Passport to Nowhere 361
prostoalex writes "CNET News.com.com talks about less than glamorous acceptance of Microsoft's single sign-on technology, .NET Passport. Being launched as a single sign-on service for online businesses and competing heavily with open Liberty Alliance project, which so far has produced just a large amount of PDF files, .NET Passport is considered a failure (although not by Microsoft). Turns out, high licensing fees, lack of simple implementation, security leaks and server downtime, were not acceptable to most of potential clients out there."
Only used in hotmail (Score:5, Informative)
Comment removed (Score:5, Informative)
Re:Only used in hotmail (Score:2, Informative)
Tim
Re:Only used in hotmail (Score:2, Informative)
Expedia.com (hasn't been a Microsoft product since 1999)
Ebay.com
Paypal.com
There are a few others, but those are the ones that immediately come to mind.
Vendors don't want it. (Score:5, Informative)
Hello? It's not very easy to imagine a site that's willing let a third party handle customer information for free.
Most companies aren't even willing to tell you how many customers they have, much less let you collect personal information about them.
-- this is not a
Re:Problem that doesn't exist big time... (Score:5, Informative)
How many accounts do you have, between eBay and paypal and Amazon and slashdot and
The idea of Single Sign-On is to put all of your eggs in one basket, then make sure it's a really good basket. Nobody trusts Microsoft to make that really good basket, but it doesn't mean that they're not trying to solve a real problem. It's a tricky one, because the trust factor is scary, and the stakes are very high.
Re:eBay (Score:2, Informative)
Re:Problem that doesn't exist big time... (Score:1, Informative)
It does have the single point of failure issue, but I consider this an acceptable trade off considering I now use very long, complex and different passwords for everything.
I had no idea how many UID's/Passwords I had until I started using this program.
Re:Favorite quote from TFA (Score:1, Informative)
Welcome to George Bush's America: it's not your choice anymore. [infoworld.com]
Re:Favorite quote from TFA (Score:4, Informative)
Re:Only used in hotmail (Score:2, Informative)
Re:Only used in hotmail (Score:2, Informative)
When Passport was new, that was the only way you could buy stuff at Starbucks website, but they've made it optional since then.
Re:Favorite quote from TFA (Score:3, Informative)
1) The venerable WEB is just not able to handle such complex task. It'll fall prey to hackers and vandals. We do not understand Internet deep enough to be able to complete such tasks in total security and privacy. There's too many holes, that even those who look for them 24/7 haven't found yet. Internet has grown much faster than our ability to understand it and study it.
2) one word: Microsoft. Yes they probbably have all my info collected little by little over the years, but I'll give that the benefit of the doubt, what I don't want to do it trust something (someone) that cannot be trusted. I am not bashing MS, I know they are trying HARD....but it's gonna take time and some radical changes for that to happen.
the solution for logon-itis... (Score:2, Informative)
Ebay uses passport. (Score:3, Informative)
Did some more searching, and yes ebay ueses passport.
Does this mean paypal uses passport? If not will it?
Apple's Keychain (Score:5, Informative)
If you want, all of your passwords (web sites, iDisk, e-mail, etc) are all stored in your encrypted keychain on your computer. When you login and authenticate your primary keychain is unlocked, allowing programs that