Slashdot Mirror
Liberty Alliance Gains Momentum
kabanossen writes "News.com reports that AOL is joining the Liberty Alliance, which is a coalition of tech companies who are creating an alternative to Microsoft's Passport. Other members of the alliance are Sun, Nokia, Real Networks and General Motors "This provides a common language for authentication to ensure no one company controls the single authentication network" said a rep. " Mmmm...open standards. Hopefully.
With the track record of AOL, the last thing we need is people running software similar to AoHeLL on the new authentication system, and hijacking people's accounts.
Microsoft has Passport. This alliance offers another alternative. Both push our society towards a "know your neighbor", or perhaps "know your customer" model.
I remember a few years ago there being a pretty significant backlash against banks attempting the "Know your customer" model of business.
Let's not forget the "None of the above" option when contemplating these systems. Identification of a person is not always necessary or prudent, for a multitude of reasons.
Is this going to be "open standards" just like AOL's instant messenger is open standards? :)
Well, that would be sorta perfect for Ximian's mono! And if that "Liberty" thing is really open, what are the advantages of using Microsoft? People claimed that Mono was bad because it would force people into using passport - now if this Liberty thing works out, and somebody makes it work with Mono...
:)
Great idea!
sorry, but I don't want AOL to have my credit card info, just as I don't want Microsoft to have it.
when will these companies learn that we don't want a huge easily hackable database with all of our info in it? I'm quite happy memorizing my credit card number and providing it only when I feel it's necessary. With these passport like services, it's way too easy for a company to get you to sign in to get free service, and then simply start billing you after 'n' days, since they already have your credit card info, etc, in their database... At least now they have to send you a bill, or at the very least you have to provide a credit card number for a free trial...
I personally don't care if it's Microsoft, or some other tech company... I don't feel overally confident that a huge database with all of our info in it on the web is not going to get hacked...
---
Programming is like sex... Make one mistake and support it the rest of your life.
This is better than no competition for Passport but not so good as if there were some aggressive and international lobbying and development of public, universal and non-proprietary authentication. This is like watching Fed Ex and UPS duke it out over who gets to run the U.S. Mail.
It Is the Nature of Information to Transgress Artificial Boundaries
Why isn't a Linux company signing up (like RedHat)? That would give the project a little more clout in terms of a clearly defined software platform ... rather than, say, "Liberty Alliance for Windows", which would have to compete with a passport icon already on the desktop.
Toronto-area transit rider? Rate your ride.
Sorry, but I can't see where this will be a whole lot better.
Okay, yeah, we definately know that AOL will provide the IM:) But what are the odds of a patent-free, royalty free standard? Zero. Check out the faq.
To be verified to use their tech, you'll likely have to either pay an exorbitant fee to join, pay an exorbitant 'license fee', or both.
Of course, there is no problem with charging to validate against, say, an AOL server, or store information there. But can even DEVELOPMENT occur without significant costs? No.
The only selling point to this seems to be "we're not Microsoft".
(And again, could somebody please explain the advantages? Most people on the street I've spoken with don't seem interested in having anybody store their CC and other personal information. And before you mention banks and credit card companies, most people would be quite pleased if they didn't have the info either.)
Jesus was all right but his disciples were thick and ordinary. -John Lennon
I haven't been keeping up with this, and (I admit it) I'm too lazy to read the article carefully. What is the Liberty Alliance's stance on centralization? I certainly don't want Microsoft holding all my info on a centralized server, but I don't trust any of these folks all that much more. I'd really rather have it on my own machine, encrypted, with very specific as-needed permissions for releasing individual details. This should work in such a way that a malicious third party finds it difficult to cross-reference, say, my e-mail account and my medical records having retrieved each individually.
So where does the Liberty Alliance stand on this? Are my wishes way beyond the scope of this project -- is it a question of "which faceless corporation's basket do you trust with all your eggs"?
This idea still provides a single point of failure for targetting hacking and DDoS attacks. Regardless of who controls it, one single authentication network is a horrible idea. It is doubtful that Passport will gain any serious momentum, since there have already been numerous attacks on the service. I have yet to see any services which support Passport outside of MSN, and I will never sign up for a Passport or a "Liberty Alliance" account or any other single point of failure.
Perhaps the Liberty Alliance group is taking their public relations cues from politics - it sounds 'shameful' to turn down something called 'The Patriot Act' regardless of what its details are. Maybe they are aiming for the same kind of thing in defeating passport.
