Slashdot Mirror
Passport vs. Plan 9
netphilter writes "LinuxWorld is carrying an article about how Apache and Plan 9 are going to defeat Microsoft's Passport. I hate Passport's integration with XP (although that might be because I hate XP). An Open Source single-sign on would be a real blessing. Will we ever get a good single sign-on solution?"
Do we really want a single sign on?
The question should be: Do we really want a single sign in solution? I don't like passport, or its integration into XP and I probably won't like a Linux version. Single sign in sounds terribly insecure. I suppose the Linux version might be more secure since as Microsoft says, their products aren't made for security.
FoundNews.com - get paid to blog.,
Here I was worried that a company with billions of dollars would be able to dominate the market with their single sign on technology, but apparently some technology I have never heard of that is named after an Ed Wood movie will defeat it.
Can we mod the article -1, Presumputous?
Do not taunt Happy Fun Ball(TM)
but isn't the biggest thing against single-sign-on the fact that there's a single point of failure? why would open source change that?
FreeBSD for the impatient.
"Will we ever get a good single sign-on solution?"
What about NDS/Single Sign On from Novell? I haven't looked at it in a while, but last I checked, it ran on most server operating systems (including Linux), makes administration a *lot* easier, and is pretty secure. What's not to like? (besides the fact that it's not opensource/freesoftware) I guess I shouldn't be surprised, since Novell's marketing sucks. They have great technology, but have had a lot of trouble turning that into products.
Good to see people forming opinions based on facts and information rather then knee jerk reactionism.
Oh wait.....
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Not only does Passport go against the KISS philosophy embraced by many Unix and Linux developers, but the potential for security breaches is only magnified when a single universal authentication system is developed. It seems to me we'd be better off leaving authentication procedures up to the individual site owner rather than having a universal authentication protocol built-into Apache. This would also be a more practical solution as a single authentication system cannot be tailored to fit all sites. I sure don't want to trust all of my on-line bank transactions to something like Passport, so the need exists for highly encrypted ultra-secure authentication on some sites, while other less secure sites like Slashdot which transmit passwords across the 'net in plain text could probably get by with using a much more basic authentication system.
-atrowe: Card-carrying Mensa member. I have no toleranse for stupidity.
Someone should come up with a catchy quote against that.
"There is no teacher but the enemy."-Mazer Rackham
Having 3 plans instead of one defeats the whole purpose of SINGLE sign on.
What we should have, as with any other Internet succesfull strategy is a single standard and competing implementations. That way we are insured to have compatibility and the added benefit of market competition.
Will we ever get a good single sign-on solution?
How about username and password over SSL?
Why bother.
Will we ever get a good single sign-on solution?
Yes; several of them.
Wait a minute...
As a group, the so-called "mainstream press" often appears to favor Microsoft and show an appalling lack of technical depth in its enthusiastic repetition of the latest Microsoft press release. There's been a lot of speculation on why this is and whether it even happens. So far, no definitive research provides answers one way or the other.
Hrm, is this guy trying to be funny, or is actualy that dry?
autopr0n is like, down and stuff.
An open source sign on would have to store passwords and usernames in a database. Where would this data be stored, who would maintain it and whos going to pay for the upkeep. Single Sign in is really just away to capture all the data a site needs in order to sort and display ads that might interest the user. Sometimes its really cool to have personalized web experiences but where do we draw the line. When passport came out I remember saying, "Ill never use that" But as larger sites incorporated it in I found it to be useful. I think that SUN will have the answer with their new N1 plans.
pretzel_logic
I've seen alot about single sign on with Windows. I have liked the stuff that Novell has put in. I do like some parts, and I don't like other parts. I don't like Passport, only because then it give M$ access to all my personal information(which I wouldn't doubt they already...). But, I've seen a lot about the windows front, and MONO and other projects for GNU/Linux And/or Open Source in general. But... Has anything been done to try and combine the two where you have a single sign on for both *nix and Windows, where you can have the same favorites, address book, etc?? This is what I would like to see happen, as I use GNU/Linux (gentoo/slack) at my house, in my room, but Windows at my church/family computer/ and school. I would like to have it where I could get the same stuff on all of these machines, but I haven't seen anything about combining the two of them yet. Does anyone know if there is such a project going on??
