Slashdot Mirror
Microsoft Loses Passport
nikkoslack copies and pastes: "Microsoft is abandoning one of its most controversial attempts to dominate the Internet after rival companies banded together to oppose it and consumers failed to embrace it. The Redmond software company said Wednesday it would stop trying to persuade Web sites to use its Passport service, which stores consumers' credit-card and other information as Internet users surf from place to place."
Nobody believes that Microsoft focuses on security. Nobody.
That is the reason that the passport system failed. The general computer using public is not
really tech-knowledgable... however, they do know that credit card numbers are to be protected.
(Of course, they don't realize that all of this spyware s!ht they have installed could
grab their numbers just as easily.)
Hopefully, Microsoft will turn off
that damn reminder balloon now.
I think "rival companies banded together to oppose it" was far less relevant than "consumers failed to embrace it"
Here's what I do: Bitty Browser & Andromeda
Thank God.
I realize that it's probably the fault of the implementer, and not the technology, but I can't tell you how many times I've supplied my password to a page that was rendered without https.
So I had to get two Passport accounts: one for secure things, like my MSDN account, and one for things that I didn't care who stole my password for.
Never attribute to malice that which can be explained by mere idiocy.
/tinfoil hat on
/tinfoil hat off
Microsoft will embrace the Libery Alliance's Passport service. Windows users will embrace it too because it will be ported into the kernel.
Few years later, Microsoft will modify the protocol to extend it, adding their own proprietary features. Windows users have no choice but to embrace it.
Microsoft will then lock out competitors from using their new version of Passport. They might even patent parts of it. In the end they will end up dominating the Passport buisness anyways.
"would stop trying to persuade Web sites"
Perhaps if they did this mafia style with a hammer and some other blunt objects they would have better sucess
Microsoft will still use Passport for MSN services like Hotmail.
This is my sig. There are thousands more, but this one is mine.
Perhaps Ebay's decision to drop it was the final straw.
Not everything is analogous to cars. Car analogies rarely work.
They do, and they market that very well. I recently saw an eighteen-wheeler pull through major cities showcasing Microsoft security products. Every business owner I spoke with that has had considerable expenses due to Microsoft's insecurities was amazed at their products. What I find most interesting is when a peer of mine went to a Microsoft propaganda seminar, they suggested the purchase of a Linksys router/firewall to place before their high-dollar security system. When asked what OS this equipment used, the speaker proudly mentioned Linux.
The problem is age-old though. Viruses and Trojans would seemingly not exist without Microsoft. Certainly, there would not be a need for anti-virus products because the numbers would be manageable enough via infrequent patching. Therefore, Microsoft is the problem.
Click here or here.
Just some questions. Is the liberty alliance project still alive? does it provide a decentralized authentication proxy and will it be deployed concretely in some future?
There were a lot of rumors about this "passport killer" but now it seems to be faded into silence.
-- "If A equals success, then the formula is A=X+Y+Z. X is work. Y is play. Z is keep your mouth shut." - Einstein
They shot themselves in the foot a long time ago with extremely high licensing costs and requirements as well as complicated implementation requirements (not to mention the tiny client portfolio or constant security problems).
Besides, there's no push for businesses to either adopt single-sign-on services, or for customers to want it.
Businesses require flexibility when it comes to user authorisation and profiles that 3rd-party services cannot offer.
Most people either use the same user-name and password combination for all of their services, and there aren't many browsers that won't auto-complete u/p forms.
At least with this announcement, Microsoft might be able to push some of it's resources from trying to push this serviced to 3rd parties to fixing the services internally (ever tried to log-out?)
When Microsoft continued to leave "security" off its list of "necessary items" to follow up on for years, they pretty much shot any hopes of controlling a unified authentication system out the door.
Nobody takes them seriously as far as security goes. Just reading the headlines for a day would make that abundantly clear.
Perhaps a competitor will come out with a clean record and a compelling product, but in this area it isn't going to be Microsoft, if anyone.
SNACKS ARE AWESOME
a public/private key scheme where public registrars keep your key. You keep your list of credit cards and identities on YOUR own devices. You then send encrypted information containing your credit card or identity in an industry standard packet of encyrpted information along with a link to the registrar.
They will be back. They have the time and the funds to punt on this..
But they are not done...Total domination takes time.. They learned that lesson with java and the web in general...
---- Booth was a patriot ----
I still think the idea is valid, but the implementation and execution, in true MS form, left a lot to be desired.
My wife was buying airline tickets on Expedia when it asked her to log in, the first log in choice was to use her Passport id. So she dutifully goes and retrieves her US passport. Yes, I laughed at her too, but still the confusion was understandable, she was buying airline tickets after all.