[Note: I was unable to determine if this post is a trollish type thing. I guess the moderators will tell me.]
Mmmm...open standards. Hopefully.
Someone take the crack pipe away from Hemos.
These will be competing proprietary standards to M$'s dontNET lockin standard. To prevent M$ from embracing, extending and extinguishing, all the key pieces will be protected with patents and trademarks and every other bit of legal jiggery they can use. Just like with JAVA, the liberty *ack* *gagh* alliance will not allow these to become free and open standards, they will smack any free version in order to create a legal precedent for when (not IF) they have to go after M$.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
Other members of the alliance are Sun, Nokia, Real Networks and General Motors
GENERAL MOTORS?!?!?!
okie-dokie...
-- You can't idiot-proof anything, because they're always coming out with better idiots.
The bottom line was: since a lot of people here in Sweden use internet banking, and we all hope it is really secure, then your internet bank account would be one safe way of identifying you. So why not make banks account the basis of a net passport? Rather that than make Microsoft the key to my bank account!
Check this faq.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
Ebay now allows authentication via passport. Logging in from a win2k box or winxp box for ebay is automatic.
It's too AOL is so myopic about standards. On the one hand you have Mozilla and perhaps this and then on the other you have AIM.
I've got the karma to burn, so let me just don my "Captain Obvious" hat here...
America Online? Open standards? You're joking, right?
I seriously doubt that I need to explain myself here.
And don't even think about pointing me in this direction.
"Mod, mod, mod...and another troll bites the dust."
I just don't get all this. We do not need a centralized personal information system. That much is apparent. Not from Microsoft and not from anybody else.
These companies are doing all this stuff just for the sake of *doing* it, to spite and fight Microsoft. Nothing more.
While I'm not blind to the fact that whoever controls all this information will have a measure of power, it remains to be seen if people actually buy into the whole thing. Microsoft may claim 88 gazillion-trillion Passport subscribers, but how many of those are really one-time half-filled and fake entries used to get a temporary spamming Hotmail account? How many people are actually dumb enough to store their credit card information in a Passport (or whatever)? With all the negetive press e-commerce site hack-ins have received in the past few years I'd be surprised this constitutes any significant percentage of Passport users, even among clueless computer users.
The whole industry is overestimating this supposedly "next killer thing" for the Internet. But, predictively enough, the lemmings have all decided to jump over the cliff together. Well then, let them be squashed together.
Keep all the data local, but allow third parties to access it. I choose that SomeShop.com may read my creditcard and address info and if it changes, they automatically have the new data when they request it.
Even better, they would not have to store my details themselves. I do a lot of e-shopping and there are quite a few e-commerce shops that store my creditcard info. To be honest, I couldn't even name all the stores that do without going through my creditcard invoices.
The FSF or another capable OSS team should join this Alliance (that, or I should stop being lazy, start being capable and start coding).
I have no problem with third parties accessing an encrypted database through encrypted channels, served by an open source applications running on my own server. Yes, it's still vulnerable, but it puts the vulnerability and control in *my* hands.
Hm, but I will continue to be lazy. And the FSF would never create a cross-platform wallet that integrates with the 90% desktop OS. I guess our best hopes are with this Alliance?
(on the other hand, I've placed hundreds of orders in the past years with a creditcard and unless I'm really making so much money that I don't even notice, my card hasn't been abused a single time)
34 companies isn't exactly a monopoly. Compare to a Microsoft-owned one company scenario.
What's dangerous, however, is that this 34 company oligopoly is the one that is likely to be the main influence in the SSS-CA and any regulation that results if that bill ever passes. They will have no qualms crushing your freedom to support their revenue models... "Liberty Alliance". Some joke.
I do not have a signature
the most ***important*** sentence in the article
"The sober truth is that although consumers are bothered by multiple user IDs and passwords, most consumers don't see much relative value in having one credential to navigate the Web," Avivah Litan, vice president and research director for Gartner, said in a statement.
