Slashdot Mirror
MS Sez Hailstorm To Play Nice With Others
Rocketboy writes "ZDNet has posted a story saying that Microsoft will not be the only repository of user information within Hailstorm. They claim that Hailstorm was intended all along to be a network of trusted repositories along the lines of all the banks that exchange information within their ATM networks. " One of the key points from Coursey's piece, IMHO, is "MICROSOFT SAID it does not know whether a central authority should be created to oversee the open-trust network it hopes these changes will help create. In an interview late yesterday, an executive working on the project said the company is open to an industry group--such as those already controlling Kerberos and other Internet technologies--taking the lead role if it becomes necessary. ." So, the central authority part is still being worked out - but regardless, this changes the framework of Hailstorm, if implemented.
that MS won't control all the data. They will just get every time you log in or access anything.
What if an idividual wants to become a respoistry for their own information and not trust it to a central place. That way I could carry the information with me knowing it is as secure as I want it to be.
[Please type your sig here.]
When will I be able to use my MS Passport login to login to Slashdot?
That way MS can post comments for me, and save me the time I spend thinking for myself.
Microsoft is just realizing that nobody will play with their new toys if their toys take away rights that we consider sacred. They have backed out of really bad ideas in the past when enough industry and pundit criticism was leveled against them. If they will again this time, that would be great, but content-free proclamations are meaningless. I trust these guys as far as I could throw a hundreds-of-billions-of-dollar-cap company.
...Microsoft may be the only company in the world with the skill and clout to pull it off...
...the public will fully accept the HailStorm concept and Microsoft as a trusted repository within five to 10 years...
..Initially, HailStorm will consist of a universal password and a service...
...If you are in a car accident, HailStorm could automatically send your medical history and insurance information to the hospital before the ambulance arrived...
...Microsoft officials acknowledged the company has been vulnerable to attacks and system failures...
...They're the most attacked infrastructure there is on the Internet, they're the No. 1 target for hackers...
It'll never work. There is no fucking way I'd trust anyone, let alone microsoft, with that sort, or quantity, of private information.
Everything but Z
There's a big difference between Microsoft (and whatever johnny-come-lately fabricated trustee companies that spring up) and banks. Banks have a culture wholly different from companies like Microsoft. I'm not saying they're divine or infallible, but simply that the way they look at the world and their responsibilities for information are shaped by years and years of living within a complex web of federal and state regulations, and of sitting on the "capital" of essentially unlimited public trust. They don't "think out of the box" about ways to use information they control. The comparison to ATM networks is therefore (in my opinion) structurally accurate but misleading.
Yes, this is MS, so they might only provide a WinXX client. Yes, this is MS, so they might require you to register your client with some central authority with the ability to 'audit' the server to make sure it's up to specs.
But it may also be as simple as having a client conform to certain specs (hopefully open), and that's it. Average Joe would probably never worry themselves with this, so they'd not lose that many customers in the first place.
But in the end, I think it's very important that Hailstorm cannot be a necessity for web sites and that there must be a manual entry level for data when it is needed.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
How about, "and we already saw how well they played along with Kerberos.."
you idiot troll
Intelligent Life on Earth
So will Hailstorm play nice with whatever the AOL collective is working on? Or will there be several authentication networks where you need an id on each to reach the full range of the Net.
Didn't this happen with early financial systems too? I have logos for a number of money-transfer networks on the back of my ATM card (though Interac is the only one that I recognize from actual use). I'm guessing they used to be incompatible...not on the same card.
When I'm worried about limited net access and content, I'm not talking about MSN and AOL being the only online properties...but what if the NYTimes or WSJ implement Hailstorm? And what if Sports Illustrated implements AOL's version (no question there, since it's part of the Time Warner family).
And how will the inevitable open-source clone work? Will people try to co-opt Hailstorm, or turn away since it's MS? (my crystal ball predicts both, in two different projects)
cheers,
cz
I've seen the "We're not sure where this is headed, we're making it up as we go along" rap from these guys before.
It's hard for me to believe that it's true that Microsoft is "betting the farm" on their Hailstorm strategy but at the same time they haven't taken the time to develop a roadmap for its deployment and maintenance.
It's too important to them and they have too many resources devoted to it for there not to be a plan. Given that, it makes me nervous that they don't seem to be willing to share the details of that plan. That seems to indicate that they are pretty sure we won't like it.
