Slashdot Mirror
Sun Announces Passport Competitor
mjankows writes: "Sun, and other people today announced the Liberty Alliance Project. Definitely an answer to passport/hailstorm. Maybe Mono/DotGNU can benefit/assist/use/help this..." Yay, yet another way to be tracked on the Internet.
We have to trust Ellison OR Gates?
Wow, what a choice.
Je t'aime Stéphanie
Two versions of software that no one wants to use! Thank god for competition!
get over it!
When does the obsession with privacy stop becoming an adjunct to civilized living and start becoming an excuse to do as you damn well please and not be held accountable for it?
Honorary Member of Jackie Chan's Kung Fu Process Servers
Even if I do appreciate Sun's resistance to Microsoft's monopoly, I just can't stand when people consider them as our saviours.
They're just another company and I am not sure their interest in this solution is not also leaded by rentability's sake.
Trolling using another account since 2005.
Good lord, will they be running this out of the Office of Free Thought over at the Ministry of Truth?
This is not to say that this will be terrible, since I guess any sort of aggregation of information will have problems...but cmon...
Best. Comment. Ever. Enjoy!
It looks like Microsoft wants to join as well, so it might not actually be a Passport "competitor".
From the article: "Microsoft Corp., which said last week it would expand its own Passport Net identification system to other enterprises, is in talks to join the alliance."
Just one big corporation competing with another VERY big one.
No matter what they tend to make us believe, I am not inclined to agree that this would make net a safer place.
And with MS allowing third parties to provide similar passport services to hook up with theirs, this could only be construed as another effort from Sun to hide the fact that they were late in realising the advantages of passport and webservices, and also to put a veil over the open source community making them blindly believe that we should support these guys instead of M$ because this is more "OPEN".
I am not flaming.. I just dont see the point.
Rapid Nirvana
One of the major points for passport to even think that it will be successful is that it works on hotmail.
Will any other system, which does not have such a mass base, ever be successful ?
Microsoft recently announced that they plan to open up Hailstorm to the web at large, and allow different authentication "cells" to share Kerberos keys.
.com land) in the next couple quarters.
This tells me that they've decided that owning the authentication database (and associated user profile information) is not as valuable a proposition as having an open authentication network and getting a micro-cut of every monetary transaction that passes through it.
No doubt if Hailstorm takes hold, every third-party authentication is practically going to need to interoperate with it, and will just become an involuntary revenue generation service for Microsoft.
To this end, look for Microsoft's purchase of PayPal or some "leading" micropayment shop (perhaps from x.25 land if not
--CTH
--Got Lists? | Top 95 Star Wars Line
...Scott Mcneally is the CEO of Sun.
Sun, and other people today announced the Liberty Alliance Project
;)
In related news:
Sun has renamed their project 'Enduring Tracking Project'.
The change was made after the initial name -- ``Liberty Alliance Project'' -- last week ran into objections from some Linux scholars on grounds that only Open Source, or GNU, could mete out Liberty in their view.
(this is a joke. And it shows no respect to those of the FreeBSD or other open source licenses
"Can of worms? The can is open... the worms are everywhere."
From what I understand (and admittedly that is very little) the whole Passport/Hailstorm/Liberty stuff has to do with Authentication and Authorization. Kerbros is an open implementation of the first; is there open implementation of the second? If so, how hard would it be to "package" it into something similar? Am I missing something here? What does MS and Sun's implementations add above and beyone Kerbros + Other Thing (Tm)?
Ok, MS is going to implement Hailstorm, which nobody asked for, nor do they want, and they're going to shove it down our throats along with Passport and take away our privacy and security. So Sun's reasoning is if we have a choice of being screwed by Sun or MS, we'll choose Sun.
Well, I guess I probably would prefer getting screwed by somebody different now and then. Although I think I'd rather have a choice of "none of the above".
Hmmm, which service that I don't want will I choose...
The name "liberty alliance" and the domain "projectliberty" both imply that the goal is somehow connected with freedom.
The only freedom that I can see from this is the freedom of having yet another repository of my personal information. I can't imagine websites giving us the choice between "passport", "project liberty" or "anonymous consumer".
I read the FAQ and it doesn't mention anything much about how they are planning on divulging the contents of this "consumer database" to people. I can't imagine that they are all doing this for altruistic reasons, so I guess I'd rather avoid using it.
Z.