before "single sign on" becomes useful, let's consider just some of things that don't exist now, that are needed to make it useful/valuable/necessary...to Joe/Jane Average
1. micropayments - we've been talking about them for years..still no standards, still no positive participation from the major central banking systems..PayPal has had to fight to get as far as it has
2. user authentication - biometrics are coming along nicely, but they have no useful installed base to speak off, and the first gen laptops with biometric user control has no way to "authenticate" the user
3. encryption - no agreement on standards, with the US Gov fighting ANY kind of suggestion to implement standard encryption of email, and pushing for "back doors" in every type of system they can
4. trust - who do you want to have access to ALL your confidential info - Armey, Bush, Case, Daschle, Ellison, Gates, Gephardt, Levin, McNealy, Murdoch, Rather, Redstone?????? All of these individuals (and their respective orgs) have been repeatedly shown to be driven by, UH, "goal achieveing orientation" and NOT by "philosophical/ethical/moral orientation"
5. Systems Security - even if you perceive that you trust the above folk to know that you peruse "Teletubbie FreakySex Sites" or "Death, The Beginning of your New Love Life" newsgroups,
ALL of these orgs have systems with major security flaws...so even with the "best of intentions"...chances are the whole world will find out what you did with that purple teletubbie doll...(and if you keep the video in "My Pictures" we can probably all watch it, too).
i just attended MS Professional Developers Conference in Los Angeles, where PassPort "single sign on" was a BIG push by the MS marketeers...most of the attendees couldn't have cared less
it's much more likely that after all the members of the "Billionaire Boyz Klub" are done with wrangling over "single sign on" as a way to insure "vendor lock in", that the G will step in, and shove their vision of this down ***EVERYBODIES" throats..."for our own good", of course
Ten quid, she's so easy to blind. And not a word is spoken...
It sounds like the Liberty Alliance is trying to create a set of common standards and not, as many people are freaking over, a second centralized database.
.NET is a good thing I think.
If they can come up with a decentralized yet intercompatible way of authentication then they might be on to something positive! Anything that can be done to prevent a Microsoft having a total strangle hold with
Maybe this shouldn't be a standard. The whole idea behind this is to make YOUR information PUBLIC. Ideally it should only be accessible by you, but we all know how hacking works.
Why isn't anybody creating some free software so you can setup your own server for yourself or your company. It just needs to be a little server, with SSL and some basic security measures (no buffer overflows).
The whole idea is you'd have access to information from multiple locations. We all know the original MS ideas behind why they want to implement this, and it's not to make our lives easier. These other corporate entities simply see how they can make money off this and they also know there is more money to make if they can usurp power from MS instead of joining them.
Honestly, what about these services would make your life easier? Answer that question, there's YOUR solution, most likely it's the solution for MANY people, so write the software that meets YOUR needs. Make it open source and/or free and let many people benefit. I'm sure one cable modem connection could more than handle the load of a mid-size company looking up contact information.
The only trick is that Time makes these books and magazines and movies and tv shows. GM makes these metal boxes with wheels, called cars. Between the two, how much goes into computer services? I don't know. But looked at that way, they are on a more level playing field with M$.
Get IBM into the mix, and you are again, undoubtedly on top of the world.
Now, if GM/AOL wanted to somehow integrate liberty-alliance-passport into their AOL or GMC Yukon... Then they'd have an edge. A big one. But I'm not sure how GM can leverage this in the automotive marketplace (sure, some of their subsidiaries can easily take advantage, but their big bucks are cars and trucks)
Jesus was all right but his disciples were thick and ordinary. -John Lennon
In these times, I can't believe people are saying something called the "Liberty Alliance" is a bad thing. Dear God, you people must all be atheist, Communists. Or maybe Muslim extremists. I will support the good old US of A by letting anyone and everyone associated with the Liberty Alliance have all of my personal information. It's the patriotic thing to do!
Some people are just too cynical...
If all you have are silver bullets, everything looks like a werewolf.
Microsoft claims that they already have several hundred million Passport users, on the strength of the fact that all Hotmail users are automatically signed up for a Passport.
However, how many people actually use Hotmail for serious email? I doubt foxychic52@hotmail.com and hot_guy334@hotmail.com really provided accurate information when they signed up for their Hotmail accounts...
Hey, that's pretty cool about the mandatory opt-in. Yeah, it may just be law, but at least when some yahoo billionaire tells you that you have no privacy, the gov is on your side.
The enemies of Democracy are
And like most things "Microsoft", it's been two years, and nothin'!
-- You can't idiot-proof anything, because they're always coming out with better idiots.
Passport provides NOTHING useful in any way. Passport is actually HARMFUL to it's users, as it is an extreme danger.
We all know that, and even most non-computer oriented people can see that just as clearly, which is not surprising considering the nature of Passport.