The best protection is to insist on open, documented interfaces to all of the components of this technology. We need to make sure that the rest of the industry remains free to develop their own components of the Hailstorm/.Net architecture with the assurance that they will interoperate. The problem is, it would take a lot of cooperation for the industry to reject any offering that doesn't meet these requirements.
So why don't just beef up the bank's infrastructure including online password and a few extra properties and be done with it?
So now there will be more targets for a potential hacker to choose from. It's not enough that Microsoft would store the data, someone with a dubious security trackrecord. Now we have an untold number of other places that can be attacked. Why doesn't anyone realise that the only safe way to do this is to store the data on secured, portable hardware that can be taken with the owner of the information?
THIS SPACE FOR RENT
I already voted with my billfold and my feet. Microsoft products are, like the company itself and poster codeforprofit2, totally irrelevant.
What happens when some terrorist decides to take out one of these central repositories. Please don't say it's not possible, after what happened last week anything is possible.
Just bring it on, ignore all facts, just bash, bash, bash!
How about instead, we pay attention to all the facts, and then bash, bash bash!
------
Bill Gates is my shepard.
I shall not want.
He maketh me to lie down and pay more green.
He leadeth me beside still blue screens.
He rebooteth my system.
He leads me along the path where he wants me to go today, for his own sake.
Yea, though I walk through the shadow of the valley of silicon,
I will fear no innovation.
For thou art with me.
Thy monopoly and thy lawyers they comfort me.
Thou preparest a preannounced major upgrade before me in the presence of thy competitors.
Thou annointest my head with service packs and hot patches.
My hard drive runneth over.
Surely crashes and high prices will follow me all the days of my life,
and I shall dwell under the control of Microsoft forever.
Those who would give up liberty in exchange for security and DRM should switch to Microsoft Palladium!
I am pleased to see that perhaps one day in the near future, companies might cooperate to give us something we need. Regardless of their motivation, perhaps they should get a gold star next to their name for playing well with others.
Placing information anywhere outside of your physical control implies either a great deal of trust, or stupidity. With a financially disinterested party keeping an eye on the individual trusted federation members I think that we may soon be able to trust our personal information, which many value greater than their money, with the same level of assurance as depositing our paychecks. I think that this brings up 2 questions:
[1] whether usage fees ala not-my-bank's ATM might be forthcoming...
[2] Would we be able to make a withdrawl of our information and trust that it is completely removed from their computing environment? With regular backups and cache-systems, it seems rather difficult to expect not leaving behind some residual trace...
What do you think?
Is enough know about Hailstorm and Passport to know if they are architecturally capable of the security we desire?
Plus I see mention of "The Industry Standard Kerberos 5" in the article. Of course MS Kerberos follows Kerberos 5 standards, just in a way that doesn't play with anyone else. So do we get Real Kerberos 5, or MS Kerberos here?
What are the requirements for joining the "Trust Federation"? Who defines the requirements? Who can cast the blackball?
The living have better things to do than to continue hating the dead.
Really guys - what if Microsoft is learning from the beating they're taking from Linux, and really want to play nice? Instead of loosing the rockets at them, maybe we should put aside our mistrust of the Redmond gang - ever so slightly - and take a serious look at working with them.
This is the type of thing that users want - one password, and thier relevant information attached to that password. I have most of my users saying "Why do all these systems need a different password? Can't you computer guys get together?" IOW, they want convenience and simplification. Since Microsoft is going to do this anyway, assisting them will get us in the loop, as it were. Besides keeping "the enemy" closer, it can also have some benefical side effects:
1. It will show Microsoft that when we say "Open", we mean Open for anyone, including Satan himself.
2. It will also show them that Open Standards benefit everyone from the end user to the programmer writing APIs. They are better for business than anything propietary.
3. Things work better with a community attitude. Maybe it will change Microsofts bastille mentality for the better.
4. We can make sure that this is done properly - no backdoors, no worms, and as much security as possible.
If we just slam the door on them, instead of giving an open invitaion to work with all computer users, designers and programmers, we will just fortify thier distaste for Open Source and perpetuate the silly feud that's been going on for years.
Executive Summary: Look at thier proposal seriously instead of just dismissing it out of hand, putz.
Soko
"Depression is merely anger without enthusiasm." - Anonymous
I think you can infer that Microsoft is really acknowledging that they have big ole security holes in their products. When they say they will open up the Hailstorm services (oops, i mean what Microsoft "meant to do all along") it really means, "well we know some hacker is going to break in and publish all the information anyways, so its not really a 'secure' means of keeping this information. oh and, can you find some other people to run it for us so we arent liable?"
