Slashdot Mirror
Passport vs. Plan 9
netphilter writes "LinuxWorld is carrying an article about how Apache and Plan 9 are going to defeat Microsoft's Passport. I hate Passport's integration with XP (although that might be because I hate XP). An Open Source single-sign on would be a real blessing. Will we ever get a good single sign-on solution?"
Ah ... good old H2O.
Do we really want a single sign on?
From outer space?
Good idea as I'm guessing thats where passport comes from
Get the EULA T-shirt
The question should be: Do we really want a single sign in solution? I don't like passport, or its integration into XP and I probably won't like a Linux version. Single sign in sounds terribly insecure. I suppose the Linux version might be more secure since as Microsoft says, their products aren't made for security.
FoundNews.com - get paid to blog.,
Here I was worried that a company with billions of dollars would be able to dominate the market with their single sign on technology, but apparently some technology I have never heard of that is named after an Ed Wood movie will defeat it.
Can we mod the article -1, Presumputous?
Do not taunt Happy Fun Ball(TM)
but isn't the biggest thing against single-sign-on the fact that there's a single point of failure? why would open source change that?
FreeBSD for the impatient.
First Post
"good single-signon" is an oxymoron.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
"Will we ever get a good single sign-on solution?"
What about NDS/Single Sign On from Novell? I haven't looked at it in a while, but last I checked, it ran on most server operating systems (including Linux), makes administration a *lot* easier, and is pretty secure. What's not to like? (besides the fact that it's not opensource/freesoftware) I guess I shouldn't be surprised, since Novell's marketing sucks. They have great technology, but have had a lot of trouble turning that into products.
no its not you are at least the fourth one. Fool
What is with this obsession with single sign-ins? For the web, just use the facility to remember passwords provided by your browser (with a single secure password to protect them). For everything else, just keep the passwords you don't use often in a PGPed file.
It may be putting your eggs in one basket - but I'd rather put them in *my* basket which I can keep physically secure and encrypted, than in someone else's. Especially if I have no come back if that someone else discloses my information.
Can't RTA since it's slashdotted, but if this is anything other than the "Plan 9 from Bell Labs" operating system, I suggest that they change their name.
I hate linux and plan 9 from outer space. The two just don't mix.
I hate to sound like a troll, but bad ideas are still bad ideas whether or not they are open sourced. The whole "universal login" idea is just a poor idea, given the current state of technology. The whole "putting all your eggs in one basket" thing... and whether or not it's open sourced won't help much.
Good to see people forming opinions based on facts and information rather then knee jerk reactionism.
Oh wait.....
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Will we ever get a good single sign-on solution?
no
put the what in the where?
Not only does Passport go against the KISS philosophy embraced by many Unix and Linux developers, but the potential for security breaches is only magnified when a single universal authentication system is developed. It seems to me we'd be better off leaving authentication procedures up to the individual site owner rather than having a universal authentication protocol built-into Apache. This would also be a more practical solution as a single authentication system cannot be tailored to fit all sites. I sure don't want to trust all of my on-line bank transactions to something like Passport, so the need exists for highly encrypted ultra-secure authentication on some sites, while other less secure sites like Slashdot which transmit passwords across the 'net in plain text could probably get by with using a much more basic authentication system.
-atrowe: Card-carrying Mensa member. I have no toleranse for stupidity.
Someone should come up with a catchy quote against that.
"There is no teacher but the enemy."-Mazer Rackham
Passport brilliantly combines the kludgey and unstable nature of NIS+ with the insecurity of the trusted hosts concept to produce a nine-step process with obvious opportunities (...) for security and other abuses
:)
I just love sarcasm
this sig has intentionally been left blank
When I went to read more to read the comments, there was an add for Microsoft Visual Studio .NET right below the story. Is slashdot trying to tell us something? ;)
This page was generated by a Barrel of Circus Midgets, and that is the way I like it!!!
Having 3 plans instead of one defeats the whole purpose of SINGLE sign on.
What we should have, as with any other Internet succesfull strategy is a single standard and competing implementations. That way we are insured to have compatibility and the added benefit of market competition.
Will we ever get a good single sign-on solution?
How about username and password over SSL?
Why bother.
Will we ever get a good single sign-on solution?
Yes; several of them.
Wait a minute...
As a group, the so-called "mainstream press" often appears to favor Microsoft and show an appalling lack of technical depth in its enthusiastic repetition of the latest Microsoft press release. There's been a lot of speculation on why this is and whether it even happens. So far, no definitive research provides answers one way or the other.
Hrm, is this guy trying to be funny, or is actualy that dry?
autopr0n is like, down and stuff.
Most of the time in the article they talk about a one way function, but then they bring in prime number multiplication and factoring of large numbers.
What this seems is like a secure hash function implementation using hardware?
PS. The MSNBC author does not have an understanding of the matter at hand.
When Microsoft comes up with the idea it's the worst idea ever and an obvious attempt to know everything about you - basically a tool of the devil. But when it's an open source copy-cat solution then it's all good and everyone supports it? What a bunch of hypocrites.
An open source sign on would have to store passwords and usernames in a database. Where would this data be stored, who would maintain it and whos going to pay for the upkeep. Single Sign in is really just away to capture all the data a site needs in order to sort and display ads that might interest the user. Sometimes its really cool to have personalized web experiences but where do we draw the line. When passport came out I remember saying, "Ill never use that" But as larger sites incorporated it in I found it to be useful. I think that SUN will have the answer with their new N1 plans.
pretzel_logic
Solaris 2.9, the current release, contains many single-identity tools, but they're all add-ons to the basic OS rather than being truly integrated with it. I think that Solaris 3.0 will change all that...
Correct me if I'm wrong, but isn't Solaris on version 9 or something? Someone who knows more about Solaris than I do want to tackle this?
I've seen alot about single sign on with Windows. I have liked the stuff that Novell has put in. I do like some parts, and I don't like other parts. I don't like Passport, only because then it give M$ access to all my personal information(which I wouldn't doubt they already...). But, I've seen a lot about the windows front, and MONO and other projects for GNU/Linux And/or Open Source in general. But... Has anything been done to try and combine the two where you have a single sign on for both *nix and Windows, where you can have the same favorites, address book, etc?? This is what I would like to see happen, as I use GNU/Linux (gentoo/slack) at my house, in my room, but Windows at my church/family computer/ and school. I would like to have it where I could get the same stuff on all of these machines, but I haven't seen anything about combining the two of them yet. Does anyone know if there is such a project going on??
Plan 10: Blank Passwords.
/. that I can
Why Plan 10? Heres why...
1) No one cares about me
2) Steal my credit cards they're maxed out anyways
3) I probably wouldn't mind if you changed my investments you probably would make more money that I do in the stock market
4) All of my email is mailing lists and spam, I have no friends
5) You could probably accumulate more karma on
6) Sneak preview of my bank account $0.02 (which I'm giving away here right now)
7) My social security number has been reused more times than the sayings "going forward" and "at the end of the day" combined
8) All passwords are hackable by the NSA anyways
9) At some point all information will be decrypted
10) You can have my body, but you cant take my mind
(B) + (D) + (B) + (D) = (K) + (&)
There are now two people working against passport. Liberty Alliance and now Plan9. I am more than welcome for any compition. But it will still be diffucult to have all three work together. I know of people that use passport, but the question would be are they will to trust an open source project, and stuggle finding websites that use this sign on process?
