Slashdot Mirror

← Back to Stories (view on slashdot.org)

Liberty Alliance Plans Passport Interoperability

Posted by ryuzaki0 on from the last-nail-in-that-coffin dept.

EvanDelay writes "The Liberty Alliance Project, which is developing Web technology to facilitate single sign-on authentication, plans to support interoperability between its system and Microsoft Corp.'s rival Passport system. Computerworld has the story."

3 of 81 comments (clear)

  1. Re:DO we want that? by IamTheRealMike · · Score: 5, Interesting
    But personally, i agree with what another Slashdot reader said: its the browser's job to look after a user's password. a single username and password for all your site's is absolutly retarded security-wise.

    No, it's extremely smart security wise. Now, for all I know you may be the paragon of good security practice, but most people are not. In fact, most people, faced with a morass of passwords for various different services do something that is extremely bad and set all their passwords to the same thing. I've done this, for instance, because it's either that or write down all my passwords (which of course some people do) and keep them on my computer, which means I cannot access any services when I don't have that list.

    There is this fantastically common misconception that centralising your various digital identities will somehow decrease security. Not true! There's a reason most of us have 1 (perhaps 2) personal email accounts. We don't have 100 email accounts with different user names and passwords because the truly minor increase in security that would bring is nowhere near worth the major increase in hassle.

    Single sign on is coming people, and when it arrives not only will 95% of the computer using population be more secure because of it, but computers will be dramatically easier to use as well.

    I've read the liberty specs in more detail than most of the people here on slashdot I'd bet, as I'm working on a server that contains an (open source) implementation of them. No, it's not released yet, perhaps in a few months. But believe me, the LA specs are not scary, they will not force you to tell the government what your favourite colour is, they will not take your first born child. They will make your life easier.

  2. I thought Passport was dead. by Futurepower(R) · · Score: 5, Informative


    In the past, Passport has been shown to have zero security. See the Wired News article, Stealing MS Passport's Wallet.

    On August 8, 2002, the U.S. Government's Federal Trade Commission (FTC) ordered Microsoft to stop lying about its Passport service. The FTC's order is titled Microsoft Settles FTC Charges Alleging False Security and Privacy Promises.

    From: Windows XP Shows the Direction Microsoft is Going.

  3. A few things for people who didn't read it by IamTheRealMike · · Score: 5, Informative
    1) This is merely an offer from the Alliance to Microsoft. MS probably won't take it up.

    2) Even if they did decide to co-operate, it'd largely be meaningless. There are so few websites using Passport the list can fit into less than a screenful.

    3) Even if this wasn't a problem, making Passport interoperate with anything would be a major technical headache. It simply wasn't designed for that at all. It's centralised so badly it'd need to be ripped apart and rebuilt to allow for "federation". Notice how that using Kerberos to open it up idea seems to have faded away? That's because Kerby was never meant for that anyway, and because it's extremely hard to open up Passport.

    4) Passport is growing at a snails pace, with good reason. The gain you get from it is small (often the user needs to give a password anyway, regardless of whether they use passport or not) and the cost is huge, both in developer time and various costs involved in working with Microsoft.