.Net!"
spike
"help help! i'm all tangled up in the
an executive working on the project said the company is open to an industry group--such as those already controlling Kerberos
And I wonder if they would treat it the way they treated the Kerberos oversight group? You know, that "Hey decide whatever you want, but we're doing it our way. Ain't market-share wonderful?" way.
'Life is like a spoonful of Drain-O, it feels good on the way down but leaves you feeling hollow inside'
Microsoft vulnerabilities (aka "innovations") are responsible for every worm/virus we've seen in the past few months: Code Red, Code Blue, SirCam, Apost, and Nimda. Why aren't they under any fire from the media, watchdog groups, or the general public?!?
But before we go there - let us first join hands in praise to tell MS that this is a right step in that direction. There are lots of responses we could take, and LISTEN UP: We don't have to jump into anything. We all have to compromise to reach a solution, but we shouldn't have to bet the farm on this. The compromise can take various forms.
So what is the issue? The question concerns technical issues of the Hailstorm protocol. It is not just about who is in control.
In other words, let us take the "white paper" approach. Can MS do that? One that allows us to review and alllow the security experts to scrutinize the technical details and design of the whole setup? If MS can take this step, then I should like to say that would remove most of the security concerns of Hailstorm.
And for that debate, I would like to ask the first question. What is the point of Hailstorm? How is Hailstorm different from say, the Mozilla Personal Security Manager, wherein, the user stores his data on his computer, and has simplified but yet customizable controls as to who receives what data?
Secondly, isn't aggregating these data a security flaw itself? Remember that security is not one issue itself, but encompasses issues of authentication, identity, integrity and all that. Given this setup, itn't the chance of idenity theft greater? Part of the security of setup we have is that no one single company knows everything about an arbitrary person. They may know your credit card n umber and hence your financial records, but they may not know your hair color. Meanwhile, some government agency may have your bloodtype, but they don't have your financial information. Isn't Passport a step in the wrong direction, in such a case?
More of my banking done through something designed by microsoft, now that's a scary thought
my 2 cents plus 2 more
But if Microsoft is going to charge for the service, how does that work?
Whatever happened to the widespeard notion of giving every person (affordable) digital certificates on a smartcard, and putting a smartcard reader in every machine?
There's already a chain of trust established that no-one seems to have a problem with these days, just like we don't have problems with trusting banks with our money, and there's the key that identifies me uniquely and PROVES that I am who I say I am.
Also, this way I can install some software on my machine to manage my own information, and set the levels of sharing I wish to enable for sites and services.
For sites/services that require additional information, I can then choose to share or hide that information.
The way I see it, everyone's just sort of sitting around like a tree-huggin' hippy, waiting for Microsoft to roll this out, and then bitching and moaning about it. I have to admire Microsoft, not for the way they are going about their strategies, but rather that they have strategies and have the guts to stake some or all of their business on those strategies. I unfortunately do not see nearly the same level of risk being played by other companies, e.g. for Sun's Java ONE technology, which is meant to be a direct competitor. And neither do I see anybody else making nearly as much use of their corporate PR machines.
Anyway, the main point here is using existing technology: Digital Certificates. make them cheap, put them everywhere, and you don't have to rely on a Microsoft-provided service.
I'm sure even Linux users would be happy with that.
We can have Al Gore be the repository for the information. He will keep it safe in a lockbox!
In case of fire, do not use elevator. Use water!
The whole point of a central repository for this sort of information is for the benefit the the site you are trying to access, so that they can verify from some trusted source that you are who you say you are. Anyone can set up their own repository and say that they are someone else. However, if the site can go to some trusted source (either Microsoft, or a large bank, or whatever), then they can be certain that you are who they think you are, and have permission to use credit card numbers or access confidential information or perform transactions, etc...
The benefit to the customer is not trust, but the "convenience" of a single login, and not having to remember a fistful of different username/password pairs for all the sites they deal with.
Your Servant, B. Baggins
Maybe I missed the whole point, but...
:)
I am not that interested. I'm fully content with remembering a few passwords, entering my email where necessary and so forth. So what interests me the absolute most is, will this Ban me from places if I decide not to play along? Or can I access stuff anyways, but I'll have to enter my credentials myself (like I do today)?