-- Under/Overrated is meta-moderation, and therefore is Redundant.
This, from the Libery Alliance FAQ:
Q: What are the objectives of the Liberty Alliance Project?
A: The Alliance has three main objectives. 1) To enable consumers and businesses to maintain personal information securely. 2) To provide a universal, open standard for single sign-on with decentralized authentication and open authorization from multiple providers. 3) To provide an open standard for network identity spanning all network-connected devices.
Q: Who are the members of the Liberty Alliance Project? A: Charter members include ActivCard, American Airlines, the Apache Software Foundation, Bank of America, Bell Canada Enterprises, Cingular Wireless, Cisco Systems, CollabNet, Dun and Bradstreet, eBay, Entrust, Fidelity Investments, Gemplus, GM, Global Crossing, i2, Intuit, Liberate Technologies, Nokia, NTT DoCoMo, OpenWave, O'Reilly and Associates, RealNetworks, RSA Security, Sabre, Schlumberger, Sony Corporation, Sprint, Sun Microsystems, Travelocity, United Airlines, Verisign, Vodafone and More.
...
So it seems it's more than just a Sun effort, and they claim it's not about another company holding onto everyone's personal info. The goal appears to be a method for single sign-on where each individual company maintains customer data relevant to its own business. They describe it as a decentralized, federated system built on an open standard.
Breakfast served all day!
I believe that we need to have a competitor for Passport. Well, that is nothing new. I would highly appreciate if Project Liberty has the guts to build private credentials (you might want to look here for more Info by Adam Shostack). This would be THE alternative for specialized identification (you have to be of legal age to see this page, you have to be Mr. Smith to view your taxes, ...). We need identification, but it needs to be untraceable and there must be no way to collect and combine information.
And with the insanely powerful Starcat server talked about yesterday (blatant plug for a story I submitted that was actually accepted), Sun can track everyone anytime, anywhere, for the rest of eternity.
What does everyone have to hide?
If we were all moral people (including the companies that are monitoring us) privacy wouldn't be such a big deal.
Prove me wrong.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
I agree that the passpord paradigm gives you a single point of failure. But whereas you may have smaller subsets of your personal information spread out on other sites, i.e., user name and password, maybe first name and last name, but maybe not *all* of your information, like personal banking, stocks trading account informations, home address, work address, phone, fax, cell phone addresses.
Say someone breaks into a site on which you only stored basic username/password and first/last name information, it's OK, it's not that a big deal, inconvenient, but not the end of the world.
NOW, say someone DOES break into that *single* point of failure you are mentioning, chances are they'll have access to users' *ENTIRE LIFE*. And looking at microsoft's track record of keeping systems secure with their close-source, I wouldn't trust them the least bit. CodeRed. Nimda.
Now Sun's approach may be slightly more secure, and if the open-source community does get involved, it could mature far faster than microsoft's product.
As far as *I* am concerned, though the idea of only having to maintain your information at a single location seems very appealing, I think I still want to go thru the discomfort of having to enter personal information at every site I shop at.
Extraordinary Vacations. Exceptional Prices
Then, assuming that other companies do begin to use Passport at a significant level (despite no one using it after months of its deployment), there then becomes the question "What happens when Microsoft denies companies access to passport authentication?" For example, what happens if a Hotmail competitor wishes to use Passport authentication for its web mail login? Clearly, Microsoft would be helping their competitor if they allowed it, and acting monopolistically if they don't. That does provide a small problem for Microsoft.
Third is something that the article points out very early on about the very reason people need something like passport. To paraphrase, the article states that people dislike the idea of their online grocery store having access to their online stock trading when they use the same password. This problem doesn't go away with Passport, it is just enhanced. Now, instead of your grocery store having access to your stocks, Microsoft has access to both your grocery store and your stocks, without doing anything but being a middle man authenticator.
But what am I saying? Microsoft is the good guy, who would never abuse its power. That's why its okay for Microsoft to use its powers to "innovate," just like its okay for the US to develop defensive systems that give it the power to launch nuclear weapons without fear of retaliation.
Definitely an answer to passport/hailstorm
A competitor maybe... I don't like the idea of having a single entity keep track of my usage online (even if it has chivalrous reasons for doing so like making my life easier). Just because this is not Microsoft doing this doesn't necessarily mean that I should like the idea/technology any better.