Its a great idea, but all these will struggle until websites start to incorporate them for users to sign on.
Basically they concluded that if it was implemented combining with current authentication techniques, that one could efficiently disguise the firsts methods in a criss-cross pattern. But as long as it's open source and secure who cares right?
I haven't heard about Plan 9 since taking distributed computing classes in college. I'm surprised this operating system hasn't caught on faster. Its sweet.
http://www.askthevoid.com
is a great idea. It means you have one name and one password and you don't have to bother remembering different log-ons for every different website and computer you use. However, it does provide one big problem. Someone who is trying to crack you now only has to figure out one name and password to have everything.
currently I have seperate password for online banking and my credit card and my computer and a random ftp server. If I have a single log-on someone who cracks the ftp server now has access to my bank account and credit card. Joy!
The GeekNights podcast is going strong. Listen!
no matter who does it, I didnt like passport because I dont want one group/entity holding my data, not because it was Microsoft. That still hasnt changed
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
Ever hear of Plan9 OS? the idea sounds good though, on the surface anyway..
---- Booth was a patriot ----
ldap and krb. Seriously it works great it's standard's based, supported by almost everything and anything else you need(addresses, bookmarks, ...) can be stored in ldap.
I too will question the very advisability of single sign on. There are good reasons I keep multiple banking, credit card and merchant accounts. I specifically * don't want* one single authority to be tracking my every move. I * don't want* all my finacial and personal assets and records piled up in one location. I keep a *diversified* portfolio.
What good is having your system backed up on removable media if your house burns down and * you don't have a copy off site?*
When Egghead was hacked I knew for a fact that I had to be concerned about *one* of my credit card accounts. I could watch that *one* like a hawk and the risk didn't steamroll through my whole life. The argument is, of course, that there is less risk with a well protected central account, but that account is an all or nothing sort of deal. You're either safe, or you lose everything.
I'll take the slightly greater overall risk at sustaining *some* sort of loss against the lower risk of complete and total devestation.
Do you have sort of financial insurance? Say on your car? Exact same deal. You "lose" your insurance payment against the protection from greater potential loss.
Obviously others disagree but I think that single access is just plain dumb, and all to save you a rather miniscule risk to save a few minutes of typing a year.
KFG
Will we ever get a good single sign-on solution?
Yeap. This is really easy.
all you need is just enter "linux single" during lilo startup.
"Will we ever get a good single sign-on solution?"
"In a word, 'No'"
Love,
Bill Gates
Why do we need a single signon? This is so unsecure as to not be funny.
E.g. a wife figures out the password to a husbands email account. Now she can
Read his bank account information
Read all of his other emails
Peruse his wishlist on enterbookstore.com here
etc.
Sure... most people use the same password for everything so it's a moot point but it still bothers me
I don't think that we'll ever get a single sign-on solution. Corporations always want to have there own registration forms.
There's no doubt that Passport failed for that and so did Sun.
Sorry but it just won't work. I wish it would but it just wouldn't.
I'm in a large company that uses the passgo single sign on product for synchronizing novell, domain and mainframe passwords. It goes down constantly, and often will not synchronize domain passwords, and so on. It really sucks, but I'm sure that it handles the brunt of the synchronizations. If linux could replace the mainframe apps (yeah right), then maybe we could use a better product but I'm guessing there are not a lot of options for people still stuck with apps running on S390. Anybody else have any experience with passgo?
He outlines the contraption that is Password authentication, with it's browser redirections and whatnot. Great. Yes, it sucks.
But then waffles over to an introduction to XML and encryption, talks about Microsoft putting insecure extensions into XML, starts on about how great Plan 9 is, waffles a bit about how great Plan 9 is, and never gives the Plan 9 equivalent to Microsoft's authentication procedure, which was the whole problem he started out with.
What is it? How does it work? Will it work in a browser-independant fashion (like Passport actually does), or will it require browser or even OS extensions? Yes, we know XML is great. We know authentication is great. We know Microsoft does insecure stuff. We know the Password authentication procedure is a kludge.
But in order to actually find out if the way Plan 9 is actually better, I have go read the Liberty Alliance specifications. That article completely wasted my time.
The concept of a single sign-on, no matter who makes it, is a bad one. All it would take to steal your identity and all complent sites is to get your info off one. This is more of a security issue than a "who makes it" issue. Do we trust Microsoft... a billion+ dollar company, or do we trust a bunch of free software enthusiests and company who are contributing to a project that they arent making any money off of it? Not to ruffle any feathers here, but I dont think Im going to trust the disgruntled developers who arent getting paid. This article is just a blantent attempt to say "I dont like it because its Microsoft".
"I hate Passport's integration with XP (although that might be because I hate XP)".
Simple minds "hate". Why not work on something better as opposed to "hate".
"There is no teacher but the enemy." -Mazer Rackham
"There is no teacher but the enemy."-Mazer Rackham
Kludges like NIS+ and FNS could be made to work for as long as the sysadmins wore their lucky underwear,...
Good journalist will provide resource links to where one can buy lucky underwear.
Please reply if you know of any, please...
<snicker/>
And why, oh why must every "open source/free software columnist" being their articles with a potshot to Microsoft as a way to justify Linux's existence? Must they always do that? How about letting the technology stand by itself?
So far this is the best smart-assed reply to the question! If I had mod points I'm mod it funny!
"It's not like your minds are as open as the source you love..." - Me to the majority of Slashdot.
Sheesh, evil *and* a jerk. -- Jade
It's not like apache and plan9 are looking to make it mandatory. They just want the option available for those instances when it is a useful addition. Like ChiliASP and Tomcat, if you don't need what it provides, just don't add it to your server install. But definately do not gripe that they should do it at all. Such griping is shortsighted and pointless.
/have/ to emerge if we want to see real commerce online, while I don't approve of MS having control of that technology, I recognize that MS is in some sense right...for some transactions to occur, nonrepudiation is a must.
Nonrepudiation and psuedonymic technologies will
The more people who are willing to act as trust servers in that sense, the better. Right now we have MS Hailstorm, XNS and OneName, Sun and the Liberty Alliance, and I see no reason not to add another to the mix, so long as we are moving toward standardization where players can compete on implementation of the standard.
-Tom
Single Sign On (SSO) works within a limited realm under the same control, such as within the scope of a government agency, a corporation, or a school. These bodies already exist deal with issues of various policies including privacy policies within the scope of the "realm" (i.e. the laws of the nations a multinational corporation is functioning within).
Universial SSO, such as this plan and Passport, breaks that and cannot be consistant since different companies want different privacy policies, are governed by different government legistation, yet are suppose to "control" and use the same information (the online identity credientials).
So the goal of only needing one online identity, whether a username/password, or a PIN and smartcard, within a given controlled realm such as your university does make sense. This is possible through sensible use of existing services like directory services and secure network authentication. The use of directory services such as X.400, RADIUS, and more recently LDAP (and LDAP perversions like Active Directory) can help towards this. As well as secure network authentication like Kerberos.
