Liberty Alliance Gains Momentum

kabanossen writes "News.com reports that AOL is joining the Liberty Alliance, which is a coalition of tech companies who are creating an alternative to Microsoft's Passport. Other members of the alliance are Sun, Nokia, Real Networks and General Motors "This provides a common language for authentication to ensure no one company controls the single authentication network" said a rep. " Mmmm...open standards. Hopefully.

Uh huh...

Like AOL is in the forefront of open standards

Re:Uh huh...

I'm confused.

On one hand, there's their open-source webserver.

On the other hand, they have disgusting, slimy tentacles (and I don't mean the good kind of tentacles, either), like Cthulhu, but more commercial.

(Offtopic, why the hell does Slashdot add a / after news: when you try to link to a newsgroup? Just plain news: should link to a group on whatever newsfeed you've got handy, and news:// can take you to a group on a different news server (I think), but news:/ doesn't work at all. Oh well. The joke is intact anyway, I guess.)

Eeek.

[Sir_Real]

I just don't know which monopoly to cheer for!

Re:Eeek.

[ichimunki]

34 companies isn't exactly a monopoly. Compare to a Microsoft-owned one company scenario.

What's dangerous, however, is that this 34 company oligopoly is the one that is likely to be the main influence in the SSS-CA and any regulation that results if that bill ever passes. They will have no qualms crushing your freedom to support their revenue models... "Liberty Alliance". Some joke.

Re:Eeek.

Thus The UnHoly War Begins...

hope it's not insecure

[Barbarian]

With the track record of AOL, the last thing we need is people running software similar to AoHeLL on the new authentication system, and hijacking people's accounts.

Re:hope it's not insecure

[corr]

Look at his UID. He is most certainly not 14. If you're gonna troll, don't be an idiot.

Re:hope it's not insecure

[Barbarian]

AOHELL was an AOL account hacking program.

Sun, Nokia, and AOL?

Yeah, those companies thrive on open standards.

Admit it. Its one big corporations proprietary system or another.

R.I.P. Anonymity?

[AgTiger]

Microsoft has Passport. This alliance offers another alternative. Both push our society towards a "know your neighbor", or perhaps "know your customer" model.

I remember a few years ago there being a pretty significant backlash against banks attempting the "Know your customer" model of business.

Let's not forget the "None of the above" option when contemplating these systems. Identification of a person is not always necessary or prudent, for a multitude of reasons.

Re:R.I.P. Anonymity?

[Jucius+Maximus]

It seems to me that no matter who 'wins' this tug o' war, the losers will be the general public and the winners will be corporate america.

Think about it ... either way, there will be some sort of grand scale authentication scheme arching across the net. And this is what they want. It's not a matter as to if most peoples' privacy will be violated, it's about when and by whom, and about how we must act preemptively to protect ourselves.

Re:R.I.P. Anonymity?

[Mr_Matt]

Think about it ... either way, there will be some sort of grand scale authentication scheme arching across the net.

This point can't be made strongly enough. Sure, the net will still be accessible to all - think anybody's gonna write a .NET/Passport or "Liberty" Alliance frontend for linux? - but how long until the useful things become inaccessible to the user who refuses to sell their soul to the company store? And can online organizations that don't toe the line and require "authorization" continue to exist in the onslaught of corporate sites that do?

We thought the regulation of the airwaves by the government was bad - now we give "authorization" power to the people who stand to profit most from our submission. Why are we so ready to piss away our freedom?

Re:R.I.P. Anonymity?

[ajcpi]

Perhaps slightly off point, but, as an Employee of a bank, I can tell yo that "know your customer" far from being dead, is the first line of defense against money laundering, and is very much alive.

How many companines does it take

[Jonny+Ringo]

to equal the one entity that is microsoft?

I'm thinking we should give in. All MS needs now is a good millitary. We could be now known as "The United States of America sponcered by MicroSoft"

Re:How many companines does it take

[BrerBear]

I think "MSUSA" has a better ring to it!

My thoughts exactly...

Is this going to be "open standards" just like AOL's instant messenger is open standards? :)

Re:My thoughts exactly...

[JabberWokky]

You mean how they run a server deticated to non-AOL AIM clients? About how they upgrade and keep the server up and able to handle the load? You mean about how this is all despite the fact that almost none of the free clients even support the ability to display AOL's ads in them?

While not quite "Open", AOL is very tolerant and even supportive of non-AOL AIM clients.

--
Evan

Re:My thoughts exactly...

I was more referring to the fact that they have a tendancy to degrade and/or block anyone who poses as serious competition to them. They seem to have no problem letting "Joe Blow's" little program connect to them as long as it remains unpopular. But all of a sudden Joe's app becomes popular and then *poof* disconnected.

Re:My thoughts exactly...

[JabberWokky]

They seem to have no problem letting "Joe Blow's" little program connect to them as long as it remains unpopular. But all of a sudden Joe's app becomes popular and then *poof* disconnected.

They run a seperate server that is open for all connections! The only problem that they've ever had was software that actually used the three letters "AIM" in it's title. You could have it in the description, but not in the title. I would assume that was to prevent customer confusion... I imagine that the get support calls for other people's software.

That's a pretty durn open policy for a company that is supposed to be about making money. They spend money on something (the open servers) that don't make money (since there are no ads shown). That's a fairly good policy, if you ask me. Maybe not optimal, or the best, but hardly evil... on this issue, at any rate.

--
Evan

Any plans to make Mono support this?

[svara]

Well, that would be sorta perfect for Ximian's mono! And if that "Liberty" thing is really open, what are the advantages of using Microsoft? People claimed that Mono was bad because it would force people into using passport - now if this Liberty thing works out, and somebody makes it work with Mono...

Great idea! :)

Re:Any plans to make Mono support this?

Blaming .NET (or Mono) for Passport is like blaming C++ for a virus that happened to be written in it. It's not the platform that is at fault. Passport is written to work with .NET, but it is not an integral part of the platform. It isn't even part of the standardized infrastructure. Mono has nothing to do with Passport.

If I must use Passport, how to, well, lie to it?

[CaptainCap]

Any sites or tips about the minimum info to supply
in registering for Passport?

ummm no...

[Quasar1999]

sorry, but I don't want AOL to have my credit card info, just as I don't want Microsoft to have it.

when will these companies learn that we don't want a huge easily hackable database with all of our info in it? I'm quite happy memorizing my credit card number and providing it only when I feel it's necessary. With these passport like services, it's way too easy for a company to get you to sign in to get free service, and then simply start billing you after 'n' days, since they already have your credit card info, etc, in their database... At least now they have to send you a bill, or at the very least you have to provide a credit card number for a free trial...

I personally don't care if it's Microsoft, or some other tech company... I don't feel overally confident that a huge database with all of our info in it on the web is not going to get hacked...

Re:ummm no...

[sabinm]

I agree. However, the vision of these corporations is to make the passport, or their standard of it a form of currency, where your very credentials offer you a line of credit. Sort of like Blade Runner currency or Star Trek credits. We're looking at this from the wrong side. It's scary. Very scary to think that a passport or any other authentication service could become the de-facto standard for purchasing online. The credit companies already have this in line. How many places require a credit card to purchase and won't even accept cash? More and more these days. I don't even carry cash in my wallet. My visa(passport) card is my ticket to goods and services.

Re:ummm no...

[MrWinkey]

sorry, but I don't want AOL to have my credit card info, just as I don't want Microsoft to have it.

I agree with this. About 7 months ago my local ISP shut down. :( The option was given to us to go with Earthlink for a discount for the first few months. I decied to decline and go with another ISP that was localy owned and had better prices. Needless to say Earthlink would send me bills every month after that for the next 5 months. Luckily I did not give them my Credit card # or I would have been automaticly billed. The best part was that when I would call up to tell them I didnt owe them anything and to quit sending me these stupid bills for no service they could not do anything because they didnt know my "logon."

Earthlink Phone guy: Yes we can do that what is your login ID?

Me: I dont have a login ID. I never signed up for your service. I dont want your service.

Earthlink Phone guy: You really must have one. Your in our computer.

Me: No I dont. I have never had your service Nor do I want it. Do you have a manager?

After doing that once every month for 5 months untill they finaly quit sending me bills. But not before threating to send me to a collection agency.

The less people with my CC #'s the better.

Re:ummm no...

[Luyon]

sorry, but I don't want AOL to have my credit card info, just as I don't want Microsoft to have it.

