Slashdot Mirror
Sun Announces Passport Competitor
mjankows writes: "Sun, and other people today announced the Liberty Alliance Project. Definitely an answer to passport/hailstorm. Maybe Mono/DotGNU can benefit/assist/use/help this..." Yay, yet another way to be tracked on the Internet.
Even if I do appreciate Sun's resistance to Microsoft's monopoly, I just can't stand when people consider them as our saviours.
They're just another company and I am not sure their interest in this solution is not also leaded by rentability's sake.
Trolling using another account since 2005.
It looks like Microsoft wants to join as well, so it might not actually be a Passport "competitor".
From the article: "Microsoft Corp., which said last week it would expand its own Passport Net identification system to other enterprises, is in talks to join the alliance."
Ahh.. the old "if you haven't done anything wrong then you don't have anything to hide" arguement.
Nice in theory, pants in practice. If it was that simple then there would be no need for *any* civil liberty protections since only the "bad" people would be prosicuted.
SARCASM>
As we know, the authorities have NEVER wrongly prosicuted anyone, they've never made mistakes, they've never abused power. Nah. Not in America.
/SARCASM
Ok, MS is going to implement Hailstorm, which nobody asked for, nor do they want, and they're going to shove it down our throats along with Passport and take away our privacy and security. So Sun's reasoning is if we have a choice of being screwed by Sun or MS, we'll choose Sun.
Well, I guess I probably would prefer getting screwed by somebody different now and then. Although I think I'd rather have a choice of "none of the above".
Hmmm, which service that I don't want will I choose...
The name "liberty alliance" and the domain "projectliberty" both imply that the goal is somehow connected with freedom.
The only freedom that I can see from this is the freedom of having yet another repository of my personal information. I can't imagine websites giving us the choice between "passport", "project liberty" or "anonymous consumer".
I read the FAQ and it doesn't mention anything much about how they are planning on divulging the contents of this "consumer database" to people. I can't imagine that they are all doing this for altruistic reasons, so I guess I'd rather avoid using it.
Z.
-- Under/Overrated is meta-moderation, and therefore is Redundant.
I believe that we need to have a competitor for Passport. Well, that is nothing new. I would highly appreciate if Project Liberty has the guts to build private credentials (you might want to look here for more Info by Adam Shostack). This would be THE alternative for specialized identification (you have to be of legal age to see this page, you have to be Mr. Smith to view your taxes, ...). We need identification, but it needs to be untraceable and there must be no way to collect and combine information.
Right now, you have all of your information replicated all over the place, meaning that you trust that many people with your data. All you need is one of them not patching an exploit, and bam, your data is gone. Why have multiple points of potential failure when you can just have one?
Nice theory. They can't seem to keep Hotmail accounts secure, and they can't even keep their own IIS installations patched. With a track record like that, do you want Microsoft to be the single point of failure?
It isn't like they would consider using someone else's software even if it had a better security history.
If you say, "now I'll be modded down because of X", I'll happily oblige.
K. Here's how you're wrong:
We can't assume that these companies are moral.
You assume they are. But you're forgetting that they are in it for the money. That's all. Thats what makes businesses tick.
Bill
banking records
medical history
shopping trends, even though they are pretty boring
family information
machine setup/configuration at home
get the point? if not, then why don't you just post the above information...let's start with your salary
"My mother never saw the irony in calling me a son-of-a-bitch." - Jack Nicholson
So it seems it's more than just a Sun effort, and they claim it's not about another company holding onto everyone's personal info. The goal appears to be a method for single sign-on where each individual company maintains customer data relevant to its own business. They describe it as a decentralized, federated system built on an open standard
:) I don't see any other agenda to it. Only difference is, Microsoft will openly acknowledge it is a business effort, while Sun will say it is Open and beneficial for the users and still try to do the same!
Its yet another classic case of Sun 'rescuing' folks from microsoft's grip
"Charter members include ActivCard, American Airlines, the Apache Software Foundation, Bank of America, Bell Canada Enterprises, Cingular Wireless, Cisco Systems, CollabNet, Dun and Bradstreet, eBay, Entrust, Fidelity Investments, Gemplus, GM, Global Crossing, i2, Intuit, Liberate Technologies, Nokia, NTT DoCoMo, OpenWave, O'Reilly and Associates, RealNetworks, RSA Security, Sabre, Schlumberger, Sony Corporation, Sprint, Sun Microsystems, Travelocity, United Airlines, Verisign, Vodafone and More."
Yay... So, sintead of Microsoft having my information... Sun, a bunch of media companies, a bunch of companies that want to sell me crap, and a few financial institutions can all pour over my info. Yippe.
Does anyone but me see the danger of allowing such a wide range on companies with many, many goal to all be involved in a project that is basically used to track people and collect personal information?
Seems like yet another excuse to have ads, "targeted marketing", and undue pressure put on my by big business. At least Microsoft is singular, and they aren't in the position to sell me a car, book plane tickets, give me a loan, or offer me a long-distance plan.
What's a sig?
a distributed lookup service which could hold information defined by schemas written in XML. The first application was/is personal info. It's been around for a couple years, and has a public trust organization defining the community, hopefully alleviating people's worries of one company taking over. So what's happened to it? I guess it doesn't have the backing of sun or ms :)
the underlying software will be open source, although I don't think most of it is written yet. The only current implementation of the server is done by the closed source company who's idea this all was, onename.
And for those of you mac old-timers, the head of the public trust organization is Adam Engst!