The only secure place I need and want is my bank, and they have a nifty little code generator that protects my account, and I can do all the basic stuff that way.
What do I gain from this? What do I lose? What do I lose if I don't participate?
Please help a guy that needs to do some more reading up.
ugh...
Your Servant, B. Baggins
Is it really necessary to use words like "Sez" in the story title?
It's "News for Nerds", not "Newz 4 Nurdz"
Tales from behind the Lagom Curtain
Micro$erf Trolls -- the more I hear/read their thoughts, the more I disklike them. I've noticed a common attribute among them all: they typically have *NOT* used anything other than Micro$oft junk.
Microsoft has yet to sign any of the major players to join its trust federation
.net services and who doesn't. This BS about " These two changes--which Microsoft says aren't changes at all, but rather a clarification of what the company planned to do all along" is utter crap. Had this been what they've been planning all along, they would've made this "clarification" a long time ago. I'm going to bet that you'd better buy a copy of Win2K to run services and pay dearly for it!!! MS should be stopped, really stopped. They OWN our government, and are doing everything they can to confuse issues and LOOK like they're playing nice.
in some form or another, MS will decide who gets to run
just format your drive now and install Linux, you'l be glad you did. Don't give those MS MF'ers a cent of your cash.
I wouldn't put the terrorist attacks past MS as a way to downplay the ongoing monopoly proceedings.
"The Most Fun Possible on 4 wheels" is at SunBuggy in Las Vegas
that's what in it for you. hailstorm is essentially a platform to host components (like EJBs). passport makes it possible for components in hailstorm to exchange exposed data so that they can interoperate.
an example. if your bank uses hailstorm and you authenticate with passport and amazon.com uses hailstorm and passport authentication - you would be able to (once your've authenticated with passport) just click buy and amazon's components could invoke components on your bank with your passport id and say "give me the money now".
i know you can save your profile and everything on amazon and so you may still ask "so what's in it for me". that was just the first example that came to mind and if you can see the advantages of such an interoperative infrastructure then here.
and, yes, there are probably risks and stuff involved but lets let it evolve and give it a chance.
If the same information is stored in several different servers, doesn't that just provide more points of failure?
It seems to me that either everyone should either keep their information independently (the current system), which results in data replication, not to mention countless points of failure...
or...
Have one person keep this information... but it seems like that isn't such a popular thing here.
Captain_Frisk
I'm sorry, but all I see in this 'news' is Microsoft's spin doctors working overtime to try to defuse opposition.
"On the Internet, this means that an AOL or Yahoo login could someday be just as valid for accessing Microsoft's MSN..."
Or they may never be valid at all.
"the company is open to an industry group...taking the lead role if it becomes necessary."
Not that they're going to allow it, they're just willing to discuss it right now.
"As the story develops and more questions are asked, some of this may change, but at a high level this appears to be Microsoft responding to critics."
Nothing in this article is necessarily true, but rest assured that Microsoft is doing its best to convince you to trust them.
"Microsoft has yet to sign any of the major players to join its trust federation, although talks are supposed to be underway. If companies like AOL see this as a valid attempt to make the handling of user security and personal information into new Internet standards, they might join. Or they might abstain simply to try to gain some competitive leverage over Microsoft."
If none of this ever happens and Microsoft retains its lock on user info, blame AOL.
>I wouldn't put the terrorist attacks past MS as a way to downplay the ongoing monopoly proceedings.
r y-teenager name. well done, you are really helping to spread the word.
oh. i can't believe that statement! that's the sort of rant that gives linux an evil-geek-virus-writing-socialist-spotty-nerd-ang
This changes nothing in regards to Hailstorm. It only changes some people's incorrect perceptions of it. Hailstorm, and the entire .NET framework itself, is extensible by any third party, and always has been. It is simply unfortunate that people are so reactionary whenever Microsoft proposes anything.
.NET plugin for hailstorm using the documented interface, and then the system will use your authentication method rather than some other (like Passport).
.NET previously.
If you want to provide authentication via non-Microsoft means, write a
I just want to emphasise that this is only surprise news for those who failed to take the time to understand Hailstorm and
Natural != (nontoxic || beneficial)
Good question. I think that MS should release a PR to developers regarding the planned Kerberos implementation, since in the past "open Kerberos" ment open to all who used their implementation of it!