Plan 10: Blank Passwords.
/. that I can
Why Plan 10? Heres why...
1) No one cares about me
2) Steal my credit cards they're maxed out anyways
3) I probably wouldn't mind if you changed my investments you probably would make more money that I do in the stock market
4) All of my email is mailing lists and spam, I have no friends
5) You could probably accumulate more karma on
6) Sneak preview of my bank account $0.02 (which I'm giving away here right now)
7) My social security number has been reused more times than the sayings "going forward" and "at the end of the day" combined
8) All passwords are hackable by the NSA anyways
9) At some point all information will be decrypted
10) You can have my body, but you cant take my mind
(B) + (D) + (B) + (D) = (K) + (&)
is a great idea. It means you have one name and one password and you don't have to bother remembering different log-ons for every different website and computer you use. However, it does provide one big problem. Someone who is trying to crack you now only has to figure out one name and password to have everything.
currently I have seperate password for online banking and my credit card and my computer and a random ftp server. If I have a single log-on someone who cracks the ftp server now has access to my bank account and credit card. Joy!
The GeekNights podcast is going strong. Listen!
no matter who does it, I didnt like passport because I dont want one group/entity holding my data, not because it was Microsoft. That still hasnt changed
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
I too will question the very advisability of single sign on. There are good reasons I keep multiple banking, credit card and merchant accounts. I specifically * don't want* one single authority to be tracking my every move. I * don't want* all my finacial and personal assets and records piled up in one location. I keep a *diversified* portfolio.
What good is having your system backed up on removable media if your house burns down and * you don't have a copy off site?*
When Egghead was hacked I knew for a fact that I had to be concerned about *one* of my credit card accounts. I could watch that *one* like a hawk and the risk didn't steamroll through my whole life. The argument is, of course, that there is less risk with a well protected central account, but that account is an all or nothing sort of deal. You're either safe, or you lose everything.
I'll take the slightly greater overall risk at sustaining *some* sort of loss against the lower risk of complete and total devestation.
Do you have sort of financial insurance? Say on your car? Exact same deal. You "lose" your insurance payment against the protection from greater potential loss.
Obviously others disagree but I think that single access is just plain dumb, and all to save you a rather miniscule risk to save a few minutes of typing a year.
KFG
>Correct me if I'm wrong, but isn't Solaris on
>version 9 or something?
"Solaris 7", "Solaris 8", and "Solaris 9" are actually 2.7, 2.8, and 2.9 respectively.
To add confusion, internally it's SunOS 5.x.
-l
Will we ever get a good single sign-on solution?
Yeap. This is really easy.
all you need is just enter "linux single" during lilo startup.
Why do we need a single signon? This is so unsecure as to not be funny.
E.g. a wife figures out the password to a husbands email account. Now she can
Read his bank account information
Read all of his other emails
Peruse his wishlist on enterbookstore.com here
etc.
Sure... most people use the same password for everything so it's a moot point but it still bothers me
I don't think that we'll ever get a single sign-on solution. Corporations always want to have there own registration forms.
There's no doubt that Passport failed for that and so did Sun.
Sorry but it just won't work. I wish it would but it just wouldn't.
Kludges like NIS+ and FNS could be made to work for as long as the sysadmins wore their lucky underwear,...
Good journalist will provide resource links to where one can buy lucky underwear.
Please reply if you know of any, please...
<snicker/>
And why, oh why must every "open source/free software columnist" being their articles with a potshot to Microsoft as a way to justify Linux's existence? Must they always do that? How about letting the technology stand by itself?
It's not like apache and plan9 are looking to make it mandatory. They just want the option available for those instances when it is a useful addition. Like ChiliASP and Tomcat, if you don't need what it provides, just don't add it to your server install. But definately do not gripe that they should do it at all. Such griping is shortsighted and pointless.
/have/ to emerge if we want to see real commerce online, while I don't approve of MS having control of that technology, I recognize that MS is in some sense right...for some transactions to occur, nonrepudiation is a must.