What reasons do I have to not trust Microsoft? When have they ever used customer information with customer approval? When have they ever violated my privacy?
.NET Services (new name for Hailstorm). If not, they won't.
Their registration is optional. Their activation system was designed with privacy explicitly in mind.
Seems to me that Microsoft has done a great deal to ensure their customer's privacy. I haven't heard a single example of them not doing so.
As far as I can tell, there is no good reason to not trust Microsoft other than the classic big-brother "they COULD do something bad" argument, or that stupid slippery sloap crap people always talk about.
The fact is, it should be up to consumers as to whether or not Passport is a good thing. Are they willing to take the "risk" of storing their information in a central location for the benefits of My
So get over it people. If you don't trust Microsoft, ask yourself these question: Do you trust your bank? Do you trust your HMO? Do you trust your insurance company? Do you trust your credit card company?
The answers to all of these is probably, at the very least, partial trust. You are willing to give up some information and some privacy for services or goods. The same will be true of these services.
Yay, yet another way to be tracked on the Internet
Well, a tool such as Passport or LAP can be used to track users, that's true. No one said tools cannot be misused. But remember: Programs don't track people, marketdroids do.
The keyword here is convenience. The only way of protecting our information on the Internet is through encryption. Which implies passwords and key management. Something that 99% of users are not willing to do.
Unfortunately, this unwillingness to use the Net securely affects all of us. Cool products and services that could be available today are not offered because of lack of good security models. If they are offered at all, they are either too cumbersome to use, or rely on such simplistic security that they cannot be trusted (Hotmail anyone?)
This is an old problem. An analog is the credit card industry. Even if you carefully protect your credit card info, you're still paying for all the people who get their CC number and expiry date stolen. CC companies past the cost to all of us clients.
So we need ease of use for security products, or they won't get used. If LAP can spread the use of a safe, easy-to-use, one-time Internet-wide authentication, then it's welcome.
Did anyone notice that French company Gemplus is among the LAP supporters? This company provides smart cards. Several projects touting smart cards for web authentication have already been proposed. Maybe we'll see a new, more successful approach this time. It's certainly easier to carry a smart card and enter a 4-digit PIN than to remember and type 20 different passwords.
I am not saying that this new LAP initiative is going to solve all authentication and privacy problems. But these problems are real and need to be addressed. It doesn't boil down just to marketdroid tracking us.
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
There seems to be a feeling that big movements at XNS could occur in the many weeks/few months time frame which is not that long, but since we have just passed the one year anniversary of OneName's and XNSorg's rollout of the XNS implementation of the single-signon/universal name/self-updating ecards, and there has been little further movement visible from outside - people are starting to get frustrated.
I think that there is a real worry that while XNS was one of the first boats to leave the dock, one of the less-open boats could well make it out of the harbour before them.
I am hoping that it will turn out that one of these industry groups like the "Liberty Alliance Project" will be using XNS technology as their underlying foundation and that the open specs and open source implementations will win the day, but it is frustrating to not hear much new information from XNSorg.
When you go into a new environment, you need an identity. This includes the web. When I shop on the web, I need to use my real-world identity. When I post on /. I can use a /.-generated identity which is less exposed.
What's wrong with a commercial venture that manages identities? You approach this company, and ask them to create you an identity, possibly based on some real-world data like your credit card number. When you interact with a third party you can say "I have personal ID number 57798 issued by that company", together with some documentations (e.g. using public-key certificates). If this third party trusts the company, they will agree that you are who you say you are. This way you can create binding contracts with people you've only met on-line.
Of course, if you couple such a system with a monopoly in some market (e.g. operating systems, mainframes, or insurance) you get in trouble. This is the general problem with monopolies. Also, I'm not sure if I'd use an identity offered by my credit card company since they know enough about me already. If I think some company won't keep my info secret, I won't deal with them, etc. In any case, it's then a matter of consumer choice.
The "let people have IDs on your site" approach doesn't work for sites who who do major business with those people -- you need some third party who'll vouch that these people are genuine.
Remember, the only way to have complete privacy is not to interact with anyone else.
Just my rants.
Did you notice that their member list included the Apache Software Foundation and O'Reilly?
These are groups that I would trust in creating a secure, distributed, decentralized identity system.
Let's face it folks, some kind of worldwide identity system is going to happen. Instead of whining about whether Sun or Microsoft is more evil, start thinking about how something like this WOULD work; it's an amazing challenge, and I am far more comfortable with a consortium of companies developing it than a single one.
Just my $0.02
- jonathan.
I've seen a number of times people have said this is just a big corporation which is maybe trustworthy (Sun) competing with one which is most likely not trustworthy (Microsoft). The Liberty folks, while led by Sun, are not exclusively Sun. On their site, they list the charter members which include big nasty corporations and some players who are more likely to be loved than hated on Slashdot. For instance, the Apache Software Foundation and O'Reilly & Associates.
Sun probably orchestrated this. Why? Not because they want your data, but because they passionately hate Microsoft and don't want to risk letting Microsoft take over a large chunk of the web. They are trying to Liberate a web that has yet to be enslaved by Microsoft, but one which they are scared will be. Other comments regarding the charter members:
Microsoft enemy AOL-TimeWarner is not there
Microsoft enemy RealNetworks is
eBay is a charter member - which is interesting since they were one of the first to sign up for passport. Second thoughts perhaps?
What I'm trying to say is that this is not Sun vs Microsoft round 6000, there are a number of companies here who will hopefully keep one another honest.