How about Visa?

Re:ummm no...

[the_2nd_coming]

so what you are saying is that this will connect us with a sort of "store " credit line so we can buy stuff based on the credit at that store?

oh great just what I need, more credit cards!!!!!

Monopoly or Cartel?

[EccentricAnomaly]

So we now have two choices: a) give away our identities to a monopoly and depend on them to do even basic banking or b) give away our identities to a cartel (er... uh... alliance) and depend on them... Why can't we each just have control of our own identity instead of depending on .NET or some clone of .NET?

AOL vs. Microsoft ... It is to laugh

[nanojath]

Of course it makes perfect sense as Microsoft is aiming it's MSN service directly at AOL... "a great alternative to AOL" as one commercial states. Becoming the defacto gatekeepers of the internet by tying up authentication is absolutely essential to Microsoft's .NET strategy - in the software as service model it is the equivalent of controlling the desktop OS.

This is better than no competition for Passport but not so good as if there were some aggressive and international lobbying and development of public, universal and non-proprietary authentication. This is like watching Fed Ex and UPS duke it out over who gets to run the U.S. Mail.

A Linux company?

[s20451]

Why isn't a Linux company signing up (like RedHat)? That would give the project a little more clout in terms of a clearly defined software platform ... rather than, say, "Liberty Alliance for Windows", which would have to compete with a passport icon already on the desktop.

Re:A Linux company?

Because the taillight-chasers that make up the Linux world wouldn't know "vision" if you beat 'em in the groin with it.

'Old' Boys Club

[gmhowell]

Sorry, but I can't see where this will be a whole lot better.

Okay, yeah, we definately know that AOL will provide the IM:) But what are the odds of a patent-free, royalty free standard? Zero. Check out the faq.

To be verified to use their tech, you'll likely have to either pay an exorbitant fee to join, pay an exorbitant 'license fee', or both.

Of course, there is no problem with charging to validate against, say, an AOL server, or store information there. But can even DEVELOPMENT occur without significant costs? No.

The only selling point to this seems to be "we're not Microsoft".

(And again, could somebody please explain the advantages? Most people on the street I've spoken with don't seem interested in having anybody store their CC and other personal information. And before you mention banks and credit card companies, most people would be quite pleased if they didn't have the info either.)

Re:'Old' Boys Club

Exactly right, and the hypocrisy of Slashdot is exposed again - suddenly AOL are good just because they're against Microsoft.

Re:'Old' Boys Club

[the_2nd_coming]

no, all it says is that member companies would pay to be a part of the allience, not member users.

Re:'Old' Boys Club

[gmhowell]

According to their fact, it says that members would have to pay fees. Specifically, it says that "There are fees for Alliance membership at various levels that will be used to drive all aspects of this new solution." I don't see where it makes a distinction between companies or users. I also don't see (again, on that page) where it exempts users. And further, I don't see where it specifies what constitutes a user.

Until they say something to the effect that "all standards will be patent-free, and anyone will be able to develop programs and systems without incurring cost" I'll assume that this is a non-free system.

(Again, I have no problem paying for authentication services, and even to pay for a "Program Foo is a Liberty Alliance Certified Program".)

Re:'Old' Boys Club

[the_2nd_coming]

the allience is a group that requires membership, their product is not somthing that will require consumers to become allience members......I bet that the lowest membership that will exist will be the website and the highest will be a company on the stearing commity.

if they want people to use their tech they are certainly not going to charge the consumer.

Re:'Old' Boys Club

[digitalboy]

If you look at the list of charter members, you will notice that the Apache Foundation is among them.

Centralized or decentralized?

[melquiades]

I haven't been keeping up with this, and (I admit it) I'm too lazy to read the article carefully. What is the Liberty Alliance's stance on centralization? I certainly don't want Microsoft holding all my info on a centralized server, but I don't trust any of these folks all that much more. I'd really rather have it on my own machine, encrypted, with very specific as-needed permissions for releasing individual details. This should work in such a way that a malicious third party finds it difficult to cross-reference, say, my e-mail account and my medical records having retrieved each individually.

So where does the Liberty Alliance stand on this? Are my wishes way beyond the scope of this project -- is it a question of "which faceless corporation's basket do you trust with all your eggs"?

Re:Centralized or decentralized?

[Ian_Bailey]

From the FAQ:

Q: What is the intention of the Liberty Alliance Project?
A: The charter members of the Liberty Alliance Project, representing a broad, global spectrum of industries, intend to create an open, federated solution for network identity - enabling ubiquitous single sign-on, decentralized authentication and open authorization from any device connected to the internet, from traditional desktop computers and cellular phones through to TVs, automobiles, credit cards and point-of-sale terminals. The alliance represents some of the world's most recognized brand names and service providers, driving products, services and partnerships across a wide range of consumer and industrial products, financial services, travel, retailing, telecommunications and technology

You'd have to figure he'd be there...

[scoove]

I found this part of the release rather interesting:

Libery Alliance conference attendants noted an unusual episode at the conference where Oracle Chairman Larry Ellison showed up midway with a crew of Oracle employees chanting "Oracle today makes Osama go away!"

Later, Ellison offered his company's support and participation in the alliance efforts.

"Oracle would be proud to donate our leading Oracle database software to the alliance project," said Ellison. "To us, it's a matter of killing too birds with a single stone. With the power of Oracle 9i, Liberty's registration information would also serve as a national citizen ID database, protecting all of us from the evils of terrorism."

White House spokespersons had no comment on Oracle's previous offer of its database for a national registration system.


*scoove*

Re:You'd have to figure he'd be there...

[davmct]

How the hell was this modded as a Troll. Clearly the moderators have their heads so far up their ass that they don't understand a perfectly humorous post when it hits them in the rectum.

Re:You'd have to figure he'd be there...

Why was this post marked Troll? If anything I'd mark it +3 Funny! Some moderators are a bunch of grumpy butts today... ;)

Re:You'd have to figure he'd be there...

[scoove]

Especially when this Slashdot post about Oracle comes out a day after my prediction. Called that move a day in advance.

Seriously, when I mod, I make sure my own political views don't result in a desire to mod down. But there are those that use moderation to supress opposing viewpoints - that's why it's important to Metamod.

All I can figure is that JonKatz has too many mod points...

*scoove*

There should be no "single authentication network"

[Astral+Traveller]

This idea still provides a single point of failure for targetting hacking and DDoS attacks. Regardless of who controls it, one single authentication network is a horrible idea. It is doubtful that Passport will gain any serious momentum, since there have already been numerous attacks on the service. I have yet to see any services which support Passport outside of MSN, and I will never sign up for a Passport or a "Liberty Alliance" account or any other single point of failure.

Sun and Real

Yeah, real proponents of open standards and technologies... :-(

Confusing

[Jucius+Maximus]

With all these things like 'Liberty Alliance,' 'The Patriot Act,' 'Libertyunites.org,' 'Enduring Freedom' etc, it's getting harder and harder to remember what is what.

Perhaps the Liberty Alliance group is taking their public relations cues from politics - it sounds 'shameful' to turn down something called 'The Patriot Act' regardless of what its details are. Maybe they are aiming for the same kind of thing in defeating passport.

[Note: I was unable to determine if this post is a trollish type thing. I guess the moderators will tell me.]

Open standards? With sun/oracle/aol?

[anticypher]

Mmmm...open standards. Hopefully.

Someone take the crack pipe away from Hemos.

These will be competing proprietary standards to M$'s dontNET lockin standard. To prevent M$ from embracing, extending and extinguishing, all the key pieces will be protected with patents and trademarks and every other bit of legal jiggery they can use. Just like with JAVA, the liberty *ack* *gagh* alliance will not allow these to become free and open standards, they will smack any free version in order to create a legal precedent for when (not IF) they have to go after M$.

the AC

Re:Open standards? With sun/oracle/aol?

[sam_handelman]

Someone take the crack pipe away from Hemos.


Ah.... sweet crack makes it all clear.

AOL will do extensive business with the PRC, trading my personal info with them, in order to make my life more convenient. And more secure! B/c the CIA will hire "foreign agents" in chinese security firms to help lower costs associated with keeping tabs on american citizens. This will help to shrink our bloated and over-trained intelligence apparatus, lowering my taxes. It's a win/win proposition.

One more draw off the pipe... ah.

