Slashdot Mirror
Passport vs. Plan 9
netphilter writes "LinuxWorld is carrying an article about how Apache and Plan 9 are going to defeat Microsoft's Passport. I hate Passport's integration with XP (although that might be because I hate XP). An Open Source single-sign on would be a real blessing. Will we ever get a good single sign-on solution?"
The question should be: Do we really want a single sign in solution? I don't like passport, or its integration into XP and I probably won't like a Linux version. Single sign in sounds terribly insecure. I suppose the Linux version might be more secure since as Microsoft says, their products aren't made for security.
FoundNews.com - get paid to blog.,
but isn't the biggest thing against single-sign-on the fact that there's a single point of failure? why would open source change that?
FreeBSD for the impatient.
Good to see people forming opinions based on facts and information rather then knee jerk reactionism.
Oh wait.....
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Not only does Passport go against the KISS philosophy embraced by many Unix and Linux developers, but the potential for security breaches is only magnified when a single universal authentication system is developed. It seems to me we'd be better off leaving authentication procedures up to the individual site owner rather than having a universal authentication protocol built-into Apache. This would also be a more practical solution as a single authentication system cannot be tailored to fit all sites. I sure don't want to trust all of my on-line bank transactions to something like Passport, so the need exists for highly encrypted ultra-secure authentication on some sites, while other less secure sites like Slashdot which transmit passwords across the 'net in plain text could probably get by with using a much more basic authentication system.
-atrowe: Card-carrying Mensa member. I have no toleranse for stupidity.
An open source sign on would have to store passwords and usernames in a database. Where would this data be stored, who would maintain it and whos going to pay for the upkeep. Single Sign in is really just away to capture all the data a site needs in order to sort and display ads that might interest the user. Sometimes its really cool to have personalized web experiences but where do we draw the line. When passport came out I remember saying, "Ill never use that" But as larger sites incorporated it in I found it to be useful. I think that SUN will have the answer with their new N1 plans.
pretzel_logic
I too will question the very advisability of single sign on. There are good reasons I keep multiple banking, credit card and merchant accounts. I specifically * don't want* one single authority to be tracking my every move. I * don't want* all my finacial and personal assets and records piled up in one location. I keep a *diversified* portfolio.
What good is having your system backed up on removable media if your house burns down and * you don't have a copy off site?*
When Egghead was hacked I knew for a fact that I had to be concerned about *one* of my credit card accounts. I could watch that *one* like a hawk and the risk didn't steamroll through my whole life. The argument is, of course, that there is less risk with a well protected central account, but that account is an all or nothing sort of deal. You're either safe, or you lose everything.
I'll take the slightly greater overall risk at sustaining *some* sort of loss against the lower risk of complete and total devestation.
Do you have sort of financial insurance? Say on your car? Exact same deal. You "lose" your insurance payment against the protection from greater potential loss.
Obviously others disagree but I think that single access is just plain dumb, and all to save you a rather miniscule risk to save a few minutes of typing a year.
KFG
<snicker/>
And why, oh why must every "open source/free software columnist" being their articles with a potshot to Microsoft as a way to justify Linux's existence? Must they always do that? How about letting the technology stand by itself?
>Do you trust Microsoft enough to give them the
>key to all of your personal information?
Do you trust ANY company enough to give them the key to all of your personal information?
-l
You sure can make a simple program, but it (more often than not) can be real pain to use. The structure and implementation could be simple though the user interface sucks bigtime. Even in applications like this which are meant to ease the use, some of the easy-to-use functionality must be removed to keep the system secure enough. And I think no one can deny the fact that simple programs/protocols/whatever are always easier to secure than their complex counterparts.
-- Reality checks don't bounce.
It's a common misunderstanding what "single signon" actually means. Even in this article that doesn't cover Passport in detail, when indicating the passport authentication process, look at step 3:
#3 Which redirects it back to its authorized Passport server
Notice that it's not "the" passport server, it's "its authorized...". The passport server may or may not be at Microsoft!
I'm busy setting up an LDAP server to allow a rapidly growing (and I do mean RAPIDLY growing, 4x growth in the last year) ISP to scale. We need to allow for future virtual servers, FTP, email, etc. and do so with a single authentication scheme.
