Passport vs. Plan 9

netphilter writes "LinuxWorld is carrying an article about how Apache and Plan 9 are going to defeat Microsoft's Passport. I hate Passport's integration with XP (although that might be because I hate XP). An Open Source single-sign on would be a real blessing. Will we ever get a good single sign-on solution?"

Thank god

[Anixamander]

Here I was worried that a company with billions of dollars would be able to dominate the market with their single sign on technology, but apparently some technology I have never heard of that is named after an Ed Wood movie will defeat it.

Can we mod the article -1, Presumputous?

Re:Thank god

[Loligo]

>Do you trust Microsoft enough to give them the
>key to all of your personal information?

Do you trust ANY company enough to give them the key to all of your personal information?

-l

Re:Thank god

[richieb]

... but apparently some technology I have never heard of that is named after an Ed Wood movie will defeat it.

Apparently the guys that named this technology have a record for coming up with silly names. Just imagine they named their first project "UNIX". That project also faded into obsurity. Didn't it?

Why try and recreate a bad idea

[atrowe]

It seems to me that Microsoft's Passport authentication is a bad idea in the first place, and the free software community should look toward more intelligent alternatives rather than try and emulate Passport's functionality.

Not only does Passport go against the KISS philosophy embraced by many Unix and Linux developers, but the potential for security breaches is only magnified when a single universal authentication system is developed. It seems to me we'd be better off leaving authentication procedures up to the individual site owner rather than having a universal authentication protocol built-into Apache. This would also be a more practical solution as a single authentication system cannot be tailored to fit all sites. I sure don't want to trust all of my on-line bank transactions to something like Passport, so the need exists for highly encrypted ultra-secure authentication on some sites, while other less secure sites like Slashdot which transmit passwords across the 'net in plain text could probably get by with using a much more basic authentication system.

Single sign-ons.

[Christopher+Thomas]

Will we ever get a good single sign-on solution?

Yes; several of them.

Wait a minute...

Re:correct me if i'm wrong

I certainly don't want a single sign on. Yes, it's a single point of failure. But it's more than that. It's one-stop shopping for anybody who wants to intrude into your life or totally violate your privacy. I don't like passport. I won't like any other system of the same ilk.

I keep differnt account names on different systems. I use multiple passwords that follow rules for mixing case, special chars, and numerics. I never have any programs remember my passwords. It's a hassle to keep up with but I feel a bit more like no one is watching all of what I do.

Am I a paranoid tin-foil hat type? No, I'm an honest up-standing citizen type. I don't think I want to give the keys to my life to anyone, though. I don't want some a hacker breaking in and messing up my life. Nor do I want to be perfectly profiled by a bunch of marketing droids.

Single sign on is great - for a single system. I do not want and will not use single sign on for the internet.

My plan...

[T3kno]

Plan 10: Blank Passwords.

Why Plan 10? Heres why...

1) No one cares about me
2) Steal my credit cards they're maxed out anyways
3) I probably wouldn't mind if you changed my investments you probably would make more money that I do in the stock market
4) All of my email is mailing lists and spam, I have no friends
5) You could probably accumulate more karma on /. that I can
6) Sneak preview of my bank account $0.02 (which I'm giving away here right now)
7) My social security number has been reused more times than the sayings "going forward" and "at the end of the day" combined
8) All passwords are hackable by the NSA anyways
9) At some point all information will be decrypted
10) You can have my body, but you cant take my mind

Re:single sign-on

[unicron]

The terms "linux" and "single" seem to go hand in hand.

Re: yep 40 accounts, is so simple...

[GigsVT]

haahhhhahahah

i love keeping track of 40 accounts/passwords.

Who said you had to do that?

We have already solved the problem of single password authentication, it is built right into SSH. Basically, you send you public key to anyone you want to authenticate to. Your private key resides on your computer and is password protected. A local key agent manages your private key. When you authenticate the first time, your key agent asks you for your private key's password. Note that this password is never transmitted over the network, neither is the private key. The key agent makes it unnecessary to enter the password again for any site that has your public key, a real single sign on for any system that has your public key.

Even if your system is compromised, your private key is protected by the passphrase you set for it. If the Internet sites are compromised, all the attacker gets are worthless public keys.

Why hasn't someone implemented this instead of this passport silliness? The technology has been around to do this right, why do people keep trying to do it wrong?

How to disable Passport integration with XP

[Drakonian]

Remove Windows Messenger by running this command:

Start/Run/RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove

This worked for me. It finally stopped telling me to register my .NET Passport, and doesn't run Messenger all the time.

Here is a site with more info: http://www.kellys-korner-xp.com/xp_messenger.htm

PS: Am I violating the DMCA by posting this? Well I'm not an American citizen, but if I was?