Naturally, it will be an open standard; china is a communist country, after all, and for them to do otherwise (since they'll be intimately involved in the whole process, naturaly) would be as hypocritical as for them to hire an American corporation to help them spy on their own citizens.

Uh oh, I think I'm coming down. Here come the spiders.

Re:Open standards? With sun/oracle/aol?

Wow no non-"M$" references to Microsoft. A sure sign of someone whose opinion means absolutely nothing as his bias is blatantly obvious and his maturity level is that of a 12-year-old.

While you may have had something interesting to say, your puerile behavior caused me to ignore them. In the future please act like an adult if you wish others to consider your opinions.

Re:Open standards? With sun/oracle/aol?

[ToasterTester]

Scott McNealy takes a crap he considers it a standard. Sun claims anything they do is automaticly a standard and anything they don't like is non-standard.

If AOL is involved you have the next evil empire just waiting to take over MS's reign. AOL is a hydra far worse than MS or IBM or any previous holder of the title.

MS leading the way?

[CptNoSkill]

Why does it seems like this is just an example of other companies doing things to spite MS? Other than talk, I haven't seen any real advantages to this. Won't having just one password make it that much easier for hackers? If Liberty Alliance is so good, then why is AOL still developing it's own system? Why are there more questions than.. well you get the idea. When someone can show how such a set up can be easy and safe, I'll buy in to it. Until than it is just another "promising tech".

One of these things is not like the others...

[iceT]

Other members of the alliance are Sun, Nokia, Real Networks and General Motors

GENERAL MOTORS?!?!?!

okie-dokie...

Re:One of these things is not like the others...

You mean GM isn't in the tech sector?

Re:One of these things is not like the others...

General Motors is there to cinch the deal. Because anyone who has ever seen the Li'l Abner play can confirm:

[song=on]What's gooooood for General Moooootors, is gooooood for the Yew-Essss-Aaaaaaaaaaaaaa! [song=off]

Anonymous Kev
Proudly posting as AC since 1997

Re:One of these things is not like the others...

[biohazard99]

GM is not just an automobile company, they have their hands in many different pies, like Digital Television over Sat, Defense, and Sat Communications (Take a look at Shuttle and dumb-rocket payloads over the last 20 years, Hughes is a name you'll see many times.). Oh yeah, lets not forget they are in the mobile phone arena as well with their OnStar service. Also, they are a big-time money lender GMAC will finance not only your car but your house as well.

Banks! (if you trust them)

[reachinmark]

There was a newspaper article today in Sweden announcing that next years tax returns could be submitted via the internet. To secure the connection, the three tax related government bodies would require a special identity certificate... that can only be provided (and verified) by your bank.

The bottom line was: since a lot of people here in Sweden use internet banking, and we all hope it is really secure, then your internet bank account would be one safe way of identifying you. So why not make banks account the basis of a net passport? Rather that than make Microsoft the key to my bank account!

Re:Banks! (if you trust them)

[sien]

This is a good point. The big examples of a system of authentication that are vast and work are Visa and Mastercard.
The two do kind of collaborate, but they provide a global standard that has worked really well. Why not extend these as well for internet identification ? They are already the most important method of internet payment.

Re:Banks! (if you trust them)

I agree that banks should set the standards for authentication services. Why don't we have a card with a hardwired key, encryption logic and a pluggable hardware interface? Additionally non-credit card companies should be able to issue compliant cards for those just wanting to use the authentication service.

Time Warner

[Pyromage]

AOL == time warner. Pretty big company? I don't have any numbers, but it seems to me that Time is probably not tiny.

Between Time and GM, that is some pretty big backing. No offense, but the rest really are small beans. But with some truly massive corporations backing a hopefully open standard, that could really provide some serious competition to M$, if they can deliver.

Re:Time Warner

[gmhowell]

The only trick is that Time makes these books and magazines and movies and tv shows. GM makes these metal boxes with wheels, called cars. Between the two, how much goes into computer services? I don't know. But looked at that way, they are on a more level playing field with M$.

Get IBM into the mix, and you are again, undoubtedly on top of the world.

Now, if GM/AOL wanted to somehow integrate liberty-alliance-passport into their AOL or GMC Yukon... Then they'd have an edge. A big one. But I'm not sure how GM can leverage this in the automotive marketplace (sure, some of their subsidiaries can easily take advantage, but their big bucks are cars and trucks)

Karma Whore Link Propagation

[gmhowell]

Check this faq.

Re:There should be no "single authentication netwo

[Gaijin42]

Ebay now allows authentication via passport. Logging in from a win2k box or winxp box for ebay is automatic.

Magic carpet

[DrXym]

AOL already has an alternative to Passport called Magic Carpet. Who wants to bet that's what they're going to open up?

It's too AOL is so myopic about standards. On the one hand you have Mozilla and perhaps this and then on the other you have AIM.

Re:If I must use Passport, how to, well, lie to it

email address and a new password

design by committee

[kingdon]

I hope I'm wrong on this, but the more I look at this, the more I am reminded of "a camel is a horse designed by a committee" (with due apologies to perl fans and desert dwellers). The Liberty Alliance has all these companies signed up, but it seems pretty vaporous in terms of technical specs, marketing efforts, or much else. Time will tell on whether something real actually comes out of this, but I always get nervous when the hype-to-meat ratio is as high as this. Sort of reminds me of voting machines a year ago - everyone was talking about doing something but there was little/no agreement on what a voting machine should do. Six months later, most of the talk had gone away.

'scuse me?

[Cutriss]

I've got the karma to burn, so let me just don my "Captain Obvious" hat here...

America Online? Open standards? You're joking, right?

I seriously doubt that I need to explain myself here.

And don't even think about pointing me in this direction.

Re:'scuse me?

[zulux]

And don't even think about pointing me in this [aolserver.com] direction.

You missed one: mozilla.org

Re:'scuse me?

[Darth+RadaR]

<aol>
Me too!
</aol>

Rant: Sounds like bullsh*t to me.

The only reason They (Sun, AOL, etc.) are touting Open Standards is because they're getting their butt kicked by M$. The only way they seem to be marketing Liberty is through anti-M$ measures by saying things like..

"It would be a positive step if Microsoft would join Liberty as well," the AOL spokesman said. "If they chose to do so, it would indicate they were moving away from leveraging their monopoly to control this new generation of services."

And using M$'s monopoly as an excuse to point fingers at M$, and say, "We must stop the evil. People, rally with us" as if Sun, AOL, etc. were the Good Guys. But the fact is that They would do (and have done) the same monopolistic practices if They had the chance. The only reason They're bouncing about with Open Standards is because if they didn't, they'd be lumped with the Bad Guys (M$) and they're gonna juice all the PR by saying they're going to keep Liberty open.

Libery will just follow open standards until they have Passport on the ropes. Then all your base are belong to Sun/AOL.

Re:'scuse me?

[djweis]

What's the problem with AOLserver? They bought it because they used it, and then released the code under the MPL and GPL. How evil is that?

Re:'scuse me?

And don't even think about pointing me in this [aolserver.com] direction.

Yeah, make sure you don't show this clown any evidence to contradict his opinion. He can't handle it. I wouldn't think of it.

Re:'scuse me?

[Cutriss]

I put that link in there because I know damn well about AOLserver's open-source derivative license. I mentioned it because it's such a lousy product that AOL *has* to give it away for people to even think it's worthwhile, and I didn't want trolls like you claiming that I didn't know the whole story, or that I was just some anti-big-company ranter.

Re-read my post as this: Here are some products that proves AOL doesn't give a shit about open standards. And if you think that AOLserver proves otherwise, then be aware that I know of its existence and consider it to be folly, such that it's not worth considering as an exception.

Re:'scuse me?

[Cutriss]

The point is not that whether or not that's evil. AOLserver's just not a very good product. It would be akin to Microsoft releasing Microsoft Paint as an open-source product, and then using that to spin up a great big "We support open source!" PR bonanza. I specifically mentioned AOLserver because it's a poor-quality program that doesn't qualify to exempt AOL from being a closed-minded monolithic giant.

Re:'scuse me?

[Cutriss]

I didn't really count Mozilla because it existed before it got swallowed by AOL, and it would've been a PR disaster for AOL to suddenly rein in Mozilla and tell all the developers to bugger off. Mozilla is a wonderful project, and I'm glad it's still around, but it can't really be counted toward AOL's successes.