"My mother never saw the irony in calling me a son-of-a-bitch." - Jack Nicholson
Yay, yet another way to be tracked on the Internet.
Well, as I read this article there is yet another person who can complain but doesn't contribute. So in the Open Source philosophy, I have a question for everyone:
What do you want to see in a centralized authentication system that you would use and trust?
For example, would you like it to be overseen by the government, a company, a board of individuals or someone or something else? Should it be Open Source to allow for improvements, or closed source to deter cracking?
I feel rather that simply complain about how terrible this and Hailstorm are, we should discuss what should be in a centralized authentication system we would use and trust.
This looks much better then .net. Besides the obvious "it isn't built my microsoft," having companies like RSA and both of the major airlines on board, as well as my bank of choice (BofA) makes me much more less suspicious of this initiative. I mean, I already store basically all my information with my bank, and if they want to tell me it is secure ( along with RSA) , I'll probably beleive them. I won't beleive M$.
Definitely an answer to passport/hailstorm.
And that answer is: "Me too!!!!"
if you mean security through obscurity, that is more an invitation for black hat cracking by far than an open source security system. i think we've all seen how well security through obscurity works, and i for one do not want my identity published^H^H^H^H^H^H^H protected by such means.
-samThe REAL sam_at_caveman_dot_org is user ID 13833.
Three columns: website, login, password. You maintain it. You control it. You decide who sees it. Or you give someone else the ability to maintain, control, and see it.
microsoft - we put the ass in passport
sun, err, uh, puts the bert in liberty alliance?
Doesn't an open alternative to Passport already exist at www.xns.org? I'm familiar with what they're trying to do, but not why they haven't really gained much traction (besides a mention in the economist.)
Anyone know enough to compare the two?
I thought that the choice of "Liberty" was interesting. What's the opposite of liberty - death?
Marriage?
So this is basically a case of the Death Star vs the Borg, right? I think I saw a fan CG animation of this somewhere.
www.lucernesys.comHorizon: Calendar-based personal finance
That means that troublemakers need steal but one piece of information and they can thence ruin me totally. No thanks. Common sense says "Don't put all your eggs in one basket." No way. Bad idea. Risk > benefit.
a distributed lookup service which could hold information defined by schemas written in XML. The first application was/is personal info. It's been around for a couple years, and has a public trust organization defining the community, hopefully alleviating people's worries of one company taking over. So what's happened to it? I guess it doesn't have the backing of sun or ms :)
the underlying software will be open source, although I don't think most of it is written yet. The only current implementation of the server is done by the closed source company who's idea this all was, onename.
And for those of you mac old-timers, the head of the public trust organization is Adam Engst!
When Scott mentions that "You have zero privacy anyway," He's not talking about how he has planned to take away your privacy in the future with his nefarious schemes. He's making an observation about the here and now.
Currently most people recieve the bulk of their information in little paper wrappers that are then placed in unlocked tin boxes that sit in front of the place they live waiting to be picked up when said people come home from work...or by somebody else before they come home...
Currently most people make purchases over the phone, using the 16 digits on the front of their credit card and 4 more digits for the expiration date...and nothing else...these numbers are then processed by another person, a person who doesn't earn alot of money most likely, and who even more likely doesn't like their job or care anything about the person giving them 20 digits and an order to place...
The idea that your information and transactions are currently secure and computers will only make them insecure is a false notion. It's only a matter of time before somebody get's the idea of breaking laws that for the most part are unenforcable, or deciding their job isn't worth keeping to do something that jeopordizes your privacy. Wouldn't you at least like their to be some hurdles and tracking in the way to protect you? You currently have zero privacy anyway, get over it. This is progress, and wouldn't you like your progress open and not controlled by just one entity?
What reasons do I have to not trust Microsoft? When have they ever used customer information with customer approval? When have they ever violated my privacy?
.NET Services (new name for Hailstorm). If not, they won't.
Their registration is optional. Their activation system was designed with privacy explicitly in mind.
Seems to me that Microsoft has done a great deal to ensure their customer's privacy. I haven't heard a single example of them not doing so.
As far as I can tell, there is no good reason to not trust Microsoft other than the classic big-brother "they COULD do something bad" argument, or that stupid slippery sloap crap people always talk about.
The fact is, it should be up to consumers as to whether or not Passport is a good thing. Are they willing to take the "risk" of storing their information in a central location for the benefits of My
So get over it people. If you don't trust Microsoft, ask yourself these question: Do you trust your bank? Do you trust your HMO? Do you trust your insurance company? Do you trust your credit card company?
