Microsoft Loses Passport
nikkoslack copies and pastes: "Microsoft is abandoning one of its most controversial attempts to dominate the Internet after rival companies banded together to oppose it and consumers failed to embrace it. The Redmond software company said Wednesday it would stop trying to persuade Web sites to use its Passport service, which stores consumers' credit-card and other information as Internet users surf from place to place."
Perhaps Ebay's decision to drop it was the final straw.
Not everything is analogous to cars. Car analogies rarely work.
They do, and they market that very well. I recently saw an eighteen-wheeler pull through major cities showcasing Microsoft security products. Every business owner I spoke with that has had considerable expenses due to Microsoft's insecurities was amazed at their products. What I find most interesting is when a peer of mine went to a Microsoft propaganda seminar, they suggested the purchase of a Linksys router/firewall to place before their high-dollar security system. When asked what OS this equipment used, the speaker proudly mentioned Linux.
The problem is age-old though. Viruses and Trojans would seemingly not exist without Microsoft. Certainly, there would not be a need for anti-virus products because the numbers would be manageable enough via infrequent patching. Therefore, Microsoft is the problem.
Click here or here.
Just some questions. Is the liberty alliance project still alive? does it provide a decentralized authentication proxy and will it be deployed concretely in some future?
There were a lot of rumors about this "passport killer" but now it seems to be faded into silence.
-- "If A equals success, then the formula is A=X+Y+Z. X is work. Y is play. Z is keep your mouth shut." - Einstein
They shot themselves in the foot a long time ago with extremely high licensing costs and requirements as well as complicated implementation requirements (not to mention the tiny client portfolio or constant security problems).
Besides, there's no push for businesses to either adopt single-sign-on services, or for customers to want it.
Businesses require flexibility when it comes to user authorisation and profiles that 3rd-party services cannot offer.
Most people either use the same user-name and password combination for all of their services, and there aren't many browsers that won't auto-complete u/p forms.
At least with this announcement, Microsoft might be able to push some of it's resources from trying to push this serviced to 3rd parties to fixing the services internally (ever tried to log-out?)
Nobody believes that Microsoft focuses on security. Nobody.
I don't think it is just security - it is lack of trust on several levels.
Personally,
1) I do not trust Microsoft with my information
2) I do not that Passport really added any value. From a privacy point of view, I could just as easily maintain multiple passwords on multiple sites with a password manager program - I use Roboform under both IE and Firefox.
3) Companies did not want to hand over an important function of their business to a third party with little gain. Little value is added by letting a third party control this, yet it can provide huge leverage for MS in the future. I forget which year it was, but I recall Bill Gates saying that MS wanted to get a slice of every online transaction.
4) I did not trust that the technology between the website and MS was safe. Some pages seemed to be unencrypted, etc. There did not seem to be any security guidelines required of sites that are Passport enableed - maybe there is, but it seemed lacking to me.
5) I do not trust 'Privacy Policies' - companies can change them whenever they want and in certain instances (like TSA / Airlines) claim that the policies aren't binding, just PR. For me the best Privacy Policy is to not give out the data to the middleman in the first place.
My wife was buying airline tickets on Expedia when it asked her to log in, the first log in choice was to use her Passport id. So she dutifully goes and retrieves her US passport. Yes, I laughed at her too, but still the confusion was understandable, she was buying airline tickets after all.
Maybe if they would have called WebId or something more descriptive it might have caught on.
Arbitrary sig