Universial SSO does not make sense, because of the shift of power and control is not carefully thought out in the contexts of legal issues (privacy, evidence, children online protection), contractual issues, limited and total revocation, ownership, and other issues.
Universial identities for an unlimited number of purposes does not make sense, it is a nightmare of management logistics, a total lack of correctness, legal quandary, and telemarketing hell.
An open source single sign-on won't solve the problem of a single sign-on.
The reason people hate passport isn't because its written by MS. Why don't people understand that?
Simple: Blind rage of MS.
This is, without a doubt, one of the most succinct and lucid comments I've ever read on Slashdot. Thank you, FortKnox.
Morons.
I hate Passport's integration with XP (although that might be because I hate XP). An Open Source single-sign on would be a real blessing.
Great, trade one set of inflated egos and flawed ethos for another. Was that sarcastic, nawwwww....
Make it a malt liquor. I want to be as clever and handsome as possible.
... and just read pages 1 and 5. The middle is composed of a longish explanation and history of markup languages and a basic primer on public key encryption. Most /.-type tech-saavy people will already know enough about these topics and the details provided really aren't important to the focus of the article.
Is there no editor for that web site? It seems like the editing process should have cut that article down to one page.
haahhhhahahah
i love keeping track of 40 accounts/passwords.
great, sure is KISS
Liberty freedom are no1, not dicks in suits.
This will also be The Day for Increased Finger Theft.
Mordor...a magical, mythical land where women are more rare than dragons--but where every man would rather find a dragon
However, what would be useful is a flexible system with different levels of login. For example, a single login for discussion sites like slashdot, kuro5hin etc. would probably be acceptable. Also, non-sensitive bookmarks and browser history could be kept (again depending on the user). I wouldn't want a single login for financial services, but maybe a site could know who I have my credit cards with and provide information relevant to that, like "Buy this watch with your Platinum TardCard and get double airmiles and a free toaster!". Plus a convenient link to the login for that card account.
This system could also support collaboration. Say I want to show someone a sequence of websites, or give them live access to a folder of bookmarks I maintain. I store it in my login (somehow), and then allow their ID to access it.
I think this single ID thing could be useful for sharing non-sensitive stuff. I just don't see it as a security feature. Maybe it could be a selective, pseudonymous peer-to-peer?
Or maybe I'm talking a load of shit.
I think that the idea to put every access in behind one password is bad.
I don't use the same password for all my accounts.
If is posible that anyone would change all your House, Car, Bank box keys to an unique Key?.
... for everything. It works for me! It's totally secure!
You sure can make a simple program, but it (more often than not) can be real pain to use. The structure and implementation could be simple though the user interface sucks bigtime. Even in applications like this which are meant to ease the use, some of the easy-to-use functionality must be removed to keep the system secure enough. And I think no one can deny the fact that simple programs/protocols/whatever are always easier to secure than their complex counterparts.
-- Reality checks don't bounce.
It's a common misunderstanding what "single signon" actually means. Even in this article that doesn't cover Passport in detail, when indicating the passport authentication process, look at step 3:
#3 Which redirects it back to its authorized Passport server
Notice that it's not "the" passport server, it's "its authorized...". The passport server may or may not be at Microsoft!
I'm busy setting up an LDAP server to allow a rapidly growing (and I do mean RAPIDLY growing, 4x growth in the last year) ISP to scale. We need to allow for future virtual servers, FTP, email, etc. and do so with a single authentication scheme.
LDAP does all this, and more, in a distributed, secure and encrypted fashion. Why are we bothering with HTTP "web services", when LDAP will do all this and lots more?
(Scratches head)
"Single Signon" doesn't mean there's some Microsoft server someplace the whole world logs in to, it means there's ONE server provided by somebody you trust, that authenticates you as YOU and which manages information on your behalf to determine what you should be granted/denied access to. You sign in once, and have immediate access to all the services you have set up.
There can be any number of authentication servers!
Passport, Plan 9, Kerberos, LDAP, and to a lesser extent, NIS and a few others give that ability!
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Finally! Now that we've successfully displaced MS Office with Open Office (or Star) and MSN with Gaim, and Powerpoint with Dia, and... well and Windows with Linux. FINALLY we can drive the LAST nail into the coffin of closed programming with "Plan 9"! This is truely a wonderful climax to the Opensource/Microsource epic battle....
DJ
-A sarcasm detector, now there's a useful invention
Palladium - All your freedom are belong to Microsoft and the *AA
Sticking feathers up your butt does not make you a chicken - Tyler Durden
Somebody please secure PAM and then we need to R&D an open platform for an open SecurID style token system. Then single sign on would be great.
He makes errors in his "this is how Password works" explanation:
Which uses a three-step challenge/response approach to authenticating pre-registered users
No it doesn't. It just uses a standard SSL web form. Challenge/response is used for NT Domain Authentication, which is completely unrelated to Passport. And...
After which it redirects the now authenticated user back to the Passport partner site
Which instructs the user's browser to write an authentication cookie to the user's PC
Whose presence then authenticates that PC to other Passport partner sites.
No. While the partner site can *choose* to write whatever he wants to the cookies, these cookies are invisible to other sites (just like any other cookie under standard browser settings). Passport passes encrypted querystrings.
Passport can use cookies to store the logged-in status of a user (thus saving password be re-entry when logging into different sites) but these are *only* visible to the Passport identity server. Any Passport login requires a redirection to the Passport identity server.
It is a kludge? Yes. Is it the only way to handle a single-sign-on system using standard browsers? Yes. The Liberty Alliance does the exact same thing.
The Liberty Alliance's benefit, of course, is that it's open to multiple identity servers. But a cleaner single-sign-on system requires a new application (or at least new features to be added to browsers).
haahhhhahahah
i love keeping track of 40 accounts/passwords.
Who said you had to do that?
We have already solved the problem of single password authentication, it is built right into SSH. Basically, you send you public key to anyone you want to authenticate to. Your private key resides on your computer and is password protected. A local key agent manages your private key. When you authenticate the first time, your key agent asks you for your private key's password. Note that this password is never transmitted over the network, neither is the private key. The key agent makes it unnecessary to enter the password again for any site that has your public key, a real single sign on for any system that has your public key.
Even if your system is compromised, your private key is protected by the passphrase you set for it. If the Internet sites are compromised, all the attacker gets are worthless public keys.
Why hasn't someone implemented this instead of this passport silliness? The technology has been around to do this right, why do people keep trying to do it wrong?
I've had enough abrasive sigs. Kittens are cute and fuzzy.
...but someone has really good taste in books ;-)
how long before someone decides that passport and plan 9 need to be compatible with each other so that we can a have glorified SINGLE sign-on?
if 8 plans have failed why would any body in the right mind expect the the 9th to work...
It forced people to get a passport account. 99% of XP users and 100% of MSN messanger users has passport now.
And guess what? It has no "revoke account" option like Yahoo etc. For now, MS says it will change.
Doesn't it feel like "computer hobby" (I am one of old timers) started to suck anyway?
Show me one mainstream media article which has a Microsoft bias & I'll show you a 1000 mainstream articles which are linux biased
What about a single sign on is a blessing? Is it the fact that somebody else controls access to everything you do? Is it that hard to use the same password for everything? Do you really want "web services" or things of that nature? I personally have no use for any of the above.