Re:'scuse me?

[djweis]

AOLserver is a very advanced product. In many ways it's still ahead of Apache in terms of scripting language integration, database pooling, and scaling due to it's multithreaded architecture. On an operating system like Linux that doesn't spread threads as well as processes among cpu's it's not as much of a gain, but on an OS like Solaris it's a bigger gain.

But why?

[The+Bungi]

I just don't get all this. We do not need a centralized personal information system. That much is apparent. Not from Microsoft and not from anybody else.

These companies are doing all this stuff just for the sake of *doing* it, to spite and fight Microsoft. Nothing more.

While I'm not blind to the fact that whoever controls all this information will have a measure of power, it remains to be seen if people actually buy into the whole thing. Microsoft may claim 88 gazillion-trillion Passport subscribers, but how many of those are really one-time half-filled and fake entries used to get a temporary spamming Hotmail account? How many people are actually dumb enough to store their credit card information in a Passport (or whatever)? With all the negetive press e-commerce site hack-ins have received in the past few years I'd be surprised this constitutes any significant percentage of Passport users, even among clueless computer users.

The whole industry is overestimating this supposedly "next killer thing" for the Internet. But, predictively enough, the lemmings have all decided to jump over the cliff together. Well then, let them be squashed together.

Re:But why?

[sheldon]

"We do not need a centralized personal information system."

We're not talking about a centralized personal information system. We're talking about a authentication mechanism.

Different thing and you are confusing the issue.

Passport operates partly as both, it's authentication and it also has ties into personal information storage. But you don't have to store personal info on it. In fact there are numerous warnings, questions and so forth about this... it's really pretty straight forward.

But what is clear is there is obviously a need for a centralized authentication mechanism. People are frustrated and tired of trying to manage 50 different username/password combo's just to register for services.

That's what Passport provides. The Liberty Alliance is providing the not-made-by-Microsoft alternative.

I think if you'd actually bother to take the time to understand what either of these offer you would go "Hey cool, yeah I can see a need for that!" I know that's my general feeling. Granted, I have concerns, but I have the same exact concerns with the way things work without these mechanisms and probably even moreso with the way they are today.

Re:But why?

[The+Bungi]

We're not talking about a centralized personal information system. We're talking about a authentication mechanism.

Not when you listen to the party line at Microsoft, no. They're selling it as an all-encompassing "digital wallet", whatever the heck that means. The fact that you can opt not to include your children's vaccination history and a list of all your dogs since 3rd grade makes no difference. It's what they want it to be that matters. Ditto for the Liberty Alliance.

But what is clear is there is obviously a need for a centralized authentication mechanism. People are frustrated and tired of trying to manage 50 different username/password combo's just to register for services.

I don't think that's clear at all. The normal internet user visits no more than 10 websites consistently - why do they need to manage 50 accounts? Again, it's a solution for a problem that does not exist.

I think if you'd actually bother to take the time to understand what either of these offer you would go "Hey cool, yeah I can see a need for that!" I know that's my general feeling.

I'm amazed that you think it's cool - most rational, intelligent people think it's just a way to excercise more control over our online habits. But don't let that stop you from flaming me, though.

Re:But why?

[sheldon]

What Microsoft party line? I've been to the presentation to developers and while they have discussed that, the primary motivating factor has been the multiple website authentication.

10 websites is still too many to keep track of, made worse by the fact that each has bizarre limitations that make it impossible to use the same ID. Or in many cases even a secure password(what do you mean max of 8 chars?)

It is a problem that does exist for many people. Maybe it is not a problem for you, but then guess what? I'm not interested in selling you a golf cart if you don't golf. Duh.

And as for you last jab. Nice try. Can't discuss a thing from a rational logical manner, resort to name calling. Is that how you are going to win people over to your argument? Call them stupid?

It's obvious to me, anyway, that confusing yourself with a rational, intelligent person was your first mistake.

Client side, client side

[Rob+Kaper]

How hard can it be to create a client-side wallet?

Keep all the data local, but allow third parties to access it. I choose that SomeShop.com may read my creditcard and address info and if it changes, they automatically have the new data when they request it.

Even better, they would not have to store my details themselves. I do a lot of e-shopping and there are quite a few e-commerce shops that store my creditcard info. To be honest, I couldn't even name all the stores that do without going through my creditcard invoices.

The FSF or another capable OSS team should join this Alliance (that, or I should stop being lazy, start being capable and start coding).

I have no problem with third parties accessing an encrypted database through encrypted channels, served by an open source applications running on my own server. Yes, it's still vulnerable, but it puts the vulnerability and control in *my* hands.

Hm, but I will continue to be lazy. And the FSF would never create a cross-platform wallet that integrates with the 90% desktop OS. I guess our best hopes are with this Alliance?

(on the other hand, I've placed hundreds of orders in the past years with a creditcard and unless I'm really making so much money that I don't even notice, my card hasn't been abused a single time)

Re:Client side, client side

[nanojath]

I've actually got something very similar to this, it's a non-virtual wallet that I actually store in my pants. When I want to buy something on the internet my hand simply enters the pocket of my pants, removes the wallet, and then I take out a credit card and enter the information required. I have to say it works great and I have yet to be bothered by fraud.

Now if Microsoft tries to get into my pants, then I'll get seriously up in arms.

Re:Client side, client side

There was a microsoft wallet around the time of IE4, but I think most people were wary of it. .net will be MS sneaking the technology under your nose without explicitly calling it 'wallet'.

After all, Passport is a happier name invoking thoughts of holidays and happiness, whereas Wallet focuses on finance and work.

Re:Client side, client side

I've actually got something very similar to this, it's a non-virtual penis that I actually store in my pants. When I want to buy something on the internet my hand simply enters the pocket of my pants, removes the penis, and then I take out a handy and produce the information required. I have to say it works great and I have yet to be bothered by fraud.

Now if Microsoft tries to get into my pants, then I'll get seriously up in arms.

Re:Client side, client side

[Linux+Ate+My+Dog!]

I work on four different computers all the time, some shared, some not. Do I want to set up wallets everywhere? What about my mobile phone, my wireless organizer, need I synchronize wallets there too? Bank terminals in different countries?

Re:Client side, client side

What about being able to delegate a trusted authority to store the information for you. Either on your local PC, on a MS server, on your Bank's servers, etc... The ability to make a choice is what is being lost here. Whether you believe your PC is any safer than any other PC out there.

Re:Client side, client side

[Christ-on-a-bike]

This is a good idea. What Liberty Alliance has to set up is a set of www protocols, over SOAP / something, for everyday authentication/information issues. The harder work is to get nice and secure clientside apps to service them.

It should come down to this: I go to genericwebshop.com, buy some stuff, and tick the box that says 'yes, you can take my details from my wallet'. If I have my wallet with me (i.e. on a disk, or perhaps better, one o' them cool java rings) and an authentic session locally, then the clientside wallet app sends my details.

The protocols have to be manifested publicly, but there is no good reason, as far as I can see, for the data to reside anywhere but with me. genericwebshop.com can track me via my PGP keyid, thanks very much.

Re:Client side, client side

This would entirely defeat the purpose of being able to access it from any device anywhere.

Re:Client side, client side

This would entirely defeat the purpose of being able to access it from any device anywhere.

Thanks for clarifying that. If that's the purpose then I don't need it, and I doubt that most other people do either.

Re:Client side, client side

[Teutates]

but but...how can we steal information if it's client side? :)

Re:Client side, client side

From what I hear, there's already a "micro soft" in your pants.

Re:Client side, client side

[Bazzargh]

http://www.ecml.org/

Nice n simple. If all registration/payment forms used the same field names, browsers could spot this and fill in details for you. So what names to settle on? This is where ecml came in.

Part of the problem with this was that browsers seem perfectly happy to roll over and give out everything they know about you to any crackers passing through. So would you really trust having your credit card details held there? Hence the need for ewallets which could store this info.

There's two different concerns here though - single sign on identities (for login etc) and identity for payment. Frankly I DO NOT WANT single sign on which covers my wallet as well as my ability to post to /.

-Baz

Re:Client side, client side

[nanojath]

you're funny but that other guy's comment was lame

Doesn't matter...

This is just the illuminati trying to pull an early "April Fools" joke.

You see, the trilateral commission will be the catalysts in the AOL-TW, MS merger, and you'll just use a combo of both systems to be placed in the "Illuminated Global Persons Network" (Codenamed Minotaur).