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
Would that be the same Microsoft that "Embraced" and "Extended" Kerberos, despite there being an industry-wide controlling organization?
Sure, create a Hailstorm standards organization all nice and proper. Just as long as they answer to Microsoft (and don't dare compete with them.)
I'm just baffled by this. Hail Storms can wreak desctruction across a wide area. So to MSFT's HailStorm will wreak desctruction. How can a company long known for security lapses, breaches, negligence ever be trusted with significant data?
if you do trust them, you'll end up getting pounded when the storm hits.
But no worries for me, as they won't have any of my data.
Why not build a trusted network on a free platform (Askemos). There should always be a choice.
I cannot believe they mention kerberos after their
b er os/10954
effort to put proprietary, non interoperable data
in the kerberos protocol. Not only that, but the
fact that they rejected efforts (at least for
6 months to a year) by the kerberos standard
bearers at MIT to to keep the specification
interoperable.
They actually offered to work with microsoft to
accomodate extensions to the protocol and Microsoft wouldn't have it.
Take a look at this post from Ted Ts'o in 1997:
http://diswww.mit.edu:8008/menelaus.mit.edu/ker
Do you really think Microsoft has changed, especially now that they have the government on
their side?
-Dave
... if we can store any personal data, how much pr0n can their servers hold? What - can't put that much in one account? Just open up another one - we can script that...
On second thoughts, if they're thinking of folks dumping their MS Turd docs in there, they must be thinking of a lot of space.
This sig made only from recycled ASCII
These two changes--which Microsoft says aren't changes at all, but rather a clarification of what the company planned to do all along
- The article
"History has stopped. Nothing exists except an endless present in which the Party is always right. I know, or course, that the past is falsified, but it would never be possible for me to prove it, even when I did the falsification myself. After the thing is done, no evidence ever remains. The only evidence is inside my own mind, and I don't know with any certainty that any other human being shares my memories"
- Orwell "1984"
Yeah! Give me more dollarsighns in Micro$oft, more more more!
Those Klingon bastards killed my son. </kirk>
They would say anything.
I don't think it wise to trust them.
Ultimately, people within Microsoft must understand that they don't have the skills within their organization to run something this important all by themselves. Look at the last two years:
The first two items would have disabled their whole service. The third just shows that they don't have the competence required to run such an important service. They need to not only have a network of repositories, they need to gracefully bow out of being part of that network.
Michael
Do you have ESP?
?!?!?!? This makes no sense. Doesn't everyone realize that it's much more secure to use different passwords on every thing you do? So in other words, if someone cracks one of your password (assuming you only have one) then they have access to all of your data. This doesn't seem like a very safe idea to me.
stephen
http://www.microsoft.com/presspass/features/2001/s ep01/09-20passport.asp
A speech...
But I suspect that as events unfold it will be found that an impartial central authority will hold us back from getting the full user experience of MS Innovation.
Certainly it has been the case that standard Kerberos was found "insufficient" for Active Directory and required "improvement".
Don't get me wrong. I'm not saying that standards are never in need of improvement. I'm just saying that I don't want the improved standard to be controlled by an entity with other interests. Interests that can conflict with the kind of impartiality and pure technical focus that such standards control deserves.
"Provided by the management for your protection."
Yeah, thats the spirit! Bash!
i suspect they'll want to check your serial numbers and what browser you're using and what office suite you're using...
Na, what good do facts do. Just keep on bashing!
(Warning: if the following post turns out to be nonsense, please forgive me.)
.NET..
Let's say that 2002 comes, and hailstorm becomes something that has a point (beyond ensuring Microsoft gets to have SOMETHING installed by default in WinXP that they can charge a monthly fee for and that the average user won't be able to figure out how to turn off), and GNUStorm 0.6 or whatever gets written, and i install it on my Mac OS X box in my dorm and register my dormroom computer as my authentication authority.
How much flexibility will this hypothetical GNUStorm server have? Is the hailstorm protocol such that if i was running an authentication server, i could flexibly determine exactly what information and when that a given site is given about me? In what way? Oh, hell, is there ANY POINT AT ALL to hailstorm besides not having to type in your personal information/preferred password to every website, and making sure you don't make up 90% of the information you put on webforms? Is there ANYTHING hailstorm does that a web browser with a good autocomplete feature doesn't do?
