Slashdot Mirror
Passport vs. Plan 9
netphilter writes "LinuxWorld is carrying an article about how Apache and Plan 9 are going to defeat Microsoft's Passport. I hate Passport's integration with XP (although that might be because I hate XP). An Open Source single-sign on would be a real blessing. Will we ever get a good single sign-on solution?"
Single Sign On (SSO) works within a limited realm under the same control, such as within the scope of a government agency, a corporation, or a school. These bodies already exist deal with issues of various policies including privacy policies within the scope of the "realm" (i.e. the laws of the nations a multinational corporation is functioning within).
Universial SSO, such as this plan and Passport, breaks that and cannot be consistant since different companies want different privacy policies, are governed by different government legistation, yet are suppose to "control" and use the same information (the online identity credientials).
So the goal of only needing one online identity, whether a username/password, or a PIN and smartcard, within a given controlled realm such as your university does make sense. This is possible through sensible use of existing services like directory services and secure network authentication. The use of directory services such as X.400, RADIUS, and more recently LDAP (and LDAP perversions like Active Directory) can help towards this. As well as secure network authentication like Kerberos.
Universial SSO does not make sense, because of the shift of power and control is not carefully thought out in the contexts of legal issues (privacy, evidence, children online protection), contractual issues, limited and total revocation, ownership, and other issues.
Universial identities for an unlimited number of purposes does not make sense, it is a nightmare of management logistics, a total lack of correctness, legal quandary, and telemarketing hell.
haahhhhahahah
i love keeping track of 40 accounts/passwords.
Who said you had to do that?
We have already solved the problem of single password authentication, it is built right into SSH. Basically, you send you public key to anyone you want to authenticate to. Your private key resides on your computer and is password protected. A local key agent manages your private key. When you authenticate the first time, your key agent asks you for your private key's password. Note that this password is never transmitted over the network, neither is the private key. The key agent makes it unnecessary to enter the password again for any site that has your public key, a real single sign on for any system that has your public key.
Even if your system is compromised, your private key is protected by the passphrase you set for it. If the Internet sites are compromised, all the attacker gets are worthless public keys.
Why hasn't someone implemented this instead of this passport silliness? The technology has been around to do this right, why do people keep trying to do it wrong?
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Start/Run/RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove
This worked for me. It finally stopped telling me to register my .NET Passport, and doesn't run Messenger all the time.
Here is a site with more info: http://www.kellys-korner-xp.com/xp_messenger.htm
PS: Am I violating the DMCA by posting this? Well I'm not an American citizen, but if I was?
Random is the New Order.
Plan 9 is an operating system.
To say that you've never heard of it, and because of that it is therefore worthless, is awfully presumptuous.
You can get Plan 9 from CheapBytes.
It was supposed to be the next evolution of UNIX, even created by the guys who came up with UNIX in the first place. But UNIX was too popular, and Plan 9 never really caught on.
But this article seems a bit outdated, or maybe the author has been living in the stone age. Solaris 2.9? 3.0? Unless I'm gravely mistaken, we're at Solaris 9 right now, and I don't see a lot of shops running Plan 9.