-ConspiracyTheorist : They are watching!

Liberty Is Slavery

Democracy is totalitarianism. Passport is isolation. Alliance is dictator. Anti-Terrorism is control.

Truth. Lie.

This will fail like MS passport.

[Krapangor]

They are building standard for centralized identification.
At the first sight this might be not like MS passport, but the key point is the same: all your data is stored with one company for identification.
But is this the right direction altogether ?
Wouldn't it much better but create distributed authentification systems. These systems could provide decent (and working) anonymisation, because some parts wouldn't have enough information to compromise your anonymity.
They would be more reliable due to being to centralized and they could be really used even for local identification.
Would it be clever and useful to retrive always data from microsoft just for local print jobs etc.
Yes, of course, you don't need today passport/derivatives for local identification, and yes in can be done in the old way. But all passport like systems won't even have the possibility to handle such things.
They are not scaleable to fine grained levels.
Only big stuff, credit card alike.

And so they'll fail because I think someone will create and distribute approach which is better and only the wind of the desert will howl at the ruins of passport and liberty.
(And when noone does it, I'll do it and all written in assembler which won't work just to punish you lazy goats.)

Re:This will fail like MS passport.

Actually, that's exactly what they _aren't_ doing. Go find a dictionary and look up the meaning of the word 'federated'.

And this is a good thing?

[sabinm]

great- even more spyware to collect my personal data and raise the purchase cost based on my demographics and browsing habits.

Are we looking in the window and not seeing the diference between the pigs and the humans?
(reference to G. Orwell's Animal Farm)

not a registry system

[whiteben]

From the first paragraph of the article: "creating a common online registration and identity system". Such a thing would be just as bad as Passport. When AOL/Sun/etc says "trust us, we'll hold all your personal info" it's no better than when MS says the same thing.

But if you go on to read the rest, you'll find that they are unveiling a common framework. This way the information remains decentralized -- everyone would only collect the info they need and have their own policies regarding to whom and how they reveal that information.

Much better.

Re:Eeek. I don't think we should worry ...YET

[darkPHi3er]

the most ***important*** sentence in the article

"The sober truth is that although consumers are bothered by multiple user IDs and passwords, most consumers don't see much relative value in having one credential to navigate the Web," Avivah Litan, vice president and research director for Gartner, said in a statement.

before "single sign on" becomes useful, let's consider just some of things that don't exist now, that are needed to make it useful/valuable/necessary...to Joe/Jane Average

1. micropayments - we've been talking about them for years..still no standards, still no positive participation from the major central banking systems..PayPal has had to fight to get as far as it has

2. user authentication - biometrics are coming along nicely, but they have no useful installed base to speak off, and the first gen laptops with biometric user control has no way to "authenticate" the user

3. encryption - no agreement on standards, with the US Gov fighting ANY kind of suggestion to implement standard encryption of email, and pushing for "back doors" in every type of system they can

4. trust - who do you want to have access to ALL your confidential info - Armey, Bush, Case, Daschle, Ellison, Gates, Gephardt, Levin, McNealy, Murdoch, Rather, Redstone?????? All of these individuals (and their respective orgs) have been repeatedly shown to be driven by, UH, "goal achieveing orientation" and NOT by "philosophical/ethical/moral orientation"

5. Systems Security - even if you perceive that you trust the above folk to know that you peruse "Teletubbie FreakySex Sites" or "Death, The Beginning of your New Love Life" newsgroups,

ALL of these orgs have systems with major security flaws...so even with the "best of intentions"...chances are the whole world will find out what you did with that purple teletubbie doll...(and if you keep the video in "My Pictures" we can probably all watch it, too).

i just attended MS Professional Developers Conference in Los Angeles, where PassPort "single sign on" was a BIG push by the MS marketeers...most of the attendees couldn't have cared less

it's much more likely that after all the members of the "Billionaire Boyz Klub" are done with wrangling over "single sign on" as a way to insure "vendor lock in", that the G will step in, and shove their vision of this down ***EVERYBODIES" throats..."for our own good", of course

It seems like a superficially beneficial idea...

[eclectric]

As of now, three sites I use utilize passport for authentication. I log into one, then I'm in all three. Ebay, Hotmail, and Expedia. Sure, this makes things a bit faster, but as other posters have pointed out, it also makes a single point of entry that hackers can focus in on. My university is going to a single-authentication scheme that actually seems to be pretty secure, but I wouldn't trust that to the whole internet.

The solution seems obvious. Expanding and integrating password tracking features into browsers. The w3c would be wise to set this down as a standard. This way, a user could store CC, mailing info, and passwords for *any* site they wanted. As of now, the best implementation of this is Mozilla (that i've seen) because it automatically fills in the form fields when you return to a page. (IE requires you to click on the field and choose from a dropdown box.) This to me gives the ease of single login (because in *nix, you have to log in, and in XP the default is to require each user to log in.) But, you don't have the problems of the passwords (or other personal information) stored at a website.

Heck, you could almost do this with cookies, at least for things like mailing address and cc info. This is where I think amazon failed. Why store CC and mailing information in a database on the web when you can just store it as a cookie?

Am I way off base on this, or does this actually make sense. This is how I manage my many different logins, but of course if uninstall/reinstall mozilla, I've got to retype it. It would be nice if this was actually a package on the browser, and I could save (and backup) this information, and be able to restore it, or even better, copy it over to another browser if I want.

I don't even get it.

[MisterQueue]

Why do I even want sites to know who I am immediately when I log on? Sure it's nice for them to save my preferrences and so forth, but I like putting in my CC# every time I purchase. I'd prefer info like that not to be saved anywhere. (Even if it is client side I clear that out regularly) And my preferences are already stored via any cookies I choose to accept. I don't like any sort of push to take the control from my capable hands to those of a large (or a mixture of large) corporations. Plus the day I see my options between going with MS Passport of and initiative including *shudder* AOL, is a sad day indeed.

Warning, warning, you will not be allowed to log onto this website because you are using a non-ms operating system!

vs.

Warning, warning, you will not be allowed to log onto this website because your ISP is not AOL!

Doesn't really seem like a choice to me.

But then again, maybe I'm missing the point, it happens...

-Q

Did I read it wrong?

[MantridDronemaker]

It sounds like the Liberty Alliance is trying to create a set of common standards and not, as many people are freaking over, a second centralized database.

If they can come up with a decentralized yet intercompatible way of authentication then they might be on to something positive! Anything that can be done to prevent a Microsoft having a total strangle hold with .NET is a good thing I think.

Re:Did I read it wrong?

[mstormoen]

Yes, it's true that Liberty Alliance is touting decentralized authentication. However, I don't think anyone has noted that Microsoft announced in September that they are going to support Kerberos and has abandoned the idea of holding all user information and will instead give merchants the ability to store data. This too would be standarized, decentralized authentication.

Ultimately either system that lives up to its promises would be a good one. I can't imagine having to get an ATM card with a different PIN number for every brand of cash machine I use. I expect to be able to use my brand-x card at any ATM. I'm not sure if someone has a stranglehold on that information or if it is shared, but either way it makes my life better.

Re:Did I read it wrong?

Isn't what we have now with every website having their own username/password combo decentralized authentication?

What the hell is Liberty Alliance going to offer that's different without being centralized?

This is the stupidest marketing fluffed anti-Microsoft FUD story I've ever seen.

Re:Did I read it wrong?

[Malcontent]

Are they going to use real kerberos or their own kerberos. In other words will you have to have a windows server?

Use XNS

They should use XNS (http://xns.org). It's here today and it works. Otherwise, it'll take them to long to reinvent the wheel and Passport wins.

Re:It seems like a superficially beneficial idea..

[MantridDronemaker]

Hmmm good point- is it really that hard for me to enter my info for each site, if not for each purchase? I guess it's the old security vs. usability thing- though security is probably the better way to go with all the info needed to charge your CC! That reminds me, I *really* have to get a new low limit CC just for web purchases..

umm

[Reliant-1864]

Is this good news or bad news? It's getting hard to tell these days, with both Microsoft and AOL in it.

If you're really looking for an open alternative

[Larne]

Check out dotGNU's virtual identities. They're very early in the process, still considering proposed solutions, but I'm willing to bet that what they eventually come up with will be both really open and better than either passport or liberty.