Nonrepudiation and psuedonymic technologies will
The more people who are willing to act as trust servers in that sense, the better. Right now we have MS Hailstorm, XNS and OneName, Sun and the Liberty Alliance, and I see no reason not to add another to the mix, so long as we are moving toward standardization where players can compete on implementation of the standard.
-Tom
Single Sign On (SSO) works within a limited realm under the same control, such as within the scope of a government agency, a corporation, or a school. These bodies already exist deal with issues of various policies including privacy policies within the scope of the "realm" (i.e. the laws of the nations a multinational corporation is functioning within).
Universial SSO, such as this plan and Passport, breaks that and cannot be consistant since different companies want different privacy policies, are governed by different government legistation, yet are suppose to "control" and use the same information (the online identity credientials).
So the goal of only needing one online identity, whether a username/password, or a PIN and smartcard, within a given controlled realm such as your university does make sense. This is possible through sensible use of existing services like directory services and secure network authentication. The use of directory services such as X.400, RADIUS, and more recently LDAP (and LDAP perversions like Active Directory) can help towards this. As well as secure network authentication like Kerberos.
Universial SSO does not make sense, because of the shift of power and control is not carefully thought out in the contexts of legal issues (privacy, evidence, children online protection), contractual issues, limited and total revocation, ownership, and other issues.
Universial identities for an unlimited number of purposes does not make sense, it is a nightmare of management logistics, a total lack of correctness, legal quandary, and telemarketing hell.
An open source single sign-on won't solve the problem of a single sign-on.
The reason people hate passport isn't because its written by MS. Why don't people understand that?
Simple: Blind rage of MS.
This is, without a doubt, one of the most succinct and lucid comments I've ever read on Slashdot. Thank you, FortKnox.
But in order to actually find out if the way Plan 9 is actually better, I have go read the Liberty Alliance specifications. That article completely wasted my time.
I have to agree with you here. The extended history of markup languages and primer on public key incryption are completely superfluous and add nothing useful to the article. I keep hearing good things about Plan 9 but he doesn't go into enough detail to understand what is really so great about its model.
... and just read pages 1 and 5. The middle is composed of a longish explanation and history of markup languages and a basic primer on public key encryption. Most /.-type tech-saavy people will already know enough about these topics and the details provided really aren't important to the focus of the article.
This will also be The Day for Increased Finger Theft.
Mordor...a magical, mythical land where women are more rare than dragons--but where every man would rather find a dragon
It's a common misunderstanding what "single signon" actually means. Even in this article that doesn't cover Passport in detail, when indicating the passport authentication process, look at step 3:
#3 Which redirects it back to its authorized Passport server
Notice that it's not "the" passport server, it's "its authorized...". The passport server may or may not be at Microsoft!
I'm busy setting up an LDAP server to allow a rapidly growing (and I do mean RAPIDLY growing, 4x growth in the last year) ISP to scale. We need to allow for future virtual servers, FTP, email, etc. and do so with a single authentication scheme.
LDAP does all this, and more, in a distributed, secure and encrypted fashion. Why are we bothering with HTTP "web services", when LDAP will do all this and lots more?
(Scratches head)
"Single Signon" doesn't mean there's some Microsoft server someplace the whole world logs in to, it means there's ONE server provided by somebody you trust, that authenticates you as YOU and which manages information on your behalf to determine what you should be granted/denied access to. You sign in once, and have immediate access to all the services you have set up.
There can be any number of authentication servers!
Passport, Plan 9, Kerberos, LDAP, and to a lesser extent, NIS and a few others give that ability!
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Palladium - All your freedom are belong to Microsoft and the *AA
Sticking feathers up your butt does not make you a chicken - Tyler Durden
Since most websites are apache on unix anyway they can't choose passport. And open source generaly is quite well respected these days.
haahhhhahahah
i love keeping track of 40 accounts/passwords.
Who said you had to do that?
We have already solved the problem of single password authentication, it is built right into SSH. Basically, you send you public key to anyone you want to authenticate to. Your private key resides on your computer and is password protected. A local key agent manages your private key. When you authenticate the first time, your key agent asks you for your private key's password. Note that this password is never transmitted over the network, neither is the private key. The key agent makes it unnecessary to enter the password again for any site that has your public key, a real single sign on for any system that has your public key.