People who think they know everything really piss off those of us that actually do.
I agree with the insecurity thing of single point of failure. But I personally think the issue at hand is much greater here: the fact that one single entity (company) has the power to sign you on to anything on earth from Subway cars (a-la retina scan in Minority Report) to your home computer just rings the bells of fascism to me.
The saying goes: deviate and inch, and lose a thousand miles. If we let this kind of centralization intrude our lives now (early on, while we still have some say over it), we eventually might never be able to break loose of it.
But that's just me.
Agree.
According to the Passport Single Signon Protocol described in the article, it's probably much easier to break than what executives are made to believe.
The user has to be authenticated only once, and an authenticated cookie is issued, then the user is automatically authenticated to all Passport partner sites. A hijacked cookie will break the whole thing.
Attack by hijacking cookies is well known, I really don't understand why people can still buy into this kind of scheme, especially those make decision to adopt it.
I am amazed that this story seemed to sink without a trace. I would dearly love to know WTF the FTC found wrong with Passport, and what they threatened Microsoft with for Microsoft to meekly back down.
Start/Run/RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove
This worked for me. It finally stopped telling me to register my .NET Passport, and doesn't run Messenger all the time.
Here is a site with more info: http://www.kellys-korner-xp.com/xp_messenger.htm
PS: Am I violating the DMCA by posting this? Well I'm not an American citizen, but if I was?
Random is the New Order.
right about the same time when Linux gets a single unified desktop/window manager.
-ted
That already was tried (remember personal certificates?) - most SSL enabled browsers support them. The big problem (apart from the admin overhead which stopped your average joe user being interested) was that you could only log into sites from a machine which had your private key installed. Made use of cafes, public terminals etc virtually impossible. Besides which, even if I could give my private key to a public access machine, I wouldn't!
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
I hate posts that say "Mod this up," so I'll just say "Odmay isthay upway!"
- Have a picture
Displaced? From where? Yours and 100 other geeks' computers? Not exactly a triumph.
Is there any reason why www.xns.org isn't discussed ?
:-)
I feel it could also be a notable Passport competitor, no ?
Animoog.org
Exactly.
All i'd have to do is get your Plan-9 account and password, and go crazy all over the internet.
No thanks to Plan-9. No thanks to Passport.
> Even if your system is compromised, your private key is protected by the passphrase you set for it.
If it gets compromised, the cracker unfortunately gets the system silently under his control and your passphrase gets stolen very soon.
But this is not avoidable (if ssh agent forwarding not applicable in such case) as you can never trust a cracked machine you're sitting at.
Then what we need is a small hardware device that the private key resides in, which only responds to the challenge-reponse of challenges generated by your public key. A smart card could easily fill this purpose. This device would only be used if you needed to use public terminals, for home use, you could just use your hard disk to store the encrypted private key.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
If it gets compromised, the cracker unfortunately gets the system silently under his control and your passphrase gets stolen very soon.
Yes, it is possible they could insert some low level trojan to grab your passphrase, but it is significantly more difficult that any centralized server scheme. A cracker would have to go to great lengths just to get one person's valuable information, as opposed breaking into one computer and getting potentially thousands of accounts.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Wow. You just succeeded in a single post to define the very opposite of KISS. I'm impressed. That's the most convoluted mess I've ever read. Talk about silliness!
How about your keys are derived from your thumbprint with one of those biometric thingies. It wouldn't matter where you were because you could always generate the private key (it could even be stored in ram, so as to not persist after your done, just scan your thumb when you turn on the computer) at any computer (of course you'd have to trust the computer you were at) and the public key would always be the same anyway (since you'd use the same alogrithim to derive the keys from the thumbprint) and no password to remember or to be guessed or hacked or changed, unless someone chops your thumb off in which case you got problems already more likely than not. The scanner could even be an open hardware spec so you wouldn't be trusting it to one company. Really paranoid? Roll your own scanner.
Why not fork?
I can't think of a project that would make me hate getting up and going to work more.
Imagine realizing that your entire small programming team's reason for existance is simply because someone above you thinks that there is value in creating a service based on the fact that the average user is too damned lazy to create and remember proper passwords.
Do you suppose Microsoft creates worthless things like this just to get the open source community to waste time on them?
I don't think this is the case, but why does the open source world insist on always doing things "Because Microsoft has it!"
I would consider a single login system if I could physically hold the key in my hand instead of storing it on some ubersever in some datacenter ill never see.. maybe a pda type thing with a bluetooth adapter you could use to login to the bank terminal, mail account, etc
How do these things compare with Kerberos?
Thats all MS needs is a really crappy running mate in any market to maintain their "we are not a monopoly" standing. And by crappy i do not mean in function but in delivery. With an exception of Mozilla I have never heard of an Open Source app gaining mainstram acceptance. So MS can say, hey look - its a competitor, we dont control the internet!! But in reality all merchants etc will use passport because that is what they know. And rightfully so - if you were an online merchant and wanted to fuse your business in with the single sign on, would you trust a group of loosely based hackers (FUD FUD FUD) or Microsoft, which has been supplying "quality and money saving" apps for the last 20 years? This isnt flamebait, just reality.
On the editorial (or printing) side, SGML got its start the day after Gutenberg's invention of movable type made it necessary to formalize editorial instructions to typesetters. From this perspective, SGML's tags were instructional in nature, as in "start using 42 lines per page here".
The author of this sentence should not be allowed to write on the subject of structured markup. SGML has NOTHING to do with "start using 42 lines per page here." It is NOT a typesetting language; TeX is. SGML is a language that makes it possible to represent the semantic structure of a document (rather like sentence diagramming, only on a document scale), not the appearance of a document.
The rest of the discussion of SGML is equally illinformed. Imagine if someone posted an article that described Apache as a method of implementing SSL on a web server. That's how bad his understanding of SGML is.
You just succeeded in a single post to define the very opposite of KISS. I'm impressed.
It's very simple, for the end user.
When they install their OS/SingleSignOnSoftwareThingy, it says, "We will now generate the keys that you will use to access sites on the Internet, Enter a good passphrase".... It then generates your keys, and makes sure you picked a strong passphrase.
Then the software just uploads your public key when you sign up for a new site that supports this. Seamless for an end user.
If the public key is lost, or the passphrase forgetten, then of course the user is going to have to go through the hassle of proving they are who they are to sites that have the old public key, but that is necessary in any case. It could be as simple as most sites do these days, they confirm you by your email address, or it could be as complicated as faxing them your ID, as some registrars require... It all depends on the level of security needed.
To deal with public terminals or for higher security at home, the private key could be loaded onto a smart card, still protected by passphrase, the smart card never transmits the key to the computer, it only answers encrypted challenges.
Many things are technically complex, but seamless for the end user. Technical complexity isn't the issue, it's complexity for the end user that matters. This isn't even all that technically complex, it's all existing technology.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
I'm just wondering why people thought passport and the theory behind it was a horrible idea when Microsoft did it, but a great one when its Apache based.
I'm not trolling, I'm honestly curious.
Repeat as many times as possible how much you hate Microsoft and it's products, even if it's not really relevant to the topic (how does hating XP matter here?)