An off-topic commentary on the state of computing

[eclectric]

Does anyone else find it disturbing that AOL has risen to be our defender against Microsoft. They can't be the hero. They've been evil *far* longer than Microsoft. And they actually hire intelligent people. I think the people that work at AOL must get paid minimum wage, because that's all they're worth.

Granted, AOL can't be entirely blamed for the idiocy of its user base (and there are smart people who have no other choice) but AOL is responsible for more landscape filling with their CD coasters than MS has been with their inflated OSs.

Proprietary alternatives?

[scott1853]

Maybe this shouldn't be a standard. The whole idea behind this is to make YOUR information PUBLIC. Ideally it should only be accessible by you, but we all know how hacking works.

Why isn't anybody creating some free software so you can setup your own server for yourself or your company. It just needs to be a little server, with SSL and some basic security measures (no buffer overflows).

The whole idea is you'd have access to information from multiple locations. We all know the original MS ideas behind why they want to implement this, and it's not to make our lives easier. These other corporate entities simply see how they can make money off this and they also know there is more money to make if they can usurp power from MS instead of joining them.

Honestly, what about these services would make your life easier? Answer that question, there's YOUR solution, most likely it's the solution for MANY people, so write the software that meets YOUR needs. Make it open source and/or free and let many people benefit. I'm sure one cable modem connection could more than handle the load of a mid-size company looking up contact information.

Authentication should be decentralized

Authenication is used to answer for sure the question "Who am I talking to?" That's ALL an authentication service should do by default. If a user feels comfortable giving more info to the service so they don't have to type in forms, then let them, but I for one won't give them the info, or do any shopping at sites that won't let me type my cc number directly to them over https. My main reason is that I don't want to wonder if I accidentally bought something by clicking on a suspiciously vague button. I confidently explore web sites clicking on whatever, knowing that I will not be charged unless I take out my wallet. This is much more valuable to me than the convenience that woudl be provided by a centralized system. For things like micropayment for content I would rather see a company run special accounts where I could deposit say $10.00 to be used for that purpose. Then I know I won't be defrauded too badly by whatever unscrupulous pr0n site I happen to be on.

Re:Authentication should be decentralized

Dude! Dat wood be kewl!!

No one company....

[jsin]

"This provides a common language for authentication to ensure no one company controls the single authentication network" said a rep. "

Right, no one company other than AOL.

Re:No one company....

[WebMasterJoe]

AOL isn't one company... it's America Online-Netscape-Nullsoft-Mirabilis-Compuserve-Time -Warner-etc. Feel free to reply with the rest of the companies involved, I don't care enough to look them up.

THE single authentication network?

[Aardappel]

What always suprised me with these kinds of developments, is how easily people skip step 2, i.e.:

1. Someone starts doing X (where X = passport, p2p, XML, ...)
2. ?
3. everyone sees X as a necessity, and is trying hard to not be left out.

So, we are already assuming we won't be able to live without these authentication networks, but noone along the line ever asked why? Am I the only one who finds this funny (or sad, your pick)?

Is it THIS easy to make a whole planet go along with a phenomenon without using basic brain functions?

No thanks. . .

[czardonic]

Mmmm...open standards. Hopefully.

Sorry, but this was a bad idea when Microsoft ahd it, and it is still a bad idea. Developing and 'open standards' version of an unnecessary, intrusive and ripe-for-abuse system does not make it any less of these things.

Liberty Alliance eh?

[Muramasa]

Who came up with that corny name? Makes me think of a super hero team =P

The real scare

[anno1602]

Warning, warning: You may not log on this webpage because you don't agree that all if your personal information is stored centrally.

[And because I live in Germany, they actually have to ask me prior to doing this. Opt-in is mandatory. Well, by law, anyway...]

Re:The real scare

[Chris+Burke]

Hey, that's pretty cool about the mandatory opt-in. Yeah, it may just be law, but at least when some yahoo billionaire tells you that you have no privacy, the gov is on your side.

Ok

[zunix]

And we're supposed to believe they are "the good guys"? I find it hard to believe that a vast consorcium of commercial businesses is what freedom lovers would like to depend on.

If General Motors Were Like Microsoft

[YearOfTheDragon]

Can be read "Ford, MS to offer build-it-yourself cars " in this news
If Microsoft can join Ford, why GM can't join Aol?
But what if General Motors Were Like Microsoft?

Re:If General Motors Were Like Microsoft

[iceT]

And like most things "Microsoft", it's been two years, and nothin'!

Don't you see the irony?

[derfla8]

The irony of course is that it took Microsoft to piss them enough to do this. So in fact Microsoft deserves credit no matter which one takes hold.

How many of you are guilty of re-using your passwords on various sites. All it takes is one of those sites to be stupid and store your password in plaintext somewhere. As soon as someone gets ahold of it, just build a spider that tries your login on every site that requires one.

If joeblow.com gets compromised, maybe I won't find out until something odd shows up. Whereas if Passport or the new thing gets broken into, I'm sure sparks will fly.

It's all in the name....

[Chibi]

In these times, I can't believe people are saying something called the "Liberty Alliance" is a bad thing. Dear God, you people must all be atheist, Communists. Or maybe Muslim extremists. I will support the good old US of A by letting anyone and everyone associated with the Liberty Alliance have all of my personal information. It's the patriotic thing to do!

Some people are just too cynical...

good point about what's behind this.

[eclectric]

No one seems to be taking to task that the big thing to worry about, that this is just a way to rope us in so that when Windows goes to a subscription service, they'll have an easy way to charge us. In fact, I didn't much mind using passport to log into sites... I mean, at worst, a hacker can read my hotmail account. However, when they started talking about web services and tying that into the OS, I knew I had to get away (I've since been working to get rid of my hotmail account and been moving to the mozilla browsers. I can't bring myself to use linux yet... I just don't like it as much as winXP.)

Granted, having to pay $10 a month to keep using our computer sounds insane, but for most users (who, btw, will already have their CC info stored with MS) they're probably not going to notice, and not know they have an alternative.

Indeed, if MS ties .NET soley to passport, that's yet another reason that no one will go with other solutions.

Will splitting up the company alleviate this? Probably not. I mean, AT&T was split up 20 years ago into a bunch of little companies. Now look at them. They own half the local service in the country, plus a bunch of cable companies.

Sounds like what Lessig was warning about.

[Wntrmute]

the three tax related government bodies would require a special identity certificate... that can only be provided (and verified) by your bank.

In Code and other laws of cyberspace, Lessig talks about something just like this. Using digital certificates to indentify yourself online. The problem comes in when said certificate contains things like a "geographic location" field. Then, a gambling site hosted in Las Vegas can be forced to decline you access if you are living in Iowa, and other such abuses.

This is even without getting into the problems if something like this became prevalent to the point that you got this certificate from your ISP, and were required to have it to go online. Then you could be tracked *everywhere*.

Yeah, I can think of ways to preserve anonymity, like a "certificate proxy server" hosted someplace out of the reach of US law, but I'd rather not have to deal with it at all.

50 Million handicapped?

[tmcmsail]

Do you really mean that one in six americans is handicapped? I guess that means that we need to lose more up front parking...

Re:50 Million handicapped?

[tmcmsail]

sorry, wrong article. Does that make me handicapped?

Re:Doesn't matter... (Fnord!)

This is just the illuminati (Fnord!) trying to pull an early "April Fools" joke.

You see, the trilateral commission (Fnord!) will be the catalysts in the AOL-TW, MS merger, (Fnord!) and you'll just use a combo of both systems to be placed in the "Illuminated Global Persons Network" (Fnord!) (Codenamed Minotaur). (Fnord!)

And we would have gotten away with it, too, if it wasn't for you meddling kids! Fnord!

Those millions of Passport users

[pubjames]

Microsoft claims that they already have several hundred million Passport users, on the strength of the fact that all Hotmail users are automatically signed up for a Passport.

However, how many people actually use Hotmail for serious email? I doubt foxychic52@hotmail.com and hot_guy334@hotmail.com really provided accurate information when they signed up for their Hotmail accounts...

One idea off the top of my head.

[Wntrmute]

Now, if GM/AOL wanted to somehow integrate liberty-alliance-passport into their AOL or GMC Yukon... Then they'd have an edge.

Say, a gas station that gets a signal from a chip in your car, presto, you've just paid for gas. Heck, get this required by law, and you've solved the "gas and go" problem.

Re:One idea off the top of my head.

