of that, the Passport system is more automatic; get a Hotmail account and you have a Passport account. Use one of the participating online retailers and you have a passport account.
OTOH, if a "wallet" system were implemented that was cross-browser (if not cross-platform), and more easily transportable, maybe it would catch on. I would trust my data on my own machine long before I'd trust it on a bunch of NT boxes up in Redmond (or wherever)...
In either case, personally I prefer to judge everything on a site-by-site basis. I often use a different email address for each site, partly so I can track originators of SPAM lists and such... so neither method would work for me.
Also keep in mind that, if you use a "wallet" system and use the same information at each site, this information could just as easily be shared between sites, and compared/compiled to track your usage, though admittedly it would be more difficult/less likely than a centralized system.
NGWave - Fast Sound Editor for Windows
At OpenPrivacy, we are building a framework to separate who you are from what you do, so that you can contract with an agent (via a pseudonymous nym, so even the agent doesn't know who you are) to act as your "book recommender." This agent could be loaded with not only the books you're bought from Amazon, but also relevant magazine subscription, web sites, and, of course, books bought from other sources online or in meatspace. This agent would present this info to Amazon - perhaps via a Passport - as representing person X (or a demographic segment of size Y with Z tastes). After Amazon makes its recommendations and this information is returned to the user via an onion-routed delivery path, the user could go to Amazon and buy what they want. Or somewhere else, if Amazon won't play unless you have a Passport, which I doubt will happen.
The antidote for misuse of freedom of speech is more freedom of speech.
-- Molly Ivins
Decompression doesn't result in the deaths of all occupance and it is preferable to running into the ground, hitting the ground, or exploding mid flight. Certainly there should be arms on planes. We have seen the results of them flying without arms. The real question is whether you trust the common citizen or you believe that some elite should protect them. Personally, I believe in the common citizen.
Great question! We've been working on this solution for a year, and plan to go alpha this month. Basically, it's a privacy firewall and service platform that allows an ISP or other provider (whom you already trust and typically already knows all about you) to customize the content or services you get without your personal info flying all over the net. A sandbox approach even allows content providers to provide customization and policies for it.
http://www.netdestinysystems.com
Comment removed based on user account deletion
Unless the US shapes up it's privacy practices, a lot of US outfits will find themselves involved in foreign lawsuits.
-- Welcome to nowhere fast / nothing here ever lasts.
Our company has a notice up that specifically rejects passport users and directs them to a link that demonstrates the security flaws in it. The link is below on the info page for those intersted.
Don't think that a small group of dedicated individuals can't change the world. It's the only thing that ever has.
What's the point in encrypting your name? Or address? The only useful stuff to keep encrypted would be passwords to web sites. Possibly credit card numbers, if you're paranoid. Remember that to be really secure you'd have to protect this stash with a long and secure passphrase. If you worked in an office, you should not cache this passphrase, so you type it in each time. Is it really worthwhile?
Having a standard name for the fields and auto-fill is a good idea, but it will never happen in reality. Can you really see all an Italian web sites having visitor-book scripts with labels in english? A web site may start out as local but end up as global. I'm sure many do.
Opera has auto-completion of name, address, etc which I have found to be useful. I never put my email address in any app such as a newsreader or a browser, btw.
bLanark
Standards are great! There are so many to choose from!
Note to ACs: I won't mod you up, even if you are being funny or insightful. So take a chance! It's not real life!
A personal agent can store your profile data, and have an active implementation of your policy, possibly performing interaction with the owner.
The advantages are clear:
<SHAMELESS PLUG>
My employer Tryllian sells a platform that from the start was designed to deal with these issues.
</SHAMELESS PLUG>
I need a detailed answer, what's up with this lazy-ass 12-word answer? 8^
Six of that, half dozen of the other.Personally, I don't trust the common citizen as far as I could throw an aeroplane. These are the same people that voted Dubya in, after all.
I guess it would be rather easy to define an open and distributed authentication protocol that uses open encryption algorithms and protocols. Just use PGP/GPG or even SSH as the basis for the protocol.
I guess there might already be such software?
You could hold your "PassPouch" on a single client machine, but you could add a possibility to give a "PassPouch" to a centralized server. Then use a trivial negotiation. I guess it wouldn't take too many days (hours?) to implement a simple prototype.
Or use public key crypto the way PGP or SSH does, and simply give a public key to the sites that need authentication, and implement a trivial negotiation.
I guess the biggest problem is finding trusted servers for storing the pass pouches. The servers can also be hacked easily, in which case someone could steal your passpouch (which is useless without a password though) and then sniff your password. I think there might be some cryptographic solutions for this. In some earlier Slashdot article someone mentioned that computing in a hostile environment might be possible with some cryptographic solution. It might then be possible to run the authentication code in a secure virtual computer.
You could also have a number of different pouches for different tasks, if you want to have more security.
IANACE.
Edward Jung, former Microsoft bigwig, gave the keynote address at the Global Grid Forum in July. He explained quite enthusiastically that the key to success was to identify "hourglass configurations" [he never said "bottlenecks"], and that Passport [authentication services] was the key to Microsoft's strategy; as one operating system for the desktop drove the economics of the past two decades, so one global authentication service will drive the economics of pervasive computing.
The challenge presented is very clear. There's no reason that there should be only one authentication service, without others working together. But if you want to read his slides, you will need to use IE.
Other than a rant against Passport there is no info on what types of payments your company accepts.
Can I write you a personal check ? A merchant that accepts that for payment may not find out for up to a week whether the check is good due to the antiquated clearing system our banks use.
My Visa card with the chip gets docked in the smart card reader on my pc. I enter my PIN number and this opened a 30 second window for a secure transaction at Amazon. At least the merchant can match the account opened, originating location of pc, and PIN entered for the card to authenticate the transaction.
Ok, not quite but the similarities are there.
The Slashdot crowd wants to PROTECT valuable personal information that they LOSE almost all control over once they SELL (usually for extra services) them to a commercial entity .
The RIAA wants to PROTECT valuable songs that they LOSE almost all control over once they SELL them Joe Blow.
Both are looking at technology to solve a problem that is (as the movie and music industries have demonstrated) better solved through force of law.
O.k. so I maybe ingnorant but isn't html english based?
Trade Security for freedom? Wasn't it Ben Franklin who said you will end up with neither?
Do you really want a big brother world? The drug siezure laws seem like a really great idea until your kid throws a rock trhough a window in school and the government siezes your house without due process. Once you open the door and let them in, you can't get them out.
Germany in the 30's had some reforms that seemed OK at the time, but one thing let to another and another and somehow the atrocities were normal at the time.
For years airport security has been interested in stopping guns and busting a young person with a joint in a knapsack. Profiling terrorists? Then the CIA and the FBI and the ATF (and all of the other alpahbet agenties) might have to talk to each other! What if they were accountable? If someone is determined to do something, and they have time and money, they probably can. How many guns were used on the hijackings? They probably cut up a stewardess or 2 to get access to the flight crew, and then it was all over. Remember the word terror is in the word terrorist. Afraid to fly, the drive. Only 250 people were likked this year on airline flights, but 30,000 have been killed in cars, so whats safer?
Terrorists (and opressive governments) rely on clueless sheep, so hunker down and hope some one else will do something. That's what THEY are ounting on.