Slashdot (whether you like it or not) is a semi-commercial enterprise, hence it should (theoretically) try to reach as wide an audience as possible. But it's truly amazing how it keeps shooting itself into foot by posting such inane stuff (here's a newsflash for you: geek's definition is not 'someone who hates Microsoft', there are many geeks who have a positive or at least neutral attitude towards this company), and thus alienating sensible people.
Yes, I know that this emotional bashing is probably very appealing to Slashdot's younger readers. I used to be like that. But you know what, once you've worked in the industry for a while, your attitude becomes much calmer and more reasonable.
And who does actually have the purchasing power really keep Slashdot alive by subscriptions or buying goods from sponsoring companies? Not your teenage MS-basher.
Disclaimer: This was not intended as a flame, just a thought on how Slashdot could ease its financial problems.
When men used to be men
What we do need is some consitency between the information sites ask for. If sites were consistent about asking for, say, a 10 character mixed case username, a 10 character mixed case alphanumeric password, a 6 digit numeric passcode or whatever (the numbers are arbitary & not intended to represent any ideal of security) then it would be easy to just have a few passwords etc. which are used for different trust levels.
I guess most people do this already, but I'm always getting thrown by being asked for subtle variants of this information. Now if the sites were kind enough to display a number of my choosing on the login screen(to remind me which password to use) and maybe the date I last changed my password life would be much more simple. There are some sites that I have lost count of how many times I have registered because I can't recall which varient of my username I entered.
The chief problem would be keeping usernames unique - although I'm not convinced this is a problem so long as the combined credentials are unique(?)
"Linux is a serious competitor"
- Steve Ballmer, Chief Executive Microsoft Corp.
I use a different password for all my accounts, and often different usernames. Yes, sometimes it can be difficult to remember, but it's a hell of a lot more secure than one single sign-on. With a single sign-on system, if you've cracked someone's username/password, you have access to everything of theirs!
I'd sacrifice the convenience of a single sign-on for the security of multiple seperate sign-ons.
Yes... Good Point. Similar to mine, but without the scathing sarcasm. And undoubtedly nobody in the linux community uses the passport functionality either.
I like Linux. I like Unix. I use Windows a lot. I have a Passport and, yes, it is integrated into the XP OS. Once you get past the narrow-minded M$ hating notions, it is actually quite handy.
Do I worry about it leaving me open to hack attacks and marketing invasion? No, not really. Information I really care about is not exposed via my passport. It is all safely locked up elsewhere. Dont dismiss it on principle - if you dont like the idea dont use it. Simple as that.
'Internet! Is that thing still around?' - Homer Simpson
whether it's 'sign on' or 'sign in' (or 'log'), conversly 'sign off' or 'sign out' (or 'log') - only once that's settled can the issue of single sign-xx be seriously tackled.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
My bank requires a password. For 'additional security' they also require my mothers maiden name, my fathers first name, my place of birth and the name of my first school. The terms and conditions were recently changed to state that if these any of these 'security details' should become known to anyone else I must inform them immediately. Naturally I immediately phoned them to point out that the name of my first school was well known to many people and that the other three were in fact matters of public record. They didn't seem to think this was a problem.
There seems to be great confusion about what actually constitutes 'secure'. There needs to be consensus which solutions can be measured against before any single sign on solution can be widely accepted. Perhaps the biggest worry is making any solution future proof, undoubtably this will be hampered by governments who like to outlaw strong cryptography.
"Linux is a serious competitor"
- Steve Ballmer, Chief Executive Microsoft Corp.
First, this is one of the worst article ever written. The author mixes so many different things that have absolutely nothing in common.
:-)
He is trying to explain many different things (open source, XML, SGML, the future of Solaris, etc.) and does a poor job at most of them.
Anyway, here are some comments related to what the article should be talking about. (I was talking with the Plan9 people about factotum no later than yesterday
Plan9 authentication (called factotum) is very similar to SSH agent. The main differences are that (1) ssh agent works only for ssh while factotum can work with any "factotum aware applications" and (2) factotum uses a central secure store.
In terms of difference with Passport and LA, I think the approaches are dual.
(1) Factotum/SSH agent is about: 1 master key that gives you access (it is more than that) to other keys.
(2) Liberty Alliance (federated single sign on) offers as many keys as there are authenticators all linked to the same identity (the linking is the magic behind the federation).
(3) Passport is a centralized single sign-on.
It is not clear to me which way is better between 1 and 2.
Here is an interesting scenario for single sign-on: m-commerce. I am on my cell phone, I browse the amazon web site and I purchase a book. What should happen?
Today, you need to authenticate as an Amazon user in order to complete the transaction. But this is unnecessary. When you use your cell phone, the telephony network knows who you are (and make sure that your airtime minutes get debited from your account). You are already authenticated.
In the single sign-on scenario, the telephony operator should be able to "propagate" the authentication to amazon. You should be able to purchase without having to authenticate a second time.
OK, some people will argue that if your cell phone gets stolen, shit will happen. For such a scenario, we can imagine that the authentication to the telephony network requires some extra credentials (e.g. pin number, or even better voice authentication).
"I hate Passport" "I hate XP" "I want something new"
Everybody agrees with him.
What would be if he said:
"I hate Plan 9" "I hate Linux" "I want something new"
Flame war time!
Maybe if some people would concetrate on how to deploy certain products and apply certain solutions, they wouldn't be so narrow minded. Now mod me down as a troll, just because there is no "-1, MS friendly" button.
Haven't seen the movie. Plan 9 has been around for some time -- big AT&T research project into distributed systems.
I believe there was also a Plan 9 video game -- based on the movie, not the operating system.
May we never see th
"We're all interested in the future because that's where we'll all live one day."
OK. There are so many posts now that completely miss what factotum is about that I feel like I have to clarify. I don't claim to be an expert, but I've used Plan 9 as my main desktop OS for the last couple of years and have used factotum for authentication every day for the last several months (that is, since its public release).
Factotum does not require that you store your passwords anywhere. If you do store them, you can put them where you like --- i.e. an encrypted file on your hard disk, a secure server elsewhere that you access via an encrypted connection, a smartcard, whatever. What factotum does do is talk all of the various authentication protocols on behalf of the various service programs. This way a given auth protocol can be implemented once and all the other programs can use that implementation. This is no more a "single point of failure" than a shared library. Even if you store your passwords, it's no more of a risk than storing your ssh private key encrypted on your computer. There need not be any third party involved.
As to factotum being an alternative to Passport or Liberty Alliance, yes, it could be used instead of either of those. But if either or both of those became popular, they could be implemented as just another authentication protocol that factotum supports. Factotum is not an auth protocol, it's a method of implementing and managing authentication in a networked system.
The real beauty of factotum is its simplicity. The entire Plan 9 factotum implementation is just over 6000 lines of C. A lot of that is just the various authentication protocols (it supports 10 or 11 different protocols right now). If you remove that code, then the basic factotum service is only around 2500 lines. If you have to trust some software, I'd rather trust simple software. It's easier to debug and easier to verify.
Micah Stetson
There are plenty of things I want from computing before getting rid of the simple inconvenience of remembering multiple passwords and user names. Let's work on those first. For instance: Encrypted email and instant message traffic. Network daemons without remote security holes in them. More fine-grained access control to resources. Universal unicode support. Support for writing real applications in modern programming languages.