[gmhowell]

Fat chance at getting sign on. I've had a Mobil speedpass for a couple of years. And I can only use it at Mobil/Exxon stations.

But it's not a bad start. Add the ability to go to any GM shop (or independent) in the country and let the car pay for repairs itself (provided it's not been stolen:)

This sucks.

Open standards? I think not.

AOL might as well own the proposed "Liberty Alliance" partners. This is crap.

Hotmail expires unused accounts

[yerricde]

Microsoft may claim 88 gazillion-trillion Passport subscribers, but how many of those are really one-time half-filled and fake entries used to get a temporary spamming Hotmail account?

Very few. Hotmail deletes unused free accounts after 45 days.

Re:Hotmail expires unused accounts

[Esoteric+Moniker]

Yes, but do they also delete the passport account? That is the point he was making.

Re:Hotmail expires unused accounts

Not to mention that Passport is entirely uninteresting as an authentication system if it only functions as 'hotmail login' and 'MSN Messenger user'.

Microsoft is making big hay out of the numbers but they never quite say how many people are actually using it for shopping or other 3rd party authenication. My guess is less than 100,000.

privacy directive?

[Zflair]

Does anyone know anything about how this standard federated solution will be affected by the EU Privacy Directives?

Didn't they basically just make cookies illegal?

Why AOL confuses me.

[Wntrmute]

They support great projects like Mozilla, open sourced an excellent webserver, but play hardball over AIM.

If AOL wants to prove their commitment to open standards, then publish the AIM protocol under a royalty-free license. Be willing to put their money where their mouth is.

One Benefit

[mikey504]

If you believe that a centralized data repository is a bad idea, and many of us do, then at least having other players in the game can produce enough fragmentation to keep us from being locked in to any one implementation.

I find the idea of either of these groups becoming "the standard" equally repugnant, but as long as they continue to battle it out in the market place each protects us from domination by the other(s).

I would like to see it splinter into eight or nine competing implementations, in hopes that we won't see any (more) "You must sign up with A to use B, C, D, ..."

That way, even if it does ultimately happen it will happen slowly enough that we can hope for a better implementation in the end.

what would be cool...

[brer_rabbit]

is if I could store my "wallet" on an ethernet enabled Gibson! Instead of using a hat/box/whaterver for accepting pocket change, street performers could use a hub that onlookers would plug their Gibson into to make donations.

What Liberty Alliance isn't

Liberty Alliance is not like Passport at all, at least not the consumer Passport most of you seem to be thinking of. Liberty Alliance is an open platform for corporate directory services for information exchange between companies. While most people who do business online will be recorded in a database powered by the Liberty Alliance, you will not have a Liberty Alliance account. This is not for the consumer like Passport is.

This will allow people who use your information (airline ticket counters, utilities, banks, whatever) to control their own directory services and choose what information to release or keep private. This is an issue with .NET as Microsoft is trying to push Passport as the all encompasing directory service and take control of the data away from the companies.

This really doesn't involve you, the consumer, at all. I invite all of you "OMG I'M NOT GIVING MY CREDIT CARD TO AMERICA ONLINE THEY ARE HACKED ALL THE TIME!" knee-jerk reactionists to actually do some research at http://www.projectliberty.org/ and get a clue or two. Thanks!

Mass authentication doesn't work

[Lewisham]

When will companies realise that mass authentication simply doesn't work? It's supposed to make online purchasing easier for the average consumer. Aren't consumers doing that already? Many people use exactly the same password for each online shopping site they visit. I know my family does, despite my repeated protests at what might happen if someone snags the password. But after the Hotmail Passport grabber, having the same password seems more secure! The more sites that use mass authentication systems, the more crackers will find the holes and exploit them for all they are worth.

Obligatory Dolphin Post

Humans rule! Dolphins can suck it.

my stance

[Ender+Ryan]

As we all know, Passport was created by Microsoft not to provide a service, but as an attempt to force people to go through MS to use the Internet.

Passport provides NOTHING useful in any way. Passport is actually HARMFUL to it's users, as it is an extreme danger.

We all know that, and even most non-computer oriented people can see that just as clearly, which is not surprising considering the nature of Passport.

As a programmer and web developer, I vow to never implement anything that in any way uses Passport(or a derivative)'s authentication mechanism or other ridiculous "features".

I promise I will let my company fire me before I would submit to this nonsense. I hope most of you would do the same.

Personally, I think Passport is doomed to fail. While MS might be able to force people to create a Passport account, Microsoft will never be able to force Passport upon other services, as there will be no benefit to using Passport.

Re:my stance

[Graymalkin]

Wait, why again is passport so bad? For as opposed to it as you are you don't give any clear reason why you are so opposed to it. Don't bother saying it lets websites track you, it's been done before.

To Many Cooks...

[Trekologer]

...spoil the broth.

Not that I'd use any of these services, but if I was, I'd rather be using Microsoft's service.

Think about it. You'd be giving your personal information and credut card information to one of these databases. With Microsoft, its just them. With this Liberty thing, look how many hands are in the cookie jar.

And I'm sure that this is going to get me labeled a troll, but open source might be worse than closed source. With the source open, anyone can look at it and find security holes. If the source is closed, its harder to find holes (not impossible, of course).

But do we really need these services? And how secure would it be anyway? You're probablly going to be using a password to get into the system. For the average user, they're going to be using a simple password that is easy for them to remember. Simple = easily broken.

It would be a lot more secure and useful to build a hardware system that would scan a card (MSR, probablly) and had a huge-ass "password", something like 128k, and ENCRYPTED the whole way. You've got the problem with losing the car, but then again you have the same problem with a credit card. Could this be the "killer app" of the "smart" credit card?

Obligatory Human Post

Dolphins Rule! Humans can suck it.

Yikes!

[HungWeiLo]

"Liberty Alliance"? I was expecting a story with John Ashcroft owning 51% of AOL or something and then doing something undermining our rights and such...

Remember one thing

When elephants fight in the jungle, it's the little critters that get hurt.

Put another way, I do NOT have a good feeling about the industry increasingly turning into a bi-polar arrangement of "MS vs. Everyone Else". Reminds me a little too much of the US vs. USSR nonsense from the Cold War, with users playing the part of strategically located third world countries...

Of course, it's still better than MS owning everything.

smells like shit, looks like shit

I don't need to taste it to realize that this is shit too. Its shit from a different dog, or rather, from a group of (not necessarily) smaller dogs rather than Passport which is shit from one big dog. It is still shit.

And as far as that goes, I make my own shit. Almost daily. I have my own fuckin wallet. I have my own collection of my own personal information and I don't need to subscribe to any system that gives this responsibily for maintaing my personal records to someone else. ESPECIALLY A FOR PROFIT TRANSNATION SUPERPOWER COMPANY. Thanks but not thanks Liberty Alliance. I don't need your shit.

Unintended Consequences?

[agedman]

Many posters have suggested giving bogus information to the different Passport-esque services. I can imagine there being a point where I have a number of "Passports", each with different names & details. Then when I go to buy from or visit a site, I'll need to select from a list of who I want to seem to be and supply credentials to validate the choice.

So much for single sign-on!

Re:There should be no "single authentication netwo

As opposed to the way things are today with your personal information spread across 20 different databases with "questionable" security at best.

It's obvious you don't know what you are talking about.

Why is it even needed?

[bruns]

Why is a one signin thing even needed? Why cant you just enter in your information when you _need_ to and for _only_ the company you want to. You know, the thing people have been doing long before Passport existed.

Maybe if people weren't so lazy...

what are you people smoking???

[Da_Monk]

why are you rooting for AOL??? This is AOL/Time warner, you know, one of the people suing 2600. IMHO AOL is WAY more evil than microsoft. if you don't like passport, dont use it. use freenet! but dont say AOL and Sun's venture is better than microsoft just because it is not microsoft.

Re:Eeek. I don't think we should worry ...YET

[smittyoneeach]

PayPal has had to fight to get as far as it has

Not sure what they're fighting against. Sure, the technical issues; but the real challenge is the cultural one.

People just haven't gotten acclimated to the new ways of doing business. My credit union has a web bill paying service, and I'm just barely considering going through the hassle of setting it up.

The possibility exists that, for all of the technical feasibility and convenience, society may NEVER achieve full-on cyberpunk dysco-topia.