The answers to all of these is probably, at the very least, partial trust. You are willing to give up some information and some privacy for services or goods. The same will be true of these services.
Can the OSS community come up with a competitor to both of these systems using an approach like Napster - a central server everyone connects to? Then the systems actually involved in the transaction of data talk directly to each other, just like Napster. The difference being one of the systems is YOUR cache of data that YOU maintain on YOUR server (or on a Geocities account or something).
You would have the benefit of it being accessible from anywhere, could interoperate with Passport or Liberty Alliance, give neither Sun nor Microsoft direct access to your data, keep you in control of your own data, etc.
The "system" on your end could be as simple as a servlet or jsp accessible only via SSL, keeping your private data securely encrypted until needed. As an extra precaution, the data sent back could be encrypted using the Public key of the system requesting it (for the paranoid). Perhaps one-use passwords for access, so keeping the password given to a particular company doesn't gain them anything?
The only way I see any way to preserve privacy is to keep the data off of central servers. Can something like that be implemented under either Passport or LA now?
I will happily use a single sign-on service.
I'd rather it was distributed in some way, and my favourite method would be to do it through the governments (my government is more answerable than pretty much any company), but if its a large company offering it to me, I'll take it, and hope that public pressure and oversight will force it to play half-reasonable.
My Journal
I'm still a bit confused what exactly does this (and presumably passport) offer me? So I can store all my data at one location? OK why don't we use my PC as that? True I'll have to take a copy to my work pc too, but that's easy enough. Why do I want some company keeping this? Rule 1 is not to give my password to others. Why give it to some company? Personally I like mozilla's feature for storing my passwords, and form info if I want. Now that would be cool. If all the websites out there had a standard form for filling in address, credit card, so it's recognized by a browser at all times. That'd be nice. And I could control where my info is stored/give to.
-cpd
I don't know, I guess it just makes me nervous when the ratio of number of companies involved to lines of code written is so high. The effort might be a good thing, if it actually becomes real, though. I'm guessing that Brian Behlendorf had something to do with this - he was talking about the need for open standards for single sign on at LinuxWorld.
...the most clueless fucking wannabe that ever laid a cum stained thumb on the spacebar of a PC?
Don't do that. It's rude.
Yay, yet another way to be tracked on the Internet
Well, a tool such as Passport or LAP can be used to track users, that's true. No one said tools cannot be misused. But remember: Programs don't track people, marketdroids do.
The keyword here is convenience. The only way of protecting our information on the Internet is through encryption. Which implies passwords and key management. Something that 99% of users are not willing to do.
Unfortunately, this unwillingness to use the Net securely affects all of us. Cool products and services that could be available today are not offered because of lack of good security models. If they are offered at all, they are either too cumbersome to use, or rely on such simplistic security that they cannot be trusted (Hotmail anyone?)
This is an old problem. An analog is the credit card industry. Even if you carefully protect your credit card info, you're still paying for all the people who get their CC number and expiry date stolen. CC companies past the cost to all of us clients.
So we need ease of use for security products, or they won't get used. If LAP can spread the use of a safe, easy-to-use, one-time Internet-wide authentication, then it's welcome.
Did anyone notice that French company Gemplus is among the LAP supporters? This company provides smart cards. Several projects touting smart cards for web authentication have already been proposed. Maybe we'll see a new, more successful approach this time. It's certainly easier to carry a smart card and enter a 4-digit PIN than to remember and type 20 different passwords.
I am not saying that this new LAP initiative is going to solve all authentication and privacy problems. But these problems are real and need to be addressed. It doesn't boil down just to marketdroid tracking us.
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
By grouping together enough content partners into one system, it will be impossible for consumers to avoid becoming enrolled. At that point, rights management will be effectively tracked through one authorization hierarchy.
That said, you have no privacy right now, so lamenting it is rather pointless.
No big deal really. We know how this story ends, with a mark on the head and hand without wich you may buy or sell. Kind of silly to think of paperless currency and universal ID's isn't it? Bill Gates is not the Beast, as the only language he ever mastered besides English was Basic.
Friends don't help friends install M$ junk.
But Microsoft isn't going to get anywhere with Sun. Their terms are way to radical... "Get rid of AOL, Netscape, and Solaris" We don't have to worry, it's NOT going to happen. Microsoft is a terrible ally.