...is that they took a great OS (Windows 2000) and then mucked it up. Windows 2000 was a heckuva lot better than previous releases of windows; Windows XP is, in many ways, a step down.
;)
A few of the things I don't like:
- "integration" (which doesn't mean anything except the damn things can't be uninstalled) of Messenger and Windows Media Player. Which means, for instance, that the only way to uninstall the WMP9 Beta is to do a fucking System Restore. On Windows 2000, you just uninstall it. It was bad enough that previous version were like that with IE, but, unlike IE, there's ABSOLUTE NO TECHNICAL REASON AT ALL to do that with WMP or Messenger.
- Related topic: the pestersome and difficult to get rid of Messenger whenever you log in a new account.
- Product activation. Sure, it's no problem, most of the time. Unless it becomes a problem. Certainly, there's no upside to the damn thing from any consumer's POV.
- Assorted "make it easier and more friendly to use" features that are a pain in the ass to turn off ("Simple" file sharing, the Fisher-Price look, etc.)
- Etc.
Basically, they created a great product with Windows 2000, that was reliable and easy-to-use without getting in the way of the power user, and then started fucking it all up.
There was a similar article recently about "roaming profiles", and I brought up the same idea. Seriously, Jabber is capable of having a single-signon in its current state (no change to clients). And because Jabber is a distributed system where anyone can run a server, basically any problem anyone has mentioned so far in this entire comment board is non-existent.
Slashdot could easily allow logins via Jabber presence. Passwords aren't even needed, since Jabber presence is authoritative. Then I could log into such websites from wherever there is a Jabber client, all using my own personal server (none of this Microsoft-controlled Passport BS).
-Justin
Judge for yourself. Plan 9's Factotum security architecture was described in a paper presented at the USENIX Security '02 conference in August. The paper won the 'Best Paper' award, so it clearly impressed some people.
factotum (plan 9's authentication agent) is not a single sign-on solution, although it can be when used in conjunction with secstore. what it does mean is that applications do not have to be burdened with complex and error-prone authentication code, and that there is one, well-verified, point in the system that holds secrets and understands the protocols.
in the factotum scheme, you can mark certain accounts (e.g. your bank account access) so that they will always require a password to be entered; you can also use the scheme without secstore (which is what i'm doing currently) which just forces you to type in each password the first time it's required. secstore is a means to store all your passwords in one place securely, which you can then use to prime factotum.
this is the essence of the plan 9 approach - choose an abstraction and write it in a simple, modular way so that it's applicable to a wide range of previously unanticipated scenarios. it's a wonderful system, and one that carries forward the true unix tradition, something that UNIX lost long ago.
Hmmm. One big downside - you only have two thumbs. If someone compromises your encryption twice, your SOL as far as creating new keys goes.
1. Mistrust between competing businesses and organizations means that few entities will ever put their faith in a commercial entity that 'owns' a central database, unless it is government regulated, and even that will concern some.
2. Single sign ons work well for branded entities, such as MSN, AOL/ICQ, Yahoo and our own forthcoming services. Why? Because consumers tend to either like or dislike the way particular companies design their products (or services). There are those who always buy Volvo or BMW or Nike. I for one prefer Yahoo over all other portals for their good design and lack of spam. The mistrust covered in 1 (above) mean that mixing your brands with one sign on is unlikely to happen.
3. New smart browsers, such as Netscape 7 (Mozilla) already remember all your passwords, so unless you switch to a different device, much loging on is done for you.
4. Multiple logins does have one advantage that if you do accidentally give your login and password away, at least it may only provide access to one or two particular services or bank accounts - no everything.
5. In an ideal world, the single signon would be great. We originally planned for oNumber to become THE global signon, but we (O'WONDER) know it won't happen and so it will be purely used to access our own forthcoming services and we don't pretend otherwise. Members can de-activate their accounts on demand if they ever feel their privacy is being violated.
5. Once more frightening thought: With video cameras popping up everywhere (in particular in the UK), be assured that as part of the "war against terrorism", many people (perhaps you reading this) are already in some secret database with your photo and preferred web site surfing habits, newsgroup postings, Slashdot postings etc all logged against your details, just in case you do start to dialog in such a way as to arous the suspicion of the authorities, whoever they may be. Whither Revolution?
O'WONDERWe're working on it.
Nobody is going to wait for an SCPS packet to return an authentication token when visiting Mars or perhaps something slightly more distant in the 'Universe' such as the nearest star.
So long as the universe is bigger than a planet, we have no worries about this 'Universal login' concept ever becoming 'truly universal'.
Todd Fries
But UNIX and Linux have SSH and ssh-agent. It's not as elegant as Plan 9's file servers, but it is just as flexible. SSH is built around the idea of establishing secure and authenticated tunnels. And SSH with ssh-agent has become, for many purposes, the separate entity into which cryptography has been factored on Linux and UNIX: SSH gives you secure, authenticated remote system administration, the ability to transfer large amounts of data securely, the ability to create secure communications channels, and it is used by systems like rsync as its secure and authenticated transport protocol.
Maybe rather than reinventing the wheel, we should figure out how to extend what is already used and works. For that, we need a clearer idea of what problem "single sign-on" is supposed to solve that ssh and key agents/keychains aren't already solving, and then to figure out what we can do about it. And there isn't a whole lot I can think of that ssh isn't solving, at least in principle. Of course, wide, practical deployment for something like web services would require a set of UIs to be developed for Windows users and a lot of salesmanship. But, then, the same is true for whatever Sun cooks up.
hi
I wrote and published a web-based SSI protocol
/.ers are calling for. Let's use it!
at
http://www.pay2send.com/ais/AIS.html
Since I've draggegd my heels about patenting the
damn thing, there are no IP restrictions on it
Please feel free to implement AIS servers and
embed AIS clients in your web services.
I even wrote an AIS client module and uploaded it
to CPAN as CGI::AIS::Session.pm
view the embedded documentation
AIS is the "Let's do something better!" that some of you
I'm building a CMS that spans multiple virtual sites on the same server, and I considered implementing a single-sign-on system where if you logged into one site on the server, you would be able to access any other site in the CMS (as long as you were a member of that site as well!) without having to log in again.
I nearly built it, because I'm constantly switching from site to site and it's a pain to log in so often. But then the following (purely fictional, I assure you) scenario occurred to me:
"Hey dude, when I go to whaleporn.org on your computer, it has you logged in as *ladyDolphin69*! What's up with that?!? I never knew you were into big mammals..."
SSO is akin to spooky action at a distance: log in to one place and you've logged into them all. No thanks.
Though I would never use a single sign on myself so many people would that I do believe it's good that we have an open source alternative.
I don't know what the whole hype is about, and why nobody stops and asks if we really want a "single sign-on", any of them.
Yes, it's easier and people are lazy. From a security POV, however, it's a nightmare come true - everything from your banking details to your private e-mail protected by:
a) a single, usually bad, password on your side
b) the security of a central database on the server side
Sounds like a desaster waiting to happen.
Assorted stuff I do sometimes: Lemuria.org
If someone learns your single source login then they can easily impersonate you everywhere, not just on one site.
