Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Open MS Passport': MyUID Goes Beta

Posted by timothy on from the free-alternatives dept.

mastergoon writes "MyUID, which has been refered to as an "open MS Passport", has opened their doors to public beta testing. MyUID is a user database system, with the purpose of allowing virtually anyone to refer to its records using only HTTP or HTTPS. Many companies have unified login systems, like Yahoo! and Microsoft, but unlike MyUID, these databases cannot be put to use by any site. As of now there is an alpha release PHP4 connectivity API, which while not feature rich is in full working order. APIs should be available in your favourite language soon. You can view this example of a site remotely connecting to MyUID using the alpha API, and give a go at spoofing a login. They want the security of the login methods tested extensively before going production."

14 of 208 comments (clear)

  1. Wow. by Arial+Sharon,+10pt. · · Score: 5, Funny

    Maybe one day this could be almost as successful as MS Passport.

    --
    Am I dead yet?
  2. FAQ (karma whoring) by XanC · · Score: 5, Funny
    Here's the complete FAQ from the website:

    Frequently Asked Questions (FAQ)

    Q: When will the first API be done?
    A: The alpha is out, check the download page.

    Q: Can penguins fly?
    A: No.

  3. Are we sure this is for real? by LostCluster · · Score: 5, Interesting

    They have the most useless FAQ in recorded history...

    The API is also decidedly undocumented.

    Please come back when there's actually something to show us...

  4. Flying solo? by LostCluster · · Score: 5, Informative

    It seems like this project is only implemented on one site called mastergoon.com, and the /. post comes from a user named "mastergoon". Hmm...

    Seems like a one-person project. Very easy to declare standards without all those annoying other people!

    1. Re:Flying solo? by SpootFinallyRegister · · Score: 5, Insightful

      Declare standards? Looks a little more like a piece of software written without a specification, much less a plan. At this point, after going through the website and glancing at code, I have a hard time rating this at anything above the beginning of an idea. Learning by working on things is good. Punching out code that is supposed to be a standard without writing at least something down about it first is a disaster.

  5. Whatever happened to Liberty Alliance by Anonymous Coward · · Score: 5, Informative

    Weren't they supposed to do something similar? Sure seems to be taking them a long time.

  6. Maybe, but... by XanC · · Score: 5, Funny
    He has a gmail account! He must be doing something right.

    </sarcasm>

  7. Security? by Ravenscall · · Score: 5, Insightful

    So, if I am reading the code right, it has basically no security whatsoever at this point. Wouldn't you want that in an alpha release?

    --
    You say you want a revolution....
  8. Usefulness? by wwahammy · · Score: 5, Interesting

    Kudos to whoever made this, I know you must have put your heart into this. I don't mean this comment as an insult to you or your idea. But really is there a need for this? I like the idea of simplifying the web for people but Passport exists (and failed) and I believe there's a competing group with Sun in it called the Liberty Alliance that has a non-centralized model which I think sounds much safer. A centralized database has too many problems related to it to be useful.

  9. Totally backwards by torinth · · Score: 5, Insightful

    Why would I encourage users to aggregate all their personal data with some unknown startup?

    The two options already available are both (at least marginally) better. Those options being: collecting minimal personal data at my site, or using a well-known and industry-monitored company as the aggregate.

    If Yahoo! or Microsoft ran off with user data, at least they'd have something to lose. The same can't be said about MyUID. They could collect data for six months then run off and sell it to illegal immigrant smugglers. Who knows? They have no reputation, no history, and nothing to lose.

    And I guess it's not so bad if they just stick with UID/Password and not personal data, but I'd still sooner wait for a reputable company who chose to open the API.

  10. TheirID or an Identity Commons? by Broadcatch · · Score: 5, Interesting

    I'm concerned that it is just another centralized database of information. At least with Passport you don't have to worry about their database being bought by Microsoft.

    At Identity Commons we intend to give people full control over their personal profile information, including not only who has access to which parts under what circumstances, but also where which parts of it are stored. If you don't trust any of the "banks" you can store it under your virtual mattress (if that's where you keep your server, though it might get kinda hot under there).

    The free and open source code base is built upon two new OASIS XML standards, Extensible Resource Identifiers (XRI) which add (among other things) persistence and cross references to URIs, and the XRI Data Interchange (XDI) spec which enables a "dataweb", much like URIs enable a "document web". The coolest part of XDI is the concept of Link Contracts, that enable fine-grained access control over profile data while simultaneously recording the details that both parties agree to (and electronically sign) before any data exchange takes place.

    While we're still a month (or more) from announcing, we have enjoyed some good initial exposure.

    BTW: we're looking for people to play with the (pre-alpha) software (it's on SourceForge and there are even some CPAN modules) and help us bring it to the next level.

    --

    The antidote for misuse of freedom of speech is more freedom of speech.
    -- Molly Ivins

  11. But, LDAP is standard by freeduke · · Score: 5, Insightful
    Ok, here comes a new API for login?? What about LDAP, isn't it secure, reliable and efficient? So Why do people have to reinvent the wheel everytime? It would be far more constructive to think about a way to integrate and interface a huge Internet distributed LDAP structure, and have a clear standard to implement the way it works...

    Every website could have a root server for it's zone, registering new users' LDAP root server for authentification. They could also be third party LDAP server provider: ISP could be part of it, because they have go the login/pass associated to your connection, and they are already running LDAP servers.

  12. Re:Different from MS Passport? by blowdart · · Score: 5, Informative

    Lets add to this the fact that the "story" for this reads like a press release, and one that lies at that.

    "Many companies have unified login systems, like Yahoo! and Microsoft, but unlike MyUID, these databases cannot be put to use by any site"

    So you can't use Passport on your own site? What utter bollocks. Oh look, there's the passport SDK.

    But I can't run it on Linux you cry? Really? Step back a version, version 2.1 has code for Apache/CGI in it (Or did last time I looked). Admittedly the documentation for it is sparse to say the least.

    Finally lets look at the story submitted. mastergoon. OK, lets look at who owns myuid.com,

    Registrar: DOTSTER
    Domain Name: MYUID.COM
    Created on: 28-APR-04
    Expires on: 29-APR-05
    Last Updated on: 28-APR-04
    Administrative Technical Contact:
    O'Shea Kevin kevin@mastergoon.com

    Oh look, it's another shill story. Someone sumbitting a story about his service without admitting it.

    When did slashdot become a press release site?

  13. What is this? by binkzz · · Score: 5, Insightful
    It's nothing more than a day's work. There is nothing to speak of, the passwords aren't stored encrypted and no intelligent thought seems to have been put into it. As someone else already mentioned, anyone can take the entire user database with personal information from the site (everything except the password). If I were to run a site using the MyUID, I could obtain users' MyUID passwords as they tried to log in on my site, giving full access to any user's account who logs in via my site. Outrageous!

    Interestingly, it does say in the ToS:

    MyUID will not give or sell your private account information or your password to anyone,

    which seems a lie. But it goes on!

    MyUID will supply any information we have about you to law enforcement officials if neccessary.

    They'll rat on you even if not required by law. Yay!

    In order to use MyUID, you must be a human over 13 Earth years old, living in a state where internet usage is legal.

    ... Wow..

    The FAQ has two questions, one of which is 'Can penguins fly?'. I wouldn't hold my breath for this service to become very big.

    Registered user #1 is mastergoon, so this is just blatent self-advertising on slashdot.

    --
    'For we walk by faith, not by sight.' II Corinthians 5:7