E-commerce Single Sign-On Not Dead Yet

FullyIonized writes "A few years ago Microsoft's Passport technology made headlines as Microsoft predicted e-commerce nirvana and conspiracists predicted a new Big Brother. Not to be outdone, Sun spearheaded the Liberty Alliance . Years later, I still don't have a single sign-on, not that that's a bad thing. Enter Andre Durand who started his first business with BBS software, then headed up Jabber, and now has started Ping Identity. The big distinction: the federated identity software is open-source. The Denver Post has the story."

What's wrong with...

[lawpoop]

PGP for online transactions? Heck, even stupid stuff like bulletin boards and slashdot. I'm sick of having to make up new user ids and secure passwords for every freakin' site on the web. Why not just let everyone post PGP signed messages?

Seriously, I'm not asking in jest. Is there a problem with the technology as it stands?

.NET Passport helps you sell out your children

"Kids Passport helps participating sites and services obtain parental consent to collect, use, or disclose a child's personal information. You or your child can register his or her .NET Passport account."

As opposed to "...will ensure children's personal information is kept confidential...".

A crackers dream

[Underholdning]

Hack once, use everywhere.
Seriously - all the sites that I would trust a single-sign-on thingy already have that. I use the same password at all those less important places. (I'll probably get bashed to hell for this, but I'm sure most of you do the same)

Another free Liberty implementation

[Dr+Schizzo]

Lasso is another free (GPL) implementation of the liberty specs. It is still in heavy development but compatibility against SourceID (PingID solution) has been achieved.

The great thing in Lasso is the language bindings; PHP, Python, Java, C# (anything .NET actually), integration in existing website is easy (well, it will be much easier when the documentation is completed).

Re:single logon means..

[ArsenneLupin]

And how many people use the same username and password everywhere already? There are so many websites out there, each wanting you to sign up,

Solution: classes of passwords.

• The stuff that you really care about (your bank account, your login at your computer at home, ...) all gets different passwords
• The stuff that you care a little bit less about (bug reporting sites for various software, Slashdot, wikipedia, etc.) share a password. Note: when vandalizing wikipedia, you should use different passwords for your different trolling accounts, because they can (and do...) correlate various trolls by their passwords. So you just use login concatenated with your_common_password.
• The stuff that you care even less about (NYT, other online papers, ...) share another password
• That stuff that you care still less about (password at work, ...) yet another one

Stuff of same "security level" shares same password, so things stay manageable, while still keeping reasonable security.

Identity Commons

[The+Pim]

Not to bang on these guys, but for an open, non-commercial, distributed identity system, with working code, see Identity Commons.

Why do we need a single sign on anyway?

[techstar25]

In "the real world" I have several different ID numbers:
SSN
Bank account number (more than one)
Credit card number (more than one)
Employee ID
Student ID
Drivers license number
Supermarket loyaty discount card number
Blockbuster/Movie Gallery number
Library Card number
Auto/Home/Medical insurance ID
Voter Registration ID
I think I'm better off having those as separate numbers, and just keeping the cards around so I don't have to remember them. Why should online be any different? Can you imagine a world where all those numbers are the same, and are maybe our telephone number for instance (making everyting easy to remember). Scary.