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
This is an insightful article which compares the Liberty Alliance vs. Passport over on ZDNet. There's also a commentary as well.
Don't mind me, just doing a little karma whoring.
https://www.eff.org/https-everywhere
I looked through the WWW site for this initiative, but I found no implementation details.
If done correctly, this has the potential to be a very good thing for all involved. But, there are some key criteria that it needs to meet before I would use it. A few that come to mind are:
- The user must have 100% control of their personal data & what can be redistributed?
- Any changes of policy, or distribution of data must require user approval (opt-in), nothing should be done without the user's consent.
- In the "distributed authentication" model, I would want my data stored by an entity I trust. Such as, a non-profit consumer advocacy group.
- The security around storage of my information must be rock solid.
- The protocols used for passing authentication to applications must be secure. The services using the authentication must not have access to my password.
I'll reserve judgement until I can read the implementation details.
Let the governments of the earth do it.
To hell with corporate greedies.
... you mean like slashdot's web-bugs?
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
The obvious implmenentation would be to sign into the *browser* somehow, and have it authenticate you to some Central Authority. Then when you visit any site the browser would exchange your identity with that site (which would probably again have to check it against the Central Authority). Does that sound right?
Given that microsoft conrols most of the browser marketshare, how does *anyone* have a legitimate shot at controlling single sign-on, other than MS?
LMAO! My thoughts exactly!
Gasp. I know i'm asking for it but why don't they try and become the governing body MS was talking about when they said they wanted to open passport up so that they didn't solely control the information. IT seems like that would be more effective than creating a competing standard.
--"Karma is justice without the satisfaction"
Sun announces alot of stuff.
But then..... sort of like their stock price. What will happen to Java if they go bust?
I'm still working on a clever footer.
I can see it going down now:
.NET rather than copying it. I realize Java was first, but it seems Sun has picked up on some of MS' good ideas and is turning Java into .JAVA. It's unfortunate. I work with Java every day and Sun had a good thing going, but there just isn't a lot of positive movement in the Java realm. Just from what I've read, .NET is the Java that Java never was. Is this Sun's fault? Probably. Can they fix it? Absolutely! But not by copy-cating MS and picking legal fights with them.
- Sun makes this passport-knock off
- It's a dismal failure because Passport is much better and has more functionality
- Sun gets burned
- Sun gets angry and takes their competitive problems to the court and sues MS for being a big bad meany monopoly.
It's unfortunate that Sun can't innovate and make their own products, or make Java better and compete with
Well, you got a competition, Microsoft. Well, let's see... storing user's information and access anywhere. Hmm... Let's see: :)
Well, you've just bought me a workstation. Guess what? You've transfer $10,000 to my account. Thanks! I'll login as you more often next time
Microsoft's numbers are a little misleading. 140 million? Come on? They give you the service as part of the MSN Broadband thing. I have MSN broad band via Qwest. MS's numbers also represent all the previous Qwest users.
- kk
If a lawyer worked like M$, they'd watch you get run over by a truck, create something resembling you (only you'd take up 10 times the space, be only half as intelligent, and you'd just turn blue every now and then). They'd also "invent" a truck (of course, you'd need a PassPort(tm) to open the door, requiring to give them your birth date, bank account # and your significant other's [bust|dick] size).
Goddammit, I hate big companies. Except for MacDonalds, for they make really yummy quarter pounders. Yum.
/var/run/twitter.sock is a twitter socket puppet.
Sorry, the problem is not your morals, it's what you think of everyone else's...which might be because you know you don't really have any, but that's a stretch, don't you think?
When you go into a new environment, you need an identity. This includes the web. When I shop on the web, I need to use my real-world identity. When I post on /. I can use a /.-generated identity which is less exposed.
What's wrong with a commercial venture that manages identities? You approach this company, and ask them to create you an identity, possibly based on some real-world data like your credit card number. When you interact with a third party you can say "I have personal ID number 57798 issued by that company", together with some documentations (e.g. using public-key certificates). If this third party trusts the company, they will agree that you are who you say you are. This way you can create binding contracts with people you've only met on-line.
Of course, if you couple such a system with a monopoly in some market (e.g. operating systems, mainframes, or insurance) you get in trouble. This is the general problem with monopolies. Also, I'm not sure if I'd use an identity offered by my credit card company since they know enough about me already. If I think some company won't keep my info secret, I won't deal with them, etc. In any case, it's then a matter of consumer choice.