As a programmer and web developer, I vow to never implement anything that in any way uses Passport(or a derivative)'s authentication mechanism or other ridiculous "features".
I promise I will let my company fire me before I would submit to this nonsense. I hope most of you would do the same.
Personally, I think Passport is doomed to fail. While MS might be able to force people to create a Passport account, Microsoft will never be able to force Passport upon other services, as there will be no benefit to using Passport.
Sticking feathers up your butt does not make you a chicken - Tyler Durden
...spoil the broth.
Not that I'd use any of these services, but if I was, I'd rather be using Microsoft's service.
Think about it. You'd be giving your personal information and credut card information to one of these databases. With Microsoft, its just them. With this Liberty thing, look how many hands are in the cookie jar.
And I'm sure that this is going to get me labeled a troll, but open source might be worse than closed source. With the source open, anyone can look at it and find security holes. If the source is closed, its harder to find holes (not impossible, of course).
But do we really need these services? And how secure would it be anyway? You're probablly going to be using a password to get into the system. For the average user, they're going to be using a simple password that is easy for them to remember. Simple = easily broken.
It would be a lot more secure and useful to build a hardware system that would scan a card (MSR, probablly) and had a huge-ass "password", something like 128k, and ENCRYPTED the whole way. You've got the problem with losing the car, but then again you have the same problem with a credit card. Could this be the "killer app" of the "smart" credit card?
Fat chance at getting sign on. I've had a Mobil speedpass for a couple of years. And I can only use it at Mobil/Exxon stations.
But it's not a bad start. Add the ability to go to any GM shop (or independent) in the country and let the car pay for repairs itself (provided it's not been stolen:)
Jesus was all right but his disciples were thick and ordinary. -John Lennon
Of course, it's still the way of the future, and at some point we'll all be pretty much forced to use something like this. That's not all bad, I certainly won't fight it, but I don't think it's necessary either. I definately don't trust MS with it, but I don't think I'd trust AOL with it either.
AOLs support will certainly make this a viable sollution, though, and the competition will hopefully benefit us little folks.
I'm just not sure how I feel about this whole thing.
Under capitalism man exploits man. Under communism it's the other way around.
No one can be a wolf if people did not make themselves sheep. The masses are the ones who allow such an ID if they are tired of putting in User names and Passwords over and over.
It matters not if Microsoft or Liberty has the ID it matters that people know enough to realize that this is a bad Idea.
.
You Don't have to burn books to destroy a culture, you just have to get people to stop reading them. Ray Bradbury
sPh
And with that HUGE risk, the consumer gains... absolutely nothing. The whole thing is simply Microsoft trying to gain control of what they want to become the gateway to everything on the Internet.
Sticking feathers up your butt does not make you a chicken - Tyler Durden
Or that people just don't want to deal with the hassles of on-line and automated service. My bank has an online billing site, but I refuse to use it. I see no need to change how I pay bill, just because the new system will save the bank money. Computers for the sake of Computers is bad.
Especially when this Slashdot post about Oracle comes out a day after my prediction. Called that move a day in advance.
Seriously, when I mod, I make sure my own political views don't result in a desire to mod down. But there are those that use moderation to supress opposing viewpoints - that's why it's important to Metamod.
All I can figure is that JonKatz has too many mod points...
*scoove*
Will some sites deploy it? Sure. But any vendor that says "We only accept payment via MS Wallet" is committing suicide. As much as they wish you'd pay by credit card, even checks are accepted by most online businesses. No one is going to turn away money.
It will only be useful if it's super convenient- and practically everyone who buys stuff over the internet has accounts at all of the places they buy from consistently, making check-out a snap.
But on the other hand...
People routinely make convenience/security tradeoffs. If we were having this discussion 20 years ago credit cards would be pure evil to us. Having your credit card number stolen nowdays is an inconvenience rather than life ruining. And most of us have come to accept the fact that law enforcement can track our iron dildo purchases from the comfort of their desks if they wanted to.
In the absolute worst case most sites will simply feature a "Use my passport account" link above the "Create an account" link.
My how the world turns.
Look who's calling who a dumbass. Look up your TRW report dipshit. And you don't need the internet to look it up. All it takes is a little social engineering. Passport isn't designed to be a central credit reposity for fuck sake. It's like having a user's cookies stored in a central server rather than on your local system. I'm not saying passport is some radicool technology but you're seriously deluding yourself if somehow you think that any information about you is somehow private.
I'm a loner Dottie, a Rebel.