Passport to Nowhere
prostoalex writes "CNET News.com.com talks about less than glamorous acceptance of Microsoft's single sign-on technology, .NET Passport. Being launched as a single sign-on service for online businesses and competing heavily with open Liberty Alliance project, which so far has produced just a large amount of PDF files, .NET Passport is considered a failure (although not by Microsoft). Turns out, high licensing fees, lack of simple implementation, security leaks and server downtime, were not acceptable to most of potential clients out there."
"Microsoft was kind of pushing Passport for a problem that didn't exist..."
I think that more or less hits the nail on the head. This is aside from the downtime issue, which is embarassing, and privacy issues, which are disturbing. On the privacy/downtime note, the Liberty Alliance may be vapor currently, but the idea of a "federated" system sounds much better to me. It's not a problem I have with Microsoft, rather it's a problem I have with giving all of my personal information to a single organization to put into a central respository.
No sir, that's bad sauce.
Auto-reply to ACs: "Truly, you have a dizzying intellect."
I never saw a need for .NET Passport in any way. Privacy issues aside, all Passport would achieve for the company using it is something they could already do with simpler, more secure, and less liable technologies already available to them.
I mean, doesn't "competing heavily" imply that there's, well, an active competition in the first place?
Obliteracy: Words with explosions
I like the concept of passport, but I'm not going to get in bed with Microsoft to put it on my web servers. Besides, it has always seemed to me that doing a scheme like that would introduce so many more points of failure to your web system, that it wouldn't be worth the trouble. That's not to mention security. Somehow I just feel safer when I have to log in to each site separatly.
SCO.com uses Linux
At first, the concept of a global authentication system seems great. We all have too many passwords to remember, the idea behind Passport seems great.
But in reality, there isn't anyone who is secure enough, trustworthy enough, powerful enough and smart enough to pull off a system that would work and would be trusted.
You need to have the strength and power to be able to build such a system, and with those, trust invariably goes out of the window.
So for now I'll keep all my passwords in my brain, and pay the price of my mistrust.
Jolyon
Please read my Canon EOS tech blog at http://www.everyothershot.com
I personally think that it's becoming the groupthink/chic thing to do to point out that the Slashdot crowd doesn't like Microsoft.
Personally, I'd say the posting of that story should stand as proof that Slashdot isn't so biased as you seem to indicate. Moreover, whenever good news for Microsoft is posted here, it's generally studied with great detail and flaws are exposed in the methodology. For example, in the story you mention, they ignored worms, viruses, trojans, etc, because they didn't involve a person specifically targetting a specific windows machine for an intrusion. I remember thinking that the only valuable thing to come of that study was that Linux/Unix/whatever required actual human intervention to break into it, while Microsoft wasn't worth the bother when a thousand automated tools do it for you.
-N
I've nothing to say here...
The most recent Cryptogram has a highly relevant comment on this issue:
The problem with the whole concept in general to me is security.
Company A holds your credit card information and controls the sign up system.
Company B You make purchases through there system, credit card details are pulled from company A, your happy
Slap on 100 Company B's each with the ability to pull your credit card data so you can make purchases.
You now have 100 new possible locations for a hacker to crack, giving them access to a massive database of credit card data.
A chain is only as strong as its weakest link. The more merchants you add to this style system, the better change your chain will break one day.
Personal Website