Couldn't have said it better

[MrResistor]

"The sober truth is that although consumers are bothered by multiple user IDs and passwords, most consumers don't see much relative value in having one credential to navigate the Web," Avivah Litan, vice president and research director for Gartner, said in a statement.

Of course, it's still the way of the future, and at some point we'll all be pretty much forced to use something like this. That's not all bad, I certainly won't fight it, but I don't think it's necessary either. I definately don't trust MS with it, but I don't think I'd trust AOL with it either.

AOLs support will certainly make this a viable sollution, though, and the competition will hopefully benefit us little folks.

I'm just not sure how I feel about this whole thing.

Passport... Great...

I've been trying for a couple of weeks to reset my passport password (yeah, it's evil), but there site is always down when I try.... Gotta love their uptime :(

The problem is not in the ID's but the public

[Silverwolf0]

No one can be a wolf if people did not make themselves sheep. The masses are the ones who allow such an ID if they are tired of putting in User names and Passwords over and over.

It matters not if Microsoft or Liberty has the ID it matters that people know enough to realize that this is a bad Idea.
.

May be too much bashing?

[CondeZer0]

I haven't sleep for nearly 24 hours, so I think this is going to be a bit of a random rambling... but I have to try...

I understand that some people is very worried when some big companies get together to create some kind of universal authentication system...

But I think that at least some of the bashing against the "Liberty Alliance Project", especially based in the bad track of mega-corporation behavior of some of the members, is forgetting that there are also other members, like:

(from: http://www.projectliberty.org/chartermembers.html)
- the Apache Software Foundation
- CollabNet
- O'Reilly & Associates

All this organizations have done a great job developing and promoting Open source and Free software.
Please, before bashing look more carefully at what are you bashing.

And of course we should always be careful when considering the movements of big corporations, but I think this is a big opportunity for all the people who wants to maintain
a free Internet, don't just discard it because you don't like some of the people promoting it.

Best regards

\\Uriel

P.S.: Now we only need that Freenet, OpenBSD, Debian, Xiph, FreeBSD, NetBSD, FSF, Internet Software Consortium, Gnome foundation, etc. join the project, and then thy have my permission to take over the world ;)

P.P.S.: Seriously, it would be great to see Debian, FSF and ISC joining, and some Linux distributions wouldn't hurt either...

Re:There should be no "single authentication netwo

[chris_mahan]

so when you have someone "borrow" your laptop, they can just order $500 worth of junk, coming straight out your bank account... Yikes!

Does the consortium thing ever work?

[sphealey]

Can anyone think of an example where a technology company/organization with market momentum behind them created and started pushing a new "standard", a consortium formed to create a competing standard, and the consortium won out? Seems to me that the existance of the consortium usually just validates what the first company was trying to accomplish, and that company takes all the spoils. The consortium members usually just end up losing a lot of competitive time and some money.

sPh

Re:Does the consortium thing ever work?

[dbrower]

Can anyone think of an example where a technology company/organization with market momentum behind them created and started pushing a new "standard", a consortium formed to create a competing standard, and the consortium won out?

Sure, compare MSN version 1.0 vs W3C. The first MSN was a dialup competing against Prodigy and AOL.

Or IP vs. Novell IPX, or X vs. NeWS. One can argue reasaonably that these aren't clones, but are things that "changed the game" compared to the proprietary thing. But that is one of the advantages of the open-ness.

The question is whether the closed thing can get a knockout before the open thing gains footing.

-dB

Passport/Liberty Just a Preview

[orbbro]

You know, efforts like this that allow for uniform identification and authentication are just a preview of what's to come. In the future, we're sure to see a single unified system of tracking what you do online, what services you use, proving who you are and what you're authorized to do, and billing you for the specific level(s) of service that you use.

Using a common layer of software tools, ISPs & content providers will be able to know who you are, what you're doing, and how much you owe for it. Think of the merger of a high-speed real-time multimedia Internet with your phone service (which is considered a necessary utility and which bills you differently for local access; local, interstate, and international long distance; and extra features like voice mail).

It's just a matter of time before you can get Internet Video Phone and Downloadable Streaming Pay-Per-View -- and pay Qwest-AOL-TimeWarner handsomely for the priveledge.

idiot!

[Ender+Ryan]

It's a database storing personal info for millions of people. It could easily become the largest target of hackers and corporate espionage in the world.

And with that HUGE risk, the consumer gains... absolutely nothing. The whole thing is simply Microsoft trying to gain control of what they want to become the gateway to everything on the Internet.

Re:idiot!

[Graymalkin]

Uh...you realize every little bit of information about you IS ALREADY FUCKING STORED IN SOME DATABSE. Fuck dude, if you think Passport is homehow eviler than TRW you need to get the jaws od life to pry your head out of your fucking ass.

Real Networks???

Other members of the alliance are Sun, Nokia, Real Networks and General Motors

As if Real Networks is worth being said in the same breath as these other major players.

I believe this has already been implemented.

[arsaspe]

Anyone here have Yahoo ID? Notice how it can be used to authenticate seamlessly with all yahoo services, such as Mail, News, Egroups, Geocities, Shopping, etc?. Ever seen a website with a "Powered by Yahoo!" Icon? guess what- your authenticated with your Yahoo ID. Did you also know that they are planning on providing Java based applications over the internet, such as an Office Suite? This Sounds a hell of a lot like .NET/Passport to me. Hell, Yahoo even uses your information for spam. a Yahoo ID isn't vapourware either. It is here, now, works really well, and has passed the test of time. Yet no one has complained about Yahoo?. Of course Microsoft plans the same thing, and its the Evil Empire trying to take over the world.

AOL Instant messaging standards

[JacobD]

Isn't this like the pot calling the kettle black?

Accountability, anyone?

[Observer]

One thing I would want to know before entrusting any significant identifying information to any of these proposed services:

How will the services be audited, under what criteria, by whom, and with what penalties for failing to meet the criteria?

And yes, I do think there should be a law about it - whether it's the application of an appropriate existing one or (shudder) a new one that takes account of the possibility - or should one say the service providers' intention - that the service will be used for a wide range of matters which have until now not been related or connected in any way.

you mighta missed his point...

[gvonk]

he was actually just talking about your |33+ 59{{K

double idiot!

[Ender+Ryan]

There is no database anywhere that has my name, address, all my credit card information in one central internet accessible place.

My other point being that the consumer gains NOTHING, NOT A GODDAMN THING FROM PASSPORT! So, no matter how small the risk, it's not worth it for the consumer.

Fucking dumbass...

this conversation is over, you're a moron...

Re:double idiot!

[Graymalkin]

Look who's calling who a dumbass. Look up your TRW report dipshit. And you don't need the internet to look it up. All it takes is a little social engineering. Passport isn't designed to be a central credit reposity for fuck sake. It's like having a user's cookies stored in a central server rather than on your local system. I'm not saying passport is some radicool technology but you're seriously deluding yourself if somehow you think that any information about you is somehow private.

Re:Eeek. I don't think we should worry ...YET

[jmauro]

Or that people just don't want to deal with the hassles of on-line and automated service. My bank has an online billing site, but I refuse to use it. I see no need to change how I pay bill, just because the new system will save the bank money. Computers for the sake of Computers is bad.

Single login grabbag

[defile]

Will some sites deploy it? Sure. But any vendor that says "We only accept payment via MS Wallet" is committing suicide. As much as they wish you'd pay by credit card, even checks are accepted by most online businesses. No one is going to turn away money.

It will only be useful if it's super convenient- and practically everyone who buys stuff over the internet has accounts at all of the places they buy from consistently, making check-out a snap.

But on the other hand...

People routinely make convenience/security tradeoffs. If we were having this discussion 20 years ago credit cards would be pure evil to us. Having your credit card number stolen nowdays is an inconvenience rather than life ruining. And most of us have come to accept the fact that law enforcement can track our iron dildo purchases from the comfort of their desks if they wanted to.

In the absolute worst case most sites will simply feature a "Use my passport account" link above the "Create an account" link.

My how the world turns.

Re:Eeek. I don't think we should worry ...YET

[smittyoneeach]

I get paid a healthy rate per hour. If I mentally pay myself for the effort of managing the books, outsourcing the bodily function of writing the out the checks seems worthwhile.
OTOH, good ol' fashioned bill paying might be a relaxing interlude for someone, in which case they certainly should eschew online payments.
I agree that computers are the means, not the end. Motive matters in this decision, as any other.