The "let people have IDs on your site" approach doesn't work for sites who who do major business with those people -- you need some third party who'll vouch that these people are genuine.
Remember, the only way to have complete privacy is not to interact with anyone else.
Just my rants.
...the Internet is sucking more and more everyday. I really wish these big corporations would go and create their big corporate private network (as was proposed in earlier articles, because the Internet doesn't 'conform to economic models properly'). Then the Internet can go back to what it was intended to be used for -- sharing of information and open communication, with a nice simple text interface... :-)
Go not to the Elves for counsel, for they will say both no and yes
Bill Gates or Scott McNealy?
.02 worth.
Sun or Microsoft?
Blah or Blah?
Either system kinda gives me the creeps, as the reputations of both companies seem to be on a similar plank.(At least in Open Source circles).
However, Sun at least has the experience and know how to develope a system like this, and their claims about privacy at least appear to be a bit more realistic than Microsofts.
However Sun has a tendency to weazel around things, sometimes with even more cunning than Microsoft.
If Open Sourcers were to evaluate it and give it a sort of green light, I might be inclined to use it. If IBM were to work with the system as well, then that would be a definite plus in my book.(Fat chance of IBM supporting anything done by Sun.) But who knows, one finds strange bedfellows when opposing the so called "evil empire".(Hype added.)
So I'm not sure if this is a good thing or not. What are some specifics I should look for when deciding whether or not to use a system like this?
For what thier worth, that's my
McDoobie
Not yet.
Joe Batt Solid Design
An un-split Microsoft has no choice but to use IIS. How much faith would you have in the Apache Project if their Jakarta team, for instance, switched their home page over to IIS or AOLserver?
Many pundits and observers believed that Microsoft would be more profitable split than whole. Why? Because the two (or three) BabySofts would not need to promote each others' products, and they would still not be in competition with each other. Currently the IIS offering hurts the Hailstorm group because they are not free to choose the best, most secure product(s) to run their system. Bad for billg, good for the Hailstorm detractors.
-sting3r
Seems pretty obvious this "Project Liberty" name was thought up after the recent tragedy to capitalize on to newfound feelings of national pride and whatnot. I want nothing to do with it until they come up with a more appropriate name.
Save the patriotic "liberty" stuff for something appropriate. This is just Sun doing what it can to take some of Microsoft's business, and cynically using the recent tragedy to make it's business aims seem noble.
... Which will make all the difference to sites in development like ours: http://makunu.com. I hope some amalgamation of Dave Winer's well though out solution xmlrpc makes it into the final product.
The number of sites that are charter members (e-bay, apache, amex, cisco etc.) makes it even better. I just hope they don't mandate the use of Java in this project.
The single point of failure should be local. As in pda or smart card. Also, as the provider of such information, I should be able to review, veto, or hide whatever information is available about me. The level of detail presented should be user to the owner of the card. This is probably not how it will be implemented and that concerns me.
att had just bought 20% of sun, att owned unix.
the threat was that sun was going to take over the world of unix and twist the free, good world into submission.
osf proposed building a standard operating system platform; vendors could add their own proprietary value adds. nobody clearly articulated how anyone was going to differentiate their pricey gear.
sun banded together with unisys, some random japanese companies and I forget who-else to form their own competing open-but-not-really coalition (since sun has, from day one, been the open-but-not-really powerhouse).
osf got lobbied by this manufacturer and that, adopted crap from each of their platforms... aix, mach... whatever. they built fancy research institutes in europe (mustn't forget bull and other important european computer manufacturers!), overdesigned, ate a lot of pricey expense account dinners (rumors of more difficult-to-justify expenses in louisiana), fiddled...
everyone attended lots of standards meetings. osf and sun started collaborating. posix. whatever.
net result: bill won. sun forms more coalitions, lobbies, introduces irrelevant initiatives. dec is dead. they all suck. whatever.
oh, I forgot to mention linux. I guess that gets back to the previous point. bill won. whatever.
We can kick all of the users off who aren't at Unviersties or government reserach sites and finally get the discourse back up above the level of a 10 year old...
Or is thsi not what you had in mind? This IS in fact what the "Inetrnet was intended for" not to mention origanlly funed for-- academic research.
