Slashdot Mirror
Sun Announces Passport Competitor
mjankows writes: "Sun, and other people today announced the Liberty Alliance Project. Definitely an answer to passport/hailstorm. Maybe Mono/DotGNU can benefit/assist/use/help this..." Yay, yet another way to be tracked on the Internet.
Two versions of software that no one wants to use! Thank god for competition!
--CTH
--Got Lists? | Top 95 Star Wars Line
Ellison is Oracle. They are pushing a national ID card. Thats evil too, but not mentioned in the scope of this article.
As for this hailstorm stuff... i really think you guys are overreacting. Right now there are lots of people who have your user information. This is only one more, and hopefully only has one fail point.
Right now, you have all of your information replicated all over the place, meaning that you trust that many people with your data. All you need is one of them not patching an exploit, and bam, your data is gone. Why have multiple points of potential failure when you can just have one?
Since you can control how much info you give them, (MS Passport only requires email address) and now they are saying that there will be many different people who store it, so you don't even have to give it to MS.
Sun is just a poor MS wannabee. They see that MS has got something that will make the AVERAGE (don't forget how important this is) users experience more convienient, and thus pleasurable, and they want in on it.
Captain_Frisk
Sun, and other people today announced the Liberty Alliance Project
;)
In related news:
Sun has renamed their project 'Enduring Tracking Project'.
The change was made after the initial name -- ``Liberty Alliance Project'' -- last week ran into objections from some Linux scholars on grounds that only Open Source, or GNU, could mete out Liberty in their view.
(this is a joke. And it shows no respect to those of the FreeBSD or other open source licenses
"Can of worms? The can is open... the worms are everywhere."
The name "liberty alliance" and the domain "projectliberty" both imply that the goal is somehow connected with freedom.
The only freedom that I can see from this is the freedom of having yet another repository of my personal information. I can't imagine websites giving us the choice between "passport", "project liberty" or "anonymous consumer".
I read the FAQ and it doesn't mention anything much about how they are planning on divulging the contents of this "consumer database" to people. I can't imagine that they are all doing this for altruistic reasons, so I guess I'd rather avoid using it.
Z.
-- Under/Overrated is meta-moderation, and therefore is Redundant.
This, from the Libery Alliance FAQ:
Q: What are the objectives of the Liberty Alliance Project?
A: The Alliance has three main objectives. 1) To enable consumers and businesses to maintain personal information securely. 2) To provide a universal, open standard for single sign-on with decentralized authentication and open authorization from multiple providers. 3) To provide an open standard for network identity spanning all network-connected devices.
Q: Who are the members of the Liberty Alliance Project? A: Charter members include ActivCard, American Airlines, the Apache Software Foundation, Bank of America, Bell Canada Enterprises, Cingular Wireless, Cisco Systems, CollabNet, Dun and Bradstreet, eBay, Entrust, Fidelity Investments, Gemplus, GM, Global Crossing, i2, Intuit, Liberate Technologies, Nokia, NTT DoCoMo, OpenWave, O'Reilly and Associates, RealNetworks, RSA Security, Sabre, Schlumberger, Sony Corporation, Sprint, Sun Microsystems, Travelocity, United Airlines, Verisign, Vodafone and More.
...
So it seems it's more than just a Sun effort, and they claim it's not about another company holding onto everyone's personal info. The goal appears to be a method for single sign-on where each individual company maintains customer data relevant to its own business. They describe it as a decentralized, federated system built on an open standard.
Breakfast served all day!
I agree that the passpord paradigm gives you a single point of failure. But whereas you may have smaller subsets of your personal information spread out on other sites, i.e., user name and password, maybe first name and last name, but maybe not *all* of your information, like personal banking, stocks trading account informations, home address, work address, phone, fax, cell phone addresses.
Say someone breaks into a site on which you only stored basic username/password and first/last name information, it's OK, it's not that a big deal, inconvenient, but not the end of the world.
NOW, say someone DOES break into that *single* point of failure you are mentioning, chances are they'll have access to users' *ENTIRE LIFE*. And looking at microsoft's track record of keeping systems secure with their close-source, I wouldn't trust them the least bit. CodeRed. Nimda.
Now Sun's approach may be slightly more secure, and if the open-source community does get involved, it could mature far faster than microsoft's product.
As far as *I* am concerned, though the idea of only having to maintain your information at a single location seems very appealing, I think I still want to go thru the discomfort of having to enter personal information at every site I shop at.
Extraordinary Vacations. Exceptional Prices
Why have multiple points of potential failure when you can just have one?
Because putting your eggs in one basket is a bad idea. Sure, this is convenient for users: all your data is in one place, easy to change and maintain. Now, look at it from the point of view of an identity theif. One stop shopping. Now look at it from the point of view of law enforcement. One place to go to scrutinze every transaction that you make.
Personally, I prefer to have several accounts attached to different usernames, e-mail accounts etc. It doesn't prevent abuse, but it makes you a harder target to hit.
When Scott mentions that "You have zero privacy anyway," He's not talking about how he has planned to take away your privacy in the future with his nefarious schemes. He's making an observation about the here and now.
Currently most people recieve the bulk of their information in little paper wrappers that are then placed in unlocked tin boxes that sit in front of the place they live waiting to be picked up when said people come home from work...or by somebody else before they come home...
Currently most people make purchases over the phone, using the 16 digits on the front of their credit card and 4 more digits for the expiration date...and nothing else...these numbers are then processed by another person, a person who doesn't earn alot of money most likely, and who even more likely doesn't like their job or care anything about the person giving them 20 digits and an order to place...
The idea that your information and transactions are currently secure and computers will only make them insecure is a false notion. It's only a matter of time before somebody get's the idea of breaking laws that for the most part are unenforcable, or deciding their job isn't worth keeping to do something that jeopordizes your privacy. Wouldn't you at least like their to be some hurdles and tracking in the way to protect you? You currently have zero privacy anyway, get over it. This is progress, and wouldn't you like your progress open and not controlled by just one entity?
Yay, yet another way to be tracked on the Internet
Well, a tool such as Passport or LAP can be used to track users, that's true. No one said tools cannot be misused. But remember: Programs don't track people, marketdroids do.
The keyword here is convenience. The only way of protecting our information on the Internet is through encryption. Which implies passwords and key management. Something that 99% of users are not willing to do.
Unfortunately, this unwillingness to use the Net securely affects all of us. Cool products and services that could be available today are not offered because of lack of good security models. If they are offered at all, they are either too cumbersome to use, or rely on such simplistic security that they cannot be trusted (Hotmail anyone?)
This is an old problem. An analog is the credit card industry. Even if you carefully protect your credit card info, you're still paying for all the people who get their CC number and expiry date stolen. CC companies past the cost to all of us clients.
So we need ease of use for security products, or they won't get used. If LAP can spread the use of a safe, easy-to-use, one-time Internet-wide authentication, then it's welcome.
Did anyone notice that French company Gemplus is among the LAP supporters? This company provides smart cards. Several projects touting smart cards for web authentication have already been proposed. Maybe we'll see a new, more successful approach this time. It's certainly easier to carry a smart card and enter a 4-digit PIN than to remember and type 20 different passwords.
I am not saying that this new LAP initiative is going to solve all authentication and privacy problems. But these problems are real and need to be addressed. It doesn't boil down just to marketdroid tracking us.
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/