Slashdot Mirror

← Back to Stories (view on slashdot.org)

Liberty Alliance Completes Phase 2

Posted by Hemos on from the fighting-hailstorm dept.

g0_p writes "According to CNET the Liberty Alliance project released its phase 2 specifications for the Liberty Identity Web Services Framework. This will provide the much talked about 'single-sign-on' to multiple websites capability. Websites will be able to securely share information about the user including credit card data. The biggest benefit of sharing this kind of data is for people using web services through handhelds and mobile phones (Lesser buttons to click to buy birthday gift..). This may be significant, since many of the new phone models have web browsing capability and there is a considerable surge in sales. Now that this phase is complete we should start seeing this standard being implemented out there on the web. It would also be interesting to see how it stands up against Microsoft Passport in terms of security which has had troubles in the past."

4 of 105 comments (clear)

  1. Where this needs to come from... by pegr · · Score: 4, Insightful

    No initiative is going to work unless someone gets a major credit card company on-board to assume the risk, pure and simple.

  2. centralization == bad by Empiric · · Score: 5, Insightful

    Frankly, I don't want "single-sign-on", and I don't get why other people would either. The information I'd want to be available to my bank is completely different from what I'd want to be available to "Jim's Hardware Shack".

    Presumably, in order for this to work effectively, if you have one standardized set of information about "you", it would have to be the superset of information you'd need for all the sites you use. And, to be efficient from an implementation standpoint, I'd expect this information will be replicated all over the place in various caching mechanisms. This leaves your information fully available to web site operators reputable, disreputable, secure and hackable alike. As well as likely creating a situation where if your primary "record" is compromised, it could provide enough information to allow access "as you" to *all* the web sites you use. This seems like quite a high price to pay for the need to create a separate login for each site, which realistically, is probably on the order of a dozen or two registered sites a year for most users.

    --
    ~ Whence do you come, slayer of men, or where are you going, conqueror of space?
    1. Re:centralization == bad by DrEldarion · · Score: 4, Insightful

      I still don't see why this idea came around where they HAVE to store all your information on someone's server somewhere. Why not have it all be stored client-side and just have the user click a button to send everything? It can be heavily encrypted on the hard drive and over the connection, and you won't have to worry about someone hacking the server and stealing everything or worry about unwanted information sharing.

  3. So click No by brunes69 · · Score: 4, Insightful

    If you are worried about this then stop clicking "Yes" to the "Do you want mozilla to remember this information" box. Or turn the feature off altogether.

    Don't make Mozilla out to be wrong just because you don't know how to read dialogs.