Be careful what you wish for.
Did you notice that their member list included the Apache Software Foundation and O'Reilly?
These are groups that I would trust in creating a secure, distributed, decentralized identity system.
Let's face it folks, some kind of worldwide identity system is going to happen. Instead of whining about whether Sun or Microsoft is more evil, start thinking about how something like this WOULD work; it's an amazing challenge, and I am far more comfortable with a consortium of companies developing it than a single one.
Just my $0.02
- jonathan.
From their online propaganda:
Aside from the icky overheated writing style (and pathetically bad Gen-X look of the website) the idea seems to be the same as all of the others: We'll escrow your information and dole it out. The question is of course always how and to whom and with or without my permission. They've also got a dynamic address-book function and a web form-filler - woohoo.When this thing launched I seem to recall Novell positioning it as a universal login to websites through online authentication. Now that seems to be dropped and a simple keychain function used instead. Whatever the case it's all built on Novell's awesome NDS (called "eDirectory" this week) technology which gives it some street-cred. NDS is the most mature directory service out there and scales awesomely, very flexible and at this point pretty mature. MS's projects are, well lets just say "quality is a journey" at MS and with Sun, well Jini sure is nifty!
Anyway, an interesting third example of this increasingly debated service.
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
A federated identity model will enable every business or user to manage their own data, and ensure that the use of critical personal information is managed and distributed by the appropriate parties, rather than a central authority.
seems pretty clear to me - you manage your own data, and it is authenticated in a distributed way, not maintained and authenticated in a centralised Microsoft database. Further:
In a federated view of the world, a person's online identity, their personal profile, personalized online configurations, buying habits and history, and shopping preferences are administered by users, yet securely shared with the organizations of their choosing.
Emphasis mine. You maintain your own data, and decide who you will alow it to be shared to.
Can someone please tell me how this is not (at this vague stage) the sort of thing that we've been wanting? A decentralised, distributed information management system...
Jedidiah
Craft Beer Programming T-shirts
It's hard to collect info from people who don't provide it.
Rykard
Breaking the Internet one standard at a time, since 1999
Boy, I never thought I'd say something like this, but ...
Digital Rights Management (DRM). And for once, we would mean that literally.
At the Seybold Seminar in San Francisco this week I saw a couple of demos of how DRM software works to protect things like MP3s, movies, etc. The licensing server can offer various forms of contracts with the user -- you can rent information, sell it outright, offer it for a limited time or perpetually, offer a free preview of part of the content, expire it at will, offer incentives to users for passing it along, etc. etc.
Seems to me the only single logon system that would be acceptable to most of us here would be one that offered all these possibilities to EVERY USER -- applied to ANY AND ALL personal data associated with his/her profile.
Breakfast served all day!
As Gartner pointed out, this thing is total vaporware. If they want to get this thing off the ground in any fashion to compete with M$, they should be adoption XNS (http://xns.org)
I've seen a number of times people have said this is just a big corporation which is maybe trustworthy (Sun) competing with one which is most likely not trustworthy (Microsoft). The Liberty folks, while led by Sun, are not exclusively Sun. On their site, they list the charter members which include big nasty corporations and some players who are more likely to be loved than hated on Slashdot. For instance, the Apache Software Foundation and O'Reilly & Associates.
Sun probably orchestrated this. Why? Not because they want your data, but because they passionately hate Microsoft and don't want to risk letting Microsoft take over a large chunk of the web. They are trying to Liberate a web that has yet to be enslaved by Microsoft, but one which they are scared will be. Other comments regarding the charter members:
Microsoft enemy AOL-TimeWarner is not there
Microsoft enemy RealNetworks is
eBay is a charter member - which is interesting since they were one of the first to sign up for passport. Second thoughts perhaps?
What I'm trying to say is that this is not Sun vs Microsoft round 6000, there are a number of companies here who will hopefully keep one another honest.
As for the "MS and Sun both suck" issue. There is no issue. Everyone fully realizes that both suck.
That being said...
The real issue here is that this authentication 'standard' needs to be truly 'standardized'. Its ownership and control should be governed by a globally acknowledged standards body i.e. ISO.
That is the issue. When people see Sun headlining an initiative, they instantly think of the nightmare that is the JCP (Java Community Process) -- a process which is neither truly open, nor independent. Rather, the JCP is one which profits only Sun in the end.