It is real easy to trick ordinary users into giving away their passport login names and user IDs. Create a bogus site. Have the bogus site display a realistic Passport login page that says "Your Passport Login has expired, please re-enter it." Most folks will just follow the instruction. The page then just stores the login name and password in a file. It is the oldest computer Trogan Horse known and it will still work amazingly well because users won't realize that it isn't a Microsoft Login Page.
Now if they had a single sign on solution, possibly also a roming profile, built into a flash memory card in an encrypted form then I might be quite enthusiastic about the idea.
Too bad no public terminals support smart cards.
I'm sure its been said before, but when Plan 9 is mentioned, I can't help but think of Ed Wood and his film "Plan 9 From Outer Space," often regarded as the worst movie ever. Somehow, having a name like that can't help anyone take something like this seriously.
"Hey brother Christian with your high and mighty errand / your actions speak so loud I can't hear a word you're saying"
I once joined a startup that was based on a good idea that incorporated SSO, but the VP of Engineering swore to me the company would never abuse that power. Within months, marketing managers were telling me that end users "wanted" us to abuse SSO "for their own good." For legal reasons, I won't go into more detail, but the company I left was not the company I joined -- all because of the temptation SSO brings.
End Users believe that SSO is a gift from heaven because it allows them to mindlessly go through the "troublesome" task of authenticating themselves. This has several implications:
- Authentication is designed to require you to use your brain. It's like the roughed-up pavement that precedes many toll booths, saying, "you're going to need to wake up now."
- Authentication is designed to require you to use your brain. It helps ensure that you are the only one who has access to certain data. You should not be entrusting this to a conscience-free multinational who has no qualms about "sharing" your access with all its employees, partners and anyone who pays them enough money.
- One of the places most consumers often see authentication forms are on shopping sites. When you are going to buy something, you have to go through the steps of entering your username and password, entering your credit card number, your address, etc. It's a protective speed bump that makes you think before you purchase. With SSO (or One-Click), you have no way of knowing when you've "authorized" a charge to your credit card. You assume that it's only when you click a button, but the fact is you've authorized the company to charge your card whenever it claims you want to buy something.
- Single point of failure. Enough said.
- Memory decay. When you use SSO, you tend to forget your user names and passwords because you don't need them. Then when your SSO provider does something you don't like and you decide to leave, you feel like you can't. You're trapped because you can't remember that data -- you think you need that service to continue accessing your other services. Even if the SSO service provides a method of retrieving your passwords, most users are unaware of it.
- Then, of course, there are the tracking issues. The SSO provider will track all the sites you visit, sell that data and market appropriately. Common sense, yet commonly ignored by the common End User.
A wise wizard would do well to distance himself and everyone he can from this evil.This is the worst article ever. Just look at the section headings:
Page 1 How Apache & Plan 9 will defeat Microsoft's Passport
Page 2 XML's roots go back to 1957
Page 3 Defining an XML DTD
Page 4 Encryption to the rescue!
Page 5 Liberty Alliance
What the hell?
When Microsoft does it, its an abomination. When Open Source does it, it's a blessing.
Suppose you have a single sign on validated by Microsoft or some other organisation.
You use it to buy Antiques, Foreign holidays, Jewelry etc. You are building a profile with Microsoft as a person with plenty of disposible income.
THATS INFORMATION WORTH SELLING.
So now you want to buy something from an online shop, that shop can buy your profile from Microsoft and based on that, charge more money because you are not a price sensitive customer.
It isn't all bad. Single sign-on could come in quite handy for employees in a large company, or students at a University.
Paul Murphy (the LW author of the article) seems to have been fooled by the Plan9 folk's self-proclaimed status as "Open Source". However, neither the OSI nor the FSF agrees. The FSF has even posted a detailed analysis of the problems with the Plan9 license.
Now, depending on your own philosophy (or lack thereof), you may or may not care personally whether this code is truly free/OSS/whatever, but in practical terms, what it means is that neither Red Hat nor Debian is going to buy into this solution, which pretty much means that it's probably dead in the water. Oh, I suppose it might be accepted by the UnitedLinux folks, but I'm not holding my breath on that.
Quite frankly, I do not trust any entity to be my single point of entry. I despise the thought of a universal single sign-on. Sure, in a few instances with related sites and unimportant info I could stomach the trade off of levels of security with ease of use. But for the vast majority of my daily sign-ins, I like having different passwords kept by different companies/computers. Passport, Plan9, whatever, you can leave me out.
- I love animals. I try to eat at least one a day.
I work for a large bank, one of the largest. A few years back we adopted a single-signon technology to try and apease the 6000+ users in the company who were complaining that they had to remember 20 different passwords that had different requirements and all expired at different intervals.
Actually we didn't adopt it, it cost us millions of dollars. The company that sold it to us said it would put an end to our password woes and we would reap the rewards by cutting our support staff and lessening the load on our call-centre. It did no such thing... Our call-centre volume tripled, the cost of implementation (not to mention training) was horrendous and our support staff were overwhelmed.
Fast forward to now, 4 years later. We have an entire department dedicated to customizing our in-house applications (and some purchaced via the regular sources) to work with this beast, the helpdesk and support staff are still inindated with calls to do with our single-signon menace and management won't get rid of the thing because it would mean admitting a mistake was made that cost us millions and having to retrain our user population would cost even more!
And security!? It used to be when a password was guessed and a system compromised, the guesser still had to guess the password(s) to any application(s) they needed to do any real damage. Now...we've eliminated that inconvenience.
Now I like Windows XP. Yet I don't use hotmail. I don't even have a Passport. So what's all this about needing one for WinXP?
"You are not a beautiful and unique snowflake."...Tyler Durden
it's a wonderful system, and one that carries forward the true unix tradition, something that UNIX lost long ago.
Dare I say PAM?
Pretty much every Linux distribution uses it these days.
My exception safety is -fno-exceptions.
Some people might find this interesting. Users of IE 5.5 and 6.0 who also use Microsoft Passport are vulnerable to impersonation, as is demonstrated in the following article:
http://shiflett.org/articles/passport_hacking_revi sited/
Recall the first example of Passport impersonation that was published in 2600 that demonstrated how to compromise the account of IE 4.0 - 5.0 users.
Combined, this means that users of all versions of IE > 3 who also use Passport are exposed to a severe risk of impersonation.
I think there is already a great single sign on solution, PGP, use PGP to sign into web pages, the page would use a encrypt a random challenge to the client, which would have to decrypt the challenge and send back. Most of us already have PGP keys, and there is a great keyserver infrastructure, why not use what we already have? And if you dont want to use your email key there could be a system where you just put .single.sign.on at the end of your email address to idenify the key you want to use for signing on instead of messages. Just put the key on a disk and all of a sudden single sign on gets alot more secure.
Single sign-on has everyone thinking that there is one large database with all of your information in it. What if it wasn't designed that way?
How about this:
Everyone has a database on their computer with all of the information they need in order to do transactions and every time you sign up with someone else's computer system your system retains that information in your own personal database. Then the next time you go to that particular place it asks your computer if you've been there before and it only gathers up what it needs in order to get you going again.