Even if your system is compromised, your private key is protected by the passphrase you set for it. If the Internet sites are compromised, all the attacker gets are worthless public keys.
Why hasn't someone implemented this instead of this passport silliness? The technology has been around to do this right, why do people keep trying to do it wrong?
I've had enough abrasive sigs. Kittens are cute and fuzzy.
I agree with the insecurity thing of single point of failure. But I personally think the issue at hand is much greater here: the fact that one single entity (company) has the power to sign you on to anything on earth from Subway cars (a-la retina scan in Minority Report) to your home computer just rings the bells of fascism to me.
The saying goes: deviate and inch, and lose a thousand miles. If we let this kind of centralization intrude our lives now (early on, while we still have some say over it), we eventually might never be able to break loose of it.
But that's just me.
Agree.
According to the Passport Single Signon Protocol described in the article, it's probably much easier to break than what executives are made to believe.
The user has to be authenticated only once, and an authenticated cookie is issued, then the user is automatically authenticated to all Passport partner sites. A hijacked cookie will break the whole thing.
Attack by hijacking cookies is well known, I really don't understand why people can still buy into this kind of scheme, especially those make decision to adopt it.
Start/Run/RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove
This worked for me. It finally stopped telling me to register my .NET Passport, and doesn't run Messenger all the time.
Here is a site with more info: http://www.kellys-korner-xp.com/xp_messenger.htm
PS: Am I violating the DMCA by posting this? Well I'm not an American citizen, but if I was?
Random is the New Order.
right about the same time when Linux gets a single unified desktop/window manager.
-ted
That already was tried (remember personal certificates?) - most SSL enabled browsers support them. The big problem (apart from the admin overhead which stopped your average joe user being interested) was that you could only log into sites from a machine which had your private key installed. Made use of cafes, public terminals etc virtually impossible. Besides which, even if I could give my private key to a public access machine, I wouldn't!
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
"My friends, can your hearts stand the shocking facts about grave robbers from outer space?"
"Ah yes, Plan 9 deals with the resurrection of the dead. Long distance electrodes shot into the pineal pituitary glands of recent dead."
"Sometimes in the night when it does get a little lonely I reach over and touch it, then it doesn't seem so lonely anymore."
"Because all you of Earth are idiots!"
How ya like dat?
Single sign on, where you log in once and can get straight into a load of different accounts (webmail, credit card, bank, local council benefits office, etc.) is clearly a bad idea, because of the single-point-of-failure problem.
That's what's great about the way SSH does it. Basically, you upload your public key to any server you want to authenticate to, your private key resides on your computer and is encrypted with a passphrase. ssh-agent is a resident program that manages your private keys. It will ask you for your private key passphrase the first time you use it, then you don't have to type it again, unless you step away from your computer, after a time-out interval, ssh-agent will forget your passphrase for security purposes.
For having multiple levels of security, you just have multiple keysets, you upload the public key for one private key to the throwaway sites, and set a relatively weak passphrase for it, since it isn't as important, and have another private/public pair that you use for high security sites, which has a really hard password on it.
In case of a local compromise, your private keys are protected by the passphrase encryption, in the case of a compromise of the Internet host, the attacker gets nothing but your public key, which is useless anyway.
These problems are already solved. I don't see what the debate is about, and why people are afraid of single sign on... after all, one really really hard password that never leaves your local computer is way more secure than 10 easy to remember passwords, some of which may be the same password.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Then what we need is a small hardware device that the private key resides in, which only responds to the challenge-reponse of challenges generated by your public key. A smart card could easily fill this purpose. This device would only be used if you needed to use public terminals, for home use, you could just use your hard disk to store the encrypted private key.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
I would consider a single login system if I could physically hold the key in my hand instead of storing it on some ubersever in some datacenter ill never see.. maybe a pda type thing with a bluetooth adapter you could use to login to the bank terminal, mail account, etc
On the editorial (or printing) side, SGML got its start the day after Gutenberg's invention of movable type made it necessary to formalize editorial instructions to typesetters. From this perspective, SGML's tags were instructional in nature, as in "start using 42 lines per page here".