What we DON'T want is for the global authentication standard to be 'Sun owned'. This needs to be something that is solely owned by something of the likes of the ISO.
That is what the issue is, I think.
Does anyone outside of Microsoft actually use passport for authentication?
All these companies use Passport as one of their authentication methods.
Will I retire or break 10K?
No this is Chinese.
I think the question is about the meaning of the characters, not the language it is written in.
Dont trust any of them. Use a opensource p2p login system that i need help creating. Go to and e-mail me because I need help on this project. Its written in Java and using JXTA.
My UID is prime is yours?
eBay is a charter member - which is interesting since they were one of the first to sign up for passport. Second thoughts perhaps?
Am I the only one that conceives of the notion that they could use both? Or perhaps implement both then roll out out as official if the other tanks? When you develop something, do you download the first toolkit you find and swear by it forever, or do you evaluate different solutions?
I've finally had it: until slashdot gets article moderation, I am not coming back.
Did you say the Apache Software Foundation?
Media company ... bah!
Offtopic??????? Free crack for all moderators.
I piss on Mecca. I menstruate on the Koran. I shit on Mohammed.
Heh, OSF is the Open Software Foundation, not Source. It had nothing to do with FSF and the rest of the OSS bang.
Seems to me the only single logon system that would be acceptable to most of us here would be one that offered all these possibilities to EVERY USER -- applied to ANY AND ALL personal data associated with his/her profile.
That I believe is so very true. The user must be able to control who will be given access to the information. The personal information management system must have the user/owner of the information in charge.
But still it is a very very very complicated task. The user are to take a stand, "whom will I grant my trust of what information and for how long and how will I allow the receiver to use the information I chose to make available".
Furthermore a factor to include is that different information will be needed for different needs/situations.
And another big problem I can think of is how to we deal with the problem of centralized administration versus decentralized administration - how do we combine the two in order to get the best of both. They are both vulnerable in more facettes than I can think of off the hip. central=vulnerable for single attacks & distributed=vulnerable due to the widespread information and more angles to attack/enter from.
Yet it must be solved. A hell of a research must be completed. It is not impossible, but its a major major major task. The system must be very sophisticated to deal with all the factors, and yet the simplicity must be there so everyone can actually use it for their purpose.
Sophisticated Simplicity - thats a tough one.
But best of luck to us all.
1) The real problem with MS is that it's a monopoly. If it weren't, then I generally wouldn't care. But it is, and it plans to extend it's monopoly into additional areas. So I'm in favor of nearly any competition to it.
2) Monopolies are evil, so the question becomes: what license do these multiple entities plan to offer the software under? I couldn't find the answer to this when I went to the listed site, though there were links that I didn't follow. I'm not sure what "becoming a member" entails. Perhaps you have rights to the code. Perhaps you don't. Perhaps you have only the right to join the network, and no rights to the code. My feelings towards them would be substantially different depending on who had the code under what license. But no matter what, better them than MS extending it's monopoly into a new area.
Still, both Apache and O'Reilly are on the list of members. Both names give cause for hope, though neither name is any guarantee. Perhaps the code will be BSD license? (I don't notice any real GPL names, so that doesn't seem probably. Not even GPL Lite.)
P.S.: An interesting possible line of books for O'Reilly: Special order bound code listings. These would be expensive, as they would all be printed to order, but they could be printed from the original source code without editing, so the costs shouldn't be excessive. And O'Reilly already has the needed equipment, so there wouldn't be any investment there. You, too, could order you own complete listing of gcc-2.95.1 (or whatever).
These would certainly be small order jobs. But the difficult part is not the printing, but rather the binding.
I think we've pushed this "anyone can grow up to be president" thing too far.
Why is nobody proposing a scheme, where there is no need to store information in a central repository ?.
I can visualize a scheme where the information is stored on my local machine in a standard xml format. Every form, must have a button "fill automatically", which when clicked would be able to fill out the information it needs from this xml file lying on my personal machine.
That way I have full control of the info...I release the info to whoever I choose to and I can make changes in the info before clicking the submit button.
"Am I the only one that conceives of the notion that they could use both? Or perhaps implement both then roll out out as official if the other tanks? When you develop something, do you download the first toolkit you find and swear by it forever, or do you evaluate different solutions?"
Yah, fair enough. But it does show that the iron grip Microsoft was shooting for in authentication left even their first passport customers nervous.