LDAP does all this, and more, in a distributed, secure and encrypted fashion. Why are we bothering with HTTP "web services", when LDAP will do all this and lots more?
(Scratches head)
"Single Signon" doesn't mean there's some Microsoft server someplace the whole world logs in to, it means there's ONE server provided by somebody you trust, that authenticates you as YOU and which manages information on your behalf to determine what you should be granted/denied access to. You sign in once, and have immediate access to all the services you have set up.
There can be any number of authentication servers!
Passport, Plan 9, Kerberos, LDAP, and to a lesser extent, NIS and a few others give that ability!
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Since most websites are apache on unix anyway they can't choose passport. And open source generaly is quite well respected these days.
right about the same time when Linux gets a single unified desktop/window manager.
-ted
The point is that there is GOING TO BE single sign-on. The market demands it. Most people get frustrated with having to remember more than one password, and with having to log in more than once. It confuses them. I would much rather have an open source solution than a proprietary one (especially controlled by M$).
"Herbivores eat well cause their food never, ever runs."
Then what we need is a small hardware device that the private key resides in, which only responds to the challenge-reponse of challenges generated by your public key. A smart card could easily fill this purpose. This device would only be used if you needed to use public terminals, for home use, you could just use your hard disk to store the encrypted private key.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
I think everyone is missing the point.
Single signon allows you to use hard tokens (either the changing number kind, smartcards, etc.). No one site can afford them for their own use (though Bank of America uses them for medium-sized businesses) but they're quite affordable if everyone shares. Most people don't want 20-30 smartcards anyway.
The cry of single point of failure is really a desire for security through obscurity. Most people I know have a text file with tens to hundreds of passwords (I have 25 or so for work and about 150 for home). They don't change them on a regular basis. (I'm forced to change mine every 60 days -- another reason for the text file) Where's the security?
If I had one password accompanied by a hard token I'd have it memorized and you'd have to mug me to get the token. A single system also allows proper redundancy, security monitoring, etc. You can also have multiple passwords if desired/required -- what's important is that the same security infrastructure is utilized for compatibility (token type, etc.). Just because Microsoft's passport is awful, doesn't mean the SSO concept isn't sound.
I like Linux. I like Unix. I use Windows a lot. I have a Passport and, yes, it is integrated into the XP OS. Once you get past the narrow-minded M$ hating notions, it is actually quite handy.
Do I worry about it leaving me open to hack attacks and marketing invasion? No, not really. Information I really care about is not exposed via my passport. It is all safely locked up elsewhere. Dont dismiss it on principle - if you dont like the idea dont use it. Simple as that.
'Internet! Is that thing still around?' - Homer Simpson
factotum (plan 9's authentication agent) is not a single sign-on solution, although it can be when used in conjunction with secstore. what it does mean is that applications do not have to be burdened with complex and error-prone authentication code, and that there is one, well-verified, point in the system that holds secrets and understands the protocols.
in the factotum scheme, you can mark certain accounts (e.g. your bank account access) so that they will always require a password to be entered; you can also use the scheme without secstore (which is what i'm doing currently) which just forces you to type in each password the first time it's required. secstore is a means to store all your passwords in one place securely, which you can then use to prime factotum.
this is the essence of the plan 9 approach - choose an abstraction and write it in a simple, modular way so that it's applicable to a wide range of previously unanticipated scenarios. it's a wonderful system, and one that carries forward the true unix tradition, something that UNIX lost long ago.
If someone learns your single source login then they can easily impersonate you everywhere, not just on one site.
It is real easy to trick ordinary users into giving away their passport login names and user IDs. Create a bogus site. Have the bogus site display a realistic Passport login page that says "Your Passport Login has expired, please re-enter it." Most folks will just follow the instruction. The page then just stores the login name and password in a file. It is the oldest computer Trogan Horse known and it will still work amazingly well because users won't realize that it isn't a Microsoft Login Page.
Now if they had a single sign on solution, possibly also a roming profile, built into a flash memory card in an encrypted form then I might be quite enthusiastic about the idea.