Maybe if they would have called WebId or something more descriptive it might have caught on.
Arbitrary sig
Let me have my 1000's of different logins as you can't imagine what happens when your only identity online get's compromised.
Imagine the work you need to pick up the pieces, this after all the work you need to make sure that the theft's impact remains small...
People that buy in on a single net identity are not so smart it seems...
Wow, it's looking bad for MS. Firefox, IE exploits, linux sneaking up on them, and their attempt to be big brother now fails too.
The truth is that it failed long ago and it just took this long for it to swing around. As for the rest? I've been hearing for years and years how Linux and open source was going to crush MS to a pulp. At the current pace it'll happen right around the year 2112.
And I'm not being trollish. Let's at least accept the fact that when you're in a biased community like Slashdot you're going to see things with a heavy slant. Joe Sixpack STILL hasn't embraced open source, cares little about it and is even less inclined to learning a new OS, free or not. Not to even factor in the school system. Once I see a serious move to Linux in accessible schools like state universities, community colleges and the free public schooling system maybe there will be something there.
Dedicated Cthulhu Cultist since 4523 BC.
Innovation isn't really innovation if no one wants it but you.
This is my sig. There are many like it but this one is mine.
I'm almost sorry to see it go - it was a usable, simple to integrate single-sign-on with a big name, money and a fair critical mass behind it. Shame the entry price was so high.
The real action is in federation and the ability of identity management systems to share trusts. Sure, it would be convenient if we didn't have to worry about the dozens of passwords we require for web sites we visit, including Slashdot. But that's a mere inconvenience compared to the issues faced by large organizations attempting to communicate together at an application level of trust.
There are many instances where two or more organizations would like to allow individual humans ,software programs, and devices to communicate once they've been properly identified as 'authenticated' on each other's systems, but the costs of determining which of these entities have that appropriate authorization is too high for the recipient organizations. It's difficult enough to ensure that one's own people/programs have appropriate authorizations and privledges.
Sharing information on each of the potentially millions of instances requiring authentication becomes prohibitively complex and costly. Just managing a directory system that contained 1/4 million employees and a million other internal objects is a huge undertaking. Adding even a fraction of that number of directory objects from dozens of other entities is a burden unlikely to be acceptable.
Enter Federation. My organization trusts these individuals with the set of priviledges that our two organizations have agreed upon as apporpriate for our digital communications and my organization accepts the responsibility to maintain the integrity of our side of the connection. Our identity management system connects to yours and through the use of appropriate handshaking protocols (the federation part - over simplified, I know) demonstrates that trust exists and the communication can occur.
Now instead of maintaining a directory of millions of outside entities etc., we need only maintain a directory record for each approved communcations process.
These issues cross so many disciplines and technologies from e-mail and IM, to SOA and more, that federated trusts becomes necesary if the process is to work at all. Further discussion of this topic belongs, and probably already exists, in a another thread.
More and more, all of MS's 'innovations' are tanking. Passport, Active Directory, Xbox, MSN 'google' search engine, IE, recently acquired AV software and the list goes on and on, not only were NOT innovative, they actually purchased the technology. See: [http://www.vcnet.com/bms/departments/catalog/cata log.shtml]
They then embraced and extend the technology they purchased.
Of course one of the worst purchases was PassPort.
ugh!!! Good riddance......
People don't like being nagged, and when nagged many have a tendency to do the opposite.
Myself, my father, my mother all had to go through the same thing. "Please create a passport" "OK, wtf is a passport and why do I want it?" *click* (lots of marketing mumbo jumbo that Joe Average has to make an effort to read (a big no-no). *click "later" or whatever*
Next reboot "Please create a passport!!11one!" - at this point you start to get mildly irritated. "I told you last time - now if I find I have the need for a Passport I'll come get one! Go away!"
Next reboot "Please create a passport OR ELSE!!!" - now you start to get pissed off. Stop nagging, I hate things that nag especially computers, go-the-heck-away. Now you make a conscious effort to *avoid* learning about Passport. This is where MS go wrong. What they should have done is made it so that you *want* to learn about Passport - not so that you hate it so much before you even know what it does that you never want to see it again.
Next reboot - "Your desktop is untidy. Clean it up please" - at this point you either a) Bend over and do what it says, b) Go to a tech tip site and learn how to turn *off* all the stupid naggy things that try to tell you want to do, c) Format and install Linux or d) Put the Dell in the bin and buy a Mac.
I seriously hope when Longhorn comes out they look at some of the simple Human-Computer Interaction guidelines like "don't try to make the computer (sorry I forgot the word... androsomething... where it acts like a human)" and "don't nag". Nagging = bad impression of product.