The author of this sentence should not be allowed to write on the subject of structured markup. SGML has NOTHING to do with "start using 42 lines per page here." It is NOT a typesetting language; TeX is. SGML is a language that makes it possible to represent the semantic structure of a document (rather like sentence diagramming, only on a document scale), not the appearance of a document.
The rest of the discussion of SGML is equally illinformed. Imagine if someone posted an article that described Apache as a method of implementing SSL on a web server. That's how bad his understanding of SGML is.
Repeat as many times as possible how much you hate Microsoft and it's products, even if it's not really relevant to the topic (how does hating XP matter here?)
Slashdot (whether you like it or not) is a semi-commercial enterprise, hence it should (theoretically) try to reach as wide an audience as possible. But it's truly amazing how it keeps shooting itself into foot by posting such inane stuff (here's a newsflash for you: geek's definition is not 'someone who hates Microsoft', there are many geeks who have a positive or at least neutral attitude towards this company), and thus alienating sensible people.
Yes, I know that this emotional bashing is probably very appealing to Slashdot's younger readers. I used to be like that. But you know what, once you've worked in the industry for a while, your attitude becomes much calmer and more reasonable.
And who does actually have the purchasing power really keep Slashdot alive by subscriptions or buying goods from sponsoring companies? Not your teenage MS-basher.
Disclaimer: This was not intended as a flame, just a thought on how Slashdot could ease its financial problems.
When men used to be men
What we do need is some consitency between the information sites ask for. If sites were consistent about asking for, say, a 10 character mixed case username, a 10 character mixed case alphanumeric password, a 6 digit numeric passcode or whatever (the numbers are arbitary & not intended to represent any ideal of security) then it would be easy to just have a few passwords etc. which are used for different trust levels.
I guess most people do this already, but I'm always getting thrown by being asked for subtle variants of this information. Now if the sites were kind enough to display a number of my choosing on the login screen(to remind me which password to use) and maybe the date I last changed my password life would be much more simple. There are some sites that I have lost count of how many times I have registered because I can't recall which varient of my username I entered.
The chief problem would be keeping usernames unique - although I'm not convinced this is a problem so long as the combined credentials are unique(?)
"Linux is a serious competitor"
- Steve Ballmer, Chief Executive Microsoft Corp.
Assuming the a bank caves into the pressure of offering single sign on services (be they Sun/MS/NKOTB/etc.), what well-respected financial institution worth its salt would not request some other little widget of confirmation info? Kinda like extra 3-4 digit number on CCs now.
"Welcome back, Joe Blow, please provide your Ferderal Massive Dollars of Walla Walla ID number."
Single sign in would then be for the more harmless kinda stuff. And if a bank did rely entirely on Passport/whatever, then change banks.
This whole thing doesn't seem quite some earth-shattering to me.
PDHoss
======================================
Writers get in shape by pumping irony.
I like Linux. I like Unix. I use Windows a lot. I have a Passport and, yes, it is integrated into the XP OS. Once you get past the narrow-minded M$ hating notions, it is actually quite handy.
Do I worry about it leaving me open to hack attacks and marketing invasion? No, not really. Information I really care about is not exposed via my passport. It is all safely locked up elsewhere. Dont dismiss it on principle - if you dont like the idea dont use it. Simple as that.
'Internet! Is that thing still around?' - Homer Simpson
"I hate Passport" "I hate XP" "I want something new"
Everybody agrees with him.
What would be if he said:
"I hate Plan 9" "I hate Linux" "I want something new"
Flame war time!
Maybe if some people would concetrate on how to deploy certain products and apply certain solutions, they wouldn't be so narrow minded. Now mod me down as a troll, just because there is no "-1, MS friendly" button.
Haven't seen the movie. Plan 9 has been around for some time -- big AT&T research project into distributed systems.
I believe there was also a Plan 9 video game -- based on the movie, not the operating system.
May we never see th
Personally, I'm still trying to figure out what Glenn Danzig has to do with all this.
Maybe it's just me.
I'm not a prophet or a stone-age man,
I'm just a mortal with potential of a super man.