Now this is still the same thing it's just that each computer holds it's own information and (hopefully) the other computer does not store any more than just your account number and password. This would also make single-point failures almost impossible because who cares about just an account number and password. It gets you nothing. Instead, someone would have to first get all of your information off of your computer before it is worth anything.
Just a thought
I think comparing ANYTHING to Al Qaeda, Hitler, or the Barney-JarJar Alliance should be frowned upon.
I move to have an appropriate amendment to Godwin's Law signed into the Signal to Ratio Codex.
Anyone want to second?
The message on the other side of this sig is false.
SSH already includes most of what you need to achieve single sign-on without trusting your credentials to anyone. I was really excited to learn about this a couple of years ago so I'm passing this info along. The only problem is that the procedure for setting it up isn't obvious. If you're running Linux and have OpenSSH installed, try this. (Excuse me if I mistype any of the directions):
/dev/null
/dev/null
:-)
/etc/passwd) and a "network" password (the password for the ssh keyfile). Some might want to reduce it even further, using the ssh keyfile to log in to the workstation. I like the idea of keeping them separate, though.
;-)
ssh-keygen -t rsa
Follow the prompts, storing your new key in ~/.ssh/id_rsa . Make sure you set a password for your key, so that if someone manages to steal your keyfile, they still won't be able to use it without the password.
Now copy the file ~/.ssh/id_rsa.pub into the ".ssh/authorized_keys2" file on servers you want to access using your private key. For example, if you currently have password access to a server called "gandalf", copy your key like this:
scp ~/.ssh/id_rsa.pub gandalf:~/.ssh/authorized_keys2
(If you already have an authorized_keys2 file, you'll want to append the new key using a temporary file instead of overwrite.) Now ssh to the box like this:
ssh -2 gandalf
The -2 forces use of SSH protocol version 2, which you'll need in order to use a key of the type you created. When it prompts you for a password, enter the password for your key file rather than the normal SSH password. If you're able to log in this way, you're well on your way.
Now you'll want to allow SSH to remember your password for the duration of a login session. "ssh-agent" does this in a secure manner. Mandrake 8.x, in fact, checks for the presence of ssh keys and runs ssh-agent automatically if it finds them, which is really handy. Other distributions may do the same. Just to get started, though, type this:
eval `ssh-agent`
This starts a new ssh-agent and sets up environment variables so ssh knows how to find the running ssh-agent. Then type this:
ssh-add ~/.ssh/id_rsa
Alternatively, if you also have the openssh-askpass-gnome package installed (find out using "rpm -qa|grep ssh"), you can enter your password graphically:
ssh-add ~/.ssh/id_rsa <
Enter the password for your keyfile. Then ssh -2 to your server again. If everything worked, you'll log in without entering your password again. Sweet, huh?
Finally, if you're running KDE on Mandrake or another distribution that automatically runs ssh-agent, and you have openssh-askpass-gnome installed, add a file to ~/.kde/Autostart called "askpass" with the following script:
#!/bin/sh
ssh-add ~/.ssh/id_rsa <
Then "chmod a+x ~/.kde/Autostart/askpass". Now, every time you log in to X, you'll be prompted to enter your keyfile password. After entering the password, you'll be able to ssh everywhere you have your authorized_keys set up, and you won't have to type your passwords again throughout the session. The freedom and security this gives you is wonderful. It makes the servers feel like an easy to access extension of your workstation. Just don't forget your "real" passwords, because you may lose your keyfile someday.
Now, all of this is difficult to set up for a non-geek. Perhaps we need a little program with a few hand-holding wizards for setting this up.
Software like Mozilla needs to integrate with this. Mozilla has a "software security device" that stores passwords encrypted by a master password. There must be some way it can integrate with ssh-agent instead of prompting for a master password. Currently, when I log in, I have to enter three passwords, but only once per session. I'd like to reduce that to two: a "workstation" password (from
So that's my proposal for open source single sign-on: just integrate with ssh-agent. It's secure, it's reliable, it's decentralized, and if you're running Linux, it's probably already installed on your computer. Take that, Passport.
Use Zope!
I am probably one of the few people who actually knew anything about Plan-9 before they saw this article - it's not exactly very widely known about.
However, if you read the Plan-9 license, although it is similar to other free software licenses, it is more like the Netscape Public License in spirit, rather than the GPL, or the BSD licenses.
What does this mean? Well, it's not too bad, but awkward licensing agreements make life difficult for developers - if it's not compatible with the GPL or BSD licenses, don't expect to see code from the Linux or BSD kernels ported to it any time soon. That could slow down the implementation of new features and standards.
Also, Plan-9 was revolutionary for it's time, but it's starting to look a bit old new. I mean, you've been able to download or get a CD copy of it for years, but hardly anybody has even heard of it, let alone even tried it out.
It's a nice operating system, but so was VMS, and how many people are working on the OpenVMS project? Not exactly taking the world by storm, is it?
Linux gained popularity, because a few years ago, business people who were in touch with the hackers' world, realised that they could more or less use Redhat 'off-the-shelf' to replace other *nix machines. BSD gained some popularity in the business world, but Linux was the closest thing to a 'put in the CD and go', solution.
Plan-9 is not a direct free replacement for any current operating system. It could be, but it's not *nix, so what is it good for replacing? Plan-9 on the desktop would be great, but very few people outside the technical world could adapt to it easily, and more importantly, you have to change your way of working to take advantage of it's new features. In that respect, it's a bit like OS-X.
Another example - you can consider a KDE desktop to be pretty intuitive for a Windows user - if they need to use applications such as Koffice, they will immediately feel quite 'at home'. By contrast, the *nix command line is not at all intuitive for an experienced DOS user. You can learn the *nix equililents of the DOS commands, but to take advantage of the power of *nix, you need to start using things like symbolic links, pipes and redirection, (pipes and redirection exist in DOS, but their power and usage is far greater i *nix), and therefore you have to change the way you work to take advantage of *nix compared with DOS. With KDE, you can work how you did in Windows, and be productive.
It's the same with Plan-9. It's not intuitive to anyone, really, except possibly really dedicated *nix users, so it's not likely to catch on any time soon.
I knew open source peeps were all punks. See, Plan 9 is a punk band!
This sig is stolen from someone who had a much better idea than I had.
"Hmmm. One big downside - you only have two thumbs. If someone compromises your encryption twice, your SOL as far as creating new keys goes."
;)
Don't worry, with both of my hands and both of my feet I have a total of _20_ finger/toe-prints, enough to get around for a while.
"The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers." Bill Gates,
That already was tried (remember personal certificates?) - most SSL enabled browsers support them.
The problem with personal certs is that they were designed to make money for the cert authorities, not to make life easier for the user.
If the browser install procedure included a create presonal cert, upload public key to keyserver, it might have caught on. As another reply suggested, smart cards handling signatures would also have helped.
Plan9 the OPERATING SYSTEM, not the Movie. It`s really sad when people talk about things they have no idea about. Did you bother to read the fucking article ?
Please try to limit the amount of "this room doesn't have any bazingas"
until you are told that those rooms are "punched out." Once punched out,
we have a right to complain about atrocities, missing bazingas, and such.
-- N. Meyrowitz
- this post brought to you by the Automated Last Post Generator...