Passport vs. Plan 9

netphilter writes "LinuxWorld is carrying an article about how Apache and Plan 9 are going to defeat Microsoft's Passport. I hate Passport's integration with XP (although that might be because I hate XP). An Open Source single-sign on would be a real blessing. Will we ever get a good single sign-on solution?"

Why try and recreate a bad idea

[atrowe]

It seems to me that Microsoft's Passport authentication is a bad idea in the first place, and the free software community should look toward more intelligent alternatives rather than try and emulate Passport's functionality.

Not only does Passport go against the KISS philosophy embraced by many Unix and Linux developers, but the potential for security breaches is only magnified when a single universal authentication system is developed. It seems to me we'd be better off leaving authentication procedures up to the individual site owner rather than having a universal authentication protocol built-into Apache. This would also be a more practical solution as a single authentication system cannot be tailored to fit all sites. I sure don't want to trust all of my on-line bank transactions to something like Passport, so the need exists for highly encrypted ultra-secure authentication on some sites, while other less secure sites like Slashdot which transmit passwords across the 'net in plain text could probably get by with using a much more basic authentication system.

Re:Thank god

[Loligo]

>Do you trust Microsoft enough to give them the
>key to all of your personal information?

Do you trust ANY company enough to give them the key to all of your personal information?

-l