And if i *could* limit who gets what information, would there be any point, since the sites will all be using the same backhanded information-sharing tactics they use now? If i use hailstorm once to sign onto MSN messenger, and i decide not to let microsoft.com's hailstorm server have any information besides the username and password they use to authenticate, couldn't they just contact some site that they partially own and that shipped me something once, say "hey, what do you have on this username", and get a full readout of my name, address, etc..? Umm.. i'm pretty sure that that last sentence doesn't make a whole lot of sense, but you get what i mean.. right?
If i am misunderstanding what Hailstorm is, i apologize, and request that someone more informed can set me straight. You'll have to excuse me, Microsoft seems to be working very hard to make sure everyone is as misinformed as they could possibly be as to the nature of
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
A bin-Laden spokesperson stated, "We've long seen bin-Laden Enterprises as a leader in the area of airport security and air-traffic control. We can sent those babies wherever we want to. But we're good guys - we just want to help people get to where they should go."
The spokesperson refused requests for further details. "This isn't really the time now. I'm sure we can work out the details over time, so we can help bring U.S. air travel, and the U.S. economy, to where it ought to be."
Cooperation is essential, the spokesperson emphasized. "We'll gladly work with whoever wants to cooperate with us. However, if we have to, we will go it alone."
So far, there is no response from the U.S. government.
I've always thought that Hailstorm/Passport type transactions should be heavily regulated-- banks are, insurance companies are, --why trust an electronic transaction provider (oh boy new acronym ETP) to do the right thing without regulation?
This fits in quite well with the idea of controlling Microsoft's monopolistic behavior -- except there isn't any regulatory body...
oh well, that's a minor detail.
Forget Hailstorm/Passport. Use XNS (http://xns.org) instead.
Rejected, resent, whatever..
<BR>
<BR>We don't want this! And Microsoft <B><I>KNOWS</I></B> we don't want it. Their entire marketing stategy depends entirely on their ability to brainwash dim witted Americans and this still Amazes me after all of these years.
<BR>
<BR>They have enough power now controling the most widely used desktop OS for consumers, just imagine if they had control of our information, our banks, government websites.. They want all of this, and they'll stop of nothing to get it. They're starting it right now with all of the new stuff in XP, they slowly slip in new evil code and introduce it so you're not immediatly repused.
<BR>
<BR>Look at Internet Explorer for example. I've used this for 5 years (until recently as Mozilla build have greatly improved) and I've always wondered why the hell when I type something stupid it forwarded me so some asp on msn.com. I would have loved to edit that out of the registry just because it has that potential to become MSEvil 1.0 but I never could find it. (I don't believe it's in the registry, it appears to be hard coded into IE, don't take my word on it though) About two weeks ago when I typed something stupid it reports it to MSN and tells me what I most likely wanted and does a MSN search. I'm not running MSN Explorer (hell no!), I thought I was running just plain old Internet Explorer but it appears I can't run that anymore..
<BR>
<BR>Luckily Mozilla is really becoming a well rounded peice of software now so this doesn't pose a problem. This doesn't always work though. I'm still running Outlook and I'm a bit afriad of what they have hidden (laying dormat) in there. I really havn't found anything as an alternative yet that can handle the amount of email I receive daily. (around 300+ messages, most of which I need to save and archive) So, until then, who know if I'm being watched, I don't know whats in that source anymore than the other guy..
<BR>
<BR>I appoligize for the long message, however I feel this rant was well founded after years of enduring Microsoft software. Linux is calling, and I mean REALLY calling, I use it through SSH all day, but I still don't have the software I need to all me to move altogether.
<BR>
<BR>-Mitti
The article says that MS is looking to work with AOL on this. Oh, joy.
It also quotes MS as saying: Of course, I'm sure we can all guess which version of Kerberos they'll be using...anyone remember this hoopla? Just a few weeks after Java was announced MS swore up and down to anyone who would listen that they would make activex open. 5 years later, .... ???
3 30 3,00.html
http://news.cnet.com/news/0,10000,0-1003-200-31
MS open?
Look, is MS has all passwords/credentials where do you think the concentration of firepower will be? hmmmmm...
Running a version of Kerberos on the Internet makes sense for some applications, perhaps e-commerce; as long as the people running the authentication servers are competent about reliability and security, and those people must be trustworthy, and not have conflicts of inerest over privacy.
Microsoft should be nowhere near those servers.
Mo$t Intelligent Cu$tomer$ Reali$e Our $oftware Only Fool$ Teenager$
... is that enough for ya bunkie?