Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sun Announces Passport Competitor

Posted by ryuzaki0 on from the papers-please dept.

mjankows writes: "Sun, and other people today announced the Liberty Alliance Project. Definitely an answer to passport/hailstorm. Maybe Mono/DotGNU can benefit/assist/use/help this..." Yay, yet another way to be tracked on the Internet.

6 of 189 comments (clear)

  1. Yet another way to be tracked... by hillct · · Score: 4, Insightful
    Michael sarcastically noted:
    Yay, yet another way to be tracked on the Internet.
    But I submit it's better to be tracked by a system to which you know the inner workings, and if you wish, based on that knowlege, you may avoid being tracked by it (is so far as it tracks things, which of course is not it's primary purpose).

    --CTH
    --

    --Got Lists? | Top 95 Star Wars Line
  2. Re:That means by Captain_Frisk · · Score: 5, Insightful

    Ellison is Oracle. They are pushing a national ID card. Thats evil too, but not mentioned in the scope of this article.

    As for this hailstorm stuff... i really think you guys are overreacting. Right now there are lots of people who have your user information. This is only one more, and hopefully only has one fail point.

    Right now, you have all of your information replicated all over the place, meaning that you trust that many people with your data. All you need is one of them not patching an exploit, and bam, your data is gone. Why have multiple points of potential failure when you can just have one?

    Since you can control how much info you give them, (MS Passport only requires email address) and now they are saying that there will be many different people who store it, so you don't even have to give it to MS.

    Sun is just a poor MS wannabee. They see that MS has got something that will make the AVERAGE (don't forget how important this is) users experience more convienient, and thus pleasurable, and they want in on it.

    Captain_Frisk

  3. Single Point of Failure gives you EVERYTHING by valmont · · Score: 4, Insightful

    I agree that the passpord paradigm gives you a single point of failure. But whereas you may have smaller subsets of your personal information spread out on other sites, i.e., user name and password, maybe first name and last name, but maybe not *all* of your information, like personal banking, stocks trading account informations, home address, work address, phone, fax, cell phone addresses.


    Say someone breaks into a site on which you only stored basic username/password and first/last name information, it's OK, it's not that a big deal, inconvenient, but not the end of the world.


    NOW, say someone DOES break into that *single* point of failure you are mentioning, chances are they'll have access to users' *ENTIRE LIFE*. And looking at microsoft's track record of keeping systems secure with their close-source, I wouldn't trust them the least bit. CodeRed. Nimda.


    Now Sun's approach may be slightly more secure, and if the open-source community does get involved, it could mature far faster than microsoft's product.


    As far as *I* am concerned, though the idea of only having to maintain your information at a single location seems very appealing, I think I still want to go thru the discomfort of having to enter personal information at every site I shop at.

    --
    Extraordinary Vacations. Exceptional Prices
  4. MS == Power by Wind_Walker · · Score: 3, Insightful
    Well, my first question is really "Does anyone outside of Microsoft actually use passport for authentication?" Microsoft uses it a lot for MSN Messenger, Hotmail and all its other stuff, which isn't really bad (for Microsoft products that is). However, I have yet to see Passport used _outside_ of Microsoft.

    Then, assuming that other companies do begin to use Passport at a significant level (despite no one using it after months of its deployment), there then becomes the question "What happens when Microsoft denies companies access to passport authentication?" For example, what happens if a Hotmail competitor wishes to use Passport authentication for its web mail login? Clearly, Microsoft would be helping their competitor if they allowed it, and acting monopolistically if they don't. That does provide a small problem for Microsoft.

    Third is something that the article points out very early on about the very reason people need something like passport. To paraphrase, the article states that people dislike the idea of their online grocery store having access to their online stock trading when they use the same password. This problem doesn't go away with Passport, it is just enhanced. Now, instead of your grocery store having access to your stocks, Microsoft has access to both your grocery store and your stocks, without doing anything but being a middle man authenticator.

    But what am I saying? Microsoft is the good guy, who would never abuse its power. That's why its okay for Microsoft to use its powers to "innovate," just like its okay for the US to develop defensive systems that give it the power to launch nuclear weapons without fear of retaliation.

  5. You're taking McNealy out of context by Anonymous Coward · · Score: 4, Insightful

    When Scott mentions that "You have zero privacy anyway," He's not talking about how he has planned to take away your privacy in the future with his nefarious schemes. He's making an observation about the here and now.

    Currently most people recieve the bulk of their information in little paper wrappers that are then placed in unlocked tin boxes that sit in front of the place they live waiting to be picked up when said people come home from work...or by somebody else before they come home...

    Currently most people make purchases over the phone, using the 16 digits on the front of their credit card and 4 more digits for the expiration date...and nothing else...these numbers are then processed by another person, a person who doesn't earn alot of money most likely, and who even more likely doesn't like their job or care anything about the person giving them 20 digits and an order to place...

    The idea that your information and transactions are currently secure and computers will only make them insecure is a false notion. It's only a matter of time before somebody get's the idea of breaking laws that for the most part are unenforcable, or deciding their job isn't worth keeping to do something that jeopordizes your privacy. Wouldn't you at least like their to be some hurdles and tracking in the way to protect you? You currently have zero privacy anyway, get over it. This is progress, and wouldn't you like your progress open and not controlled by just one entity?

  6. Where are the details? by -tji · · Score: 3, Insightful

    I looked through the WWW site for this initiative, but I found no implementation details.

    If done correctly, this has the potential to be a very good thing for all involved. But, there are some key criteria that it needs to meet before I would use it. A few that come to mind are:

    - The user must have 100% control of their personal data & what can be redistributed?
    - Any changes of policy, or distribution of data must require user approval (opt-in), nothing should be done without the user's consent.
    - In the "distributed authentication" model, I would want my data stored by an entity I trust. Such as, a non-profit consumer advocacy group.
    - The security around storage of my information must be rock solid.
    - The protocols used for passing authentication to applications must be secure. The services using the authentication must not have access to my password.

    I'll reserve judgement until I can read the implementation details.