There are plenty of things I want from computing before getting rid of the simple inconvenience of remembering multiple passwords and user names. Let's work on those first. For instance: Encrypted email and instant message traffic. Network daemons without remote security holes in them. More fine-grained access control to resources. Universal unicode support. Support for writing real applications in modern programming languages.
There was a similar article recently about "roaming profiles", and I brought up the same idea. Seriously, Jabber is capable of having a single-signon in its current state (no change to clients). And because Jabber is a distributed system where anyone can run a server, basically any problem anyone has mentioned so far in this entire comment board is non-existent.
Slashdot could easily allow logins via Jabber presence. Passwords aren't even needed, since Jabber presence is authoritative. Then I could log into such websites from wherever there is a Jabber client, all using my own personal server (none of this Microsoft-controlled Passport BS).
-Justin
factotum (plan 9's authentication agent) is not a single sign-on solution, although it can be when used in conjunction with secstore. what it does mean is that applications do not have to be burdened with complex and error-prone authentication code, and that there is one, well-verified, point in the system that holds secrets and understands the protocols.
in the factotum scheme, you can mark certain accounts (e.g. your bank account access) so that they will always require a password to be entered; you can also use the scheme without secstore (which is what i'm doing currently) which just forces you to type in each password the first time it's required. secstore is a means to store all your passwords in one place securely, which you can then use to prime factotum.
this is the essence of the plan 9 approach - choose an abstraction and write it in a simple, modular way so that it's applicable to a wide range of previously unanticipated scenarios. it's a wonderful system, and one that carries forward the true unix tradition, something that UNIX lost long ago.
SunOS is the kernel, Solaris is the distribution. Solaris version numbers changed with the relase of SunOS 5.7.
Solaris 9 is sometimes refered to as Solaris 2.9.
SunOS 5.0 = Solaris 2.0
SunOS 5.1 = Solaris 2.1
SunOS 5.2 = Solaris 2.2
SunOS 5.3 = Solaris 2.3
SunOS 5.4 = Solaris 2.4
SunOS 5.5 = Solaris 2.5
SunOS 5.5.1 = Solaris 2.5.1
SunOS 5.6 = Solaris 2.6
SunOS 5.7 = Solaris 7
SunOS 5.8 = Solaris 8
SunOS 5.9 = Solaris 9
But UNIX and Linux have SSH and ssh-agent. It's not as elegant as Plan 9's file servers, but it is just as flexible. SSH is built around the idea of establishing secure and authenticated tunnels. And SSH with ssh-agent has become, for many purposes, the separate entity into which cryptography has been factored on Linux and UNIX: SSH gives you secure, authenticated remote system administration, the ability to transfer large amounts of data securely, the ability to create secure communications channels, and it is used by systems like rsync as its secure and authenticated transport protocol.
Maybe rather than reinventing the wheel, we should figure out how to extend what is already used and works. For that, we need a clearer idea of what problem "single sign-on" is supposed to solve that ssh and key agents/keychains aren't already solving, and then to figure out what we can do about it. And there isn't a whole lot I can think of that ssh isn't solving, at least in principle. Of course, wide, practical deployment for something like web services would require a set of UIs to be developed for Windows users and a lot of salesmanship. But, then, the same is true for whatever Sun cooks up.
Though I would never use a single sign on myself so many people would that I do believe it's good that we have an open source alternative.
I don't know what the whole hype is about, and why nobody stops and asks if we really want a "single sign-on", any of them.
Yes, it's easier and people are lazy. From a security POV, however, it's a nightmare come true - everything from your banking details to your private e-mail protected by:
a) a single, usually bad, password on your side
b) the security of a central database on the server side
Sounds like a desaster waiting to happen.
Assorted stuff I do sometimes: Lemuria.org
If someone learns your single source login then they can easily impersonate you everywhere, not just on one site.
It is real easy to trick ordinary users into giving away their passport login names and user IDs. Create a bogus site. Have the bogus site display a realistic Passport login page that says "Your Passport Login has expired, please re-enter it." Most folks will just follow the instruction. The page then just stores the login name and password in a file. It is the oldest computer Trogan Horse known and it will still work amazingly well because users won't realize that it isn't a Microsoft Login Page.
