Slashdot Mirror
Liberty Alliance Having Problems
torre writes "This article would suggest that there seems to be some chaos in the Liberty Alliance fight against Passport. Between Sun's Jonathan Schwartz claiming defeat to Microsoft as it has the market tightly controlled with the help of windows to Novell's Justin Taylor who says that Microsoft's Passport has got nothing to offer when it comes to the enterprise. Should be interesting to see how things pan out."
Whatever the solution, I'd feel much more secure with Sun hardware / software than I would with MS. They don't reinvent the wheel every 6 months in an attempt to correct all the mistakes they made in the previous version of the wheel.....
Umm... did you think this over, really seriously? I was a user of DigitalMe, and it made my Internet life a helluva easier. I could securely log into all of my services without having to know more than one password by heart. I could personalize most of those services, using just a browser and my account at DigitalMe. I had some messaging and e-mail options at disposal just as an added benefit. I all worked together. (Unfortunately, Novell discontinued the service, but that's their old illness: got a lot of cool technology, but incapable of making profit outta it.)
Nonetheless, I can clearly see the advantages the industry and private individuals would have from Liberty alliance's efforts. Note that I didn't even mention the B2B features that the Liberty Alliance is working on.
Sigged!
...stories like these were properly labeled as "MS Troll" instead of "Technology", that way I could filter them out.
The article basically says "We can't get into Passport's market share because MS forced people to sign up." That's a fair statement except for one minor detail: Massive numbers of people aren't running around saying "I need a single log-in point across multiple domains!".
If the demand's not there, bleating about MS beating you isn't going to make it better. Frankly, I think the only reason this article made it to Slashdot is that juicy little line about MS "forcing" people to sign up with Passport.
I can't be the only one who'd like to filter these stupid articles.
As a browser plugin ? That way the person decides who can access their information ? The keys, credit card and personal information/etc. are stored in an encrypted file on the machine and only those with permission can get at the information ? It would eliminate the need for a hugemungous server (run by an evil corporation) and this way it would be pretty simple to access the information (with some authentication of course) and not need to pay an arm and a left testicle to an Evil Corporation..
UPS Sucks
I'd have to agree - I've never used it, other than signing into an old hotmail account. Microsoft may force me to sign up, but that doesn't mean I'll use it. That doesn't mean that I'll use liberty alliance or whatever it is called.
I seem to remember microsoft trying this with microsoft wallet for storing all of your credit card information. That never flew, and I doubt that passport will really be such a big thing. Personally I like having everything seperate, so in case somehow it gets broken into/cracked, I'll only be vulnerable at one website/domain. I try to keep seperate passwords for security, and keep things divided for more protection.
I can log into my services securely too, and know only one password. It's quite easy.
:P
Set all of your passwords to be the same.
The only reason that Passport is useful is because it tries to dip its finger into a lot of pies at the same time. The end result is that corporations find out a lot more about your surfing/buying/playing habits than they otherwise would. In other words, it's *not* useful to the end user - it's useful to the service providers.
And/Or a physical key which can be plugged into the USB slot. People want to use single sign on technology on any machine and still feel secure.
My browser (Mozilla) stores my passwords. Don't see why I need a network-based service, controlled by someone else, subject to snooping, stealing, or worse, when the browser on a PC I control will do the trick.
sulli
RTFJ.
Besides the question of how useful single sign of stuff is, security questions, and adoption rates, etc., this shows how nice it is to be one, large, powerful entity. In this case, MS says, "this is the way we'll go." No one else has the market share to do similar things without forming alliances and consortiums which, while they may have a better idea, usually falter for exactly this reason: they cannot agree on what it is they are doing or why.
The causes for this are interesting, but far to many, complicated, and inter-related to get into during a 5 minute work break. Too bad.
Well that was a refreshingly content-free article, allow me to summarize:
Sun: Windows is better at whatever Liberty/Passport does
Novell: Maybe in the home market, but we do whatever Liberty/Passport does much better in the Enterprise!
Netegrity: Maybe Microsoft does whatever Liberty/Passport does better on Windows, but the true value is doing that cross-platform and cross-domain!
I still don't see how any of this is more than a niche market. Yes, there is a need in large enterprises for single sign-on, but that's largely a Fortune 100 issue, so no huge market there. For smaller companies, it's far cheaper to staff a helpdesk than it is to do an enterprise single-sign-on implementation. Yes, home-users have to manage a lot of userids and passwords too, but integrated browser password functions cover the 90% of people who don't move from their base computer. So for the home as well it's a niche function.
The only value I see is the value of Microsoft or AOL with extending their MSN or AOL login to new functions and thereby making it more "sticky", giving users an effective barrier to leaving their service. To me, that's really all this posturing is about.
Also, I fail to see why my cell-phone and my SSH session need to share a password.
P.S. Justin Taylor is a big geek. 8-)
- "When you want something with all your heart, the entire universe conspires to give it to you" -Paulo Coelho
The AOL-Sun-Netscape alliance and the other charter members definately have the ability to push Liberty, but perhaps not the will.
If they wanted to AOL, Netscape, Mastercard, Visa and American Express could deliver a *staggering* amount of particpants. This would dwarf the several million Microsoft passport holders overnight.
I think that the main problem here with Sun's technical leadership is that it's too busy trying to work out what it does for a business to worry about taking on Microsoft in yet another arena.
Another reason is that the when you're a holding a hammer, everything looks like a nail.
Sun sees Liberty as a battle with Microsoft, Novell sees it as glorified LDAP server, while the credit card and mobile phone companies see it as a targeted advertsing and aggregation tool.