Now if they had a single sign on solution, possibly also a roming profile, built into a flash memory card in an encrypted form then I might be quite enthusiastic about the idea.
Too bad no public terminals support smart cards.
I once joined a startup that was based on a good idea that incorporated SSO, but the VP of Engineering swore to me the company would never abuse that power. Within months, marketing managers were telling me that end users "wanted" us to abuse SSO "for their own good." For legal reasons, I won't go into more detail, but the company I left was not the company I joined -- all because of the temptation SSO brings.
End Users believe that SSO is a gift from heaven because it allows them to mindlessly go through the "troublesome" task of authenticating themselves. This has several implications:
- Authentication is designed to require you to use your brain. It's like the roughed-up pavement that precedes many toll booths, saying, "you're going to need to wake up now."
- Authentication is designed to require you to use your brain. It helps ensure that you are the only one who has access to certain data. You should not be entrusting this to a conscience-free multinational who has no qualms about "sharing" your access with all its employees, partners and anyone who pays them enough money.
- One of the places most consumers often see authentication forms are on shopping sites. When you are going to buy something, you have to go through the steps of entering your username and password, entering your credit card number, your address, etc. It's a protective speed bump that makes you think before you purchase. With SSO (or One-Click), you have no way of knowing when you've "authorized" a charge to your credit card. You assume that it's only when you click a button, but the fact is you've authorized the company to charge your card whenever it claims you want to buy something.
- Single point of failure. Enough said.
- Memory decay. When you use SSO, you tend to forget your user names and passwords because you don't need them. Then when your SSO provider does something you don't like and you decide to leave, you feel like you can't. You're trapped because you can't remember that data -- you think you need that service to continue accessing your other services. Even if the SSO service provides a method of retrieving your passwords, most users are unaware of it.
- Then, of course, there are the tracking issues. The SSO provider will track all the sites you visit, sell that data and market appropriately. Common sense, yet commonly ignored by the common End User.
A wise wizard would do well to distance himself and everyone he can from this evil.Paul Murphy (the LW author of the article) seems to have been fooled by the Plan9 folk's self-proclaimed status as "Open Source". However, neither the OSI nor the FSF agrees. The FSF has even posted a detailed analysis of the problems with the Plan9 license.
Now, depending on your own philosophy (or lack thereof), you may or may not care personally whether this code is truly free/OSS/whatever, but in practical terms, what it means is that neither Red Hat nor Debian is going to buy into this solution, which pretty much means that it's probably dead in the water. Oh, I suppose it might be accepted by the UnitedLinux folks, but I'm not holding my breath on that.
I work for a large bank, one of the largest. A few years back we adopted a single-signon technology to try and apease the 6000+ users in the company who were complaining that they had to remember 20 different passwords that had different requirements and all expired at different intervals.
Actually we didn't adopt it, it cost us millions of dollars. The company that sold it to us said it would put an end to our password woes and we would reap the rewards by cutting our support staff and lessening the load on our call-centre. It did no such thing... Our call-centre volume tripled, the cost of implementation (not to mention training) was horrendous and our support staff were overwhelmed.
Fast forward to now, 4 years later. We have an entire department dedicated to customizing our in-house applications (and some purchaced via the regular sources) to work with this beast, the helpdesk and support staff are still inindated with calls to do with our single-signon menace and management won't get rid of the thing because it would mean admitting a mistake was made that cost us millions and having to retrain our user population would cost even more!
And security!? It used to be when a password was guessed and a system compromised, the guesser still had to guess the password(s) to any application(s) they needed to do any real damage. Now...we've eliminated that inconvenience.
Now I like Windows XP. Yet I don't use hotmail. I don't even have a Passport. So what's all this about needing one for WinXP?
"You are not a beautiful and unique snowflake."...Tyler Durden
That already was tried (remember personal certificates?) - most SSL enabled browsers support them.
The problem with personal certs is that they were designed to make money for the cert authorities, not to make life easier for the user.
If the browser install procedure included a create presonal cert, upload public key to keyserver, it might have caught on. As another reply suggested, smart cards handling signatures would also have helped.