The conflict is being caused by each charter member having a different vision of what Liberty actually *is*.
Has anybody noticed that there are two other Passport-like systems floating out there as well?
.Net Passport so that you can use MSN Messenger, but there are millions of people who dashed to aim.aol.com to get AIM and therefore ScreenName Service account, and Yahoo's got an IM client too if you want it.
The first is AOL's. AOL Time Warner has gone around and tied the login systems of almost all of their properties from CNN to Netscape to use the same logon system as AOL/AIM ScreenNames. AOL has direct competitors to almost everything MSN has and then some, and can collect just as much personal info to send to a media empire.
The second is Yahoo's. Now, I know the Yahoo logon is only valid at the Yahoo.com domain, but Yahoo has within its domain content that MSN spreads out into dozens of domains. Everything including a Hotmail-like e-mail site, an Expedia-like travel site, a CNBC-like financial site, and an MSNBC-like news site all accept the same Yahoo logon. Yahoo wants your credit card numbers in your Yahoo Wallet let's not forget...
Yeah, Microsoft is the most annoying in getting you to sign up for a
There are really three web empires... yet only one is getting all the heat. What's up with that?
Where Passport/Alliance etc. is useful is for corporations who can easier track your browsing/shopping habits to profile you and target you with more personalized spam.
Your pizza just the way you ought to have it.
For the average joe the more relevant case involves how he can now log into his phone, computer, laptop, pda, etc, and be able to identify himself such that he can get access to stuff like his contacts in an easy fashion. The example for this can be seen in web ICQ or MSN messenger.
With a single sign-on, you really have some security problems is return for the convenience. One shoulder-surfer can completely steal your online identity. And is anyone under the illusion that people will pick strong passwords for their Passport accounts? Nope, they'll pick their pets' names, kids' birthdays, favorite sports teams, etc.
MS may be insulated from competition with Passport, because the good guys wouldn't dream of implementing it insecurely, and that means their implemenbtations will be less convenient than MS's.
At this point, security is the one single strongest reason for people to switch away from MS and start using open-source software and open protocols. The problem is that very few people really care very much about security, and they don't really understand security well enough to know what they're missing.
Find free books.
I used to have different passwords for different services and had my browswer remember them. The problem was that if I needed to access something from somewhere else, it was a royal pain because I didn't remember all the passwords and my home computer is not accessable over the internet. There were times when I had to have a service email me my password, which opens up its own security problems.
Also, if you have your browser store passwords at work, then you're extremely insecure as well.
I used to think different passwords for different services was more secure, but I now use the same password for all sites and then change this password everywhere periodically. It's a minor hassle to change them but it's probably more secure than either Passport or browser storage, and I can access everything no matter where I am.
Every password-protected site requires a separate registration process. Wouldn't it be simpler to cache registration information on a central server?
The obvious disadvantage to this is that a poorly designed system could release personal info to unscrupulous businesses. A well-designed system could show you which fields a particular site wanted and ask for your approval. Better yet you could configure your account to release different levels of info to sites based on their privacy policy.
Sun's Jonathan Schwartz claiming defeat to Microsoft as it has the market tightly controlled with the help of windows
Pardon me for being a bit cranky and harsh, but why does Sun always seem to pull this line? They are declaring defeat before the battle really begins. If they want to pull out and quit then let them, but they have no need to declare the whole project a failure.
Besides, isn't a bit early for them to start their standard "we can't do this because of Microsoft" whine.
The Liberty Alliance could offer a true alternative to Passport by creating a system in which users, not large, faceless, and untrustworthy corporations, were in control of their identities. But it hasn't, and that's why it's floundering.
And when it's compromised? I have set all my passwords to be the same for about a year now, and it's the only way I can stay sane with the number of separate accounts/identities I have. My password has been compromised twice now :(
Luckily both times the people who saw it were friends. The first time I had to tell Adam my password so he could setup my new email/shell account for me. The second time a stupid MS connection wizard of all things printed out the password in plaintext at the end, just to helpfully confirm you'd chosen it right.
Not to mention the difficulties I had finding a password that was easy to remember but fitted into all the various rules some sites/systems have about passwords
Good passwords should be changed regularly. To do that, you need 1 password. To do that, you need digital identities.
"My browser (Mozilla) stores my passwords. Don't see why I need a network-based service, controlled by someone else, subject to snooping, stealing, or worse, when the browser on a PC I control will do the trick."
So basically you've written your passwords down underneath your keyboard, and think you are secure because nobody is going to look there.
Hi. That should be 'lose', not 'loose'.
Thanks,
'Lose', Not 'Loose' Guy
--thanks for the recent upmods! i'll be able to post again soon
In other words, it's *not* useful to the end user - it's useful to the service providers.
Sure it is. We implemented a passport-like service for all of our corporate systems. This way, you change your password once, and it changes everywhere. It has reduced the "I forgot my password" requests considerably, and allows us to enfoce regular password changes on a global level, instead of having each system deal with passwords differently.
The percieved problem of central systems on a global scale is simply that once the password is compromised, the whole system is compromised. Remember when car makers used to make one key for the door, and the other to the ignition? In the end it was proven that this generally added little to no security because both keys were on the same key ring. The same goes for passwords. I personally use 2 - 3 passwords accross all sites. You get one of my passwords and you can access almost half of the sites that I visit. Furthermore, most people that I talk to already use one password anyway.
My biggest concern for security is not the concept of centralized passwords, rather, it revolves around Microsoft's ability to design a secure protocol, and if that protocol becomes an industry standard so that Microsoft doesn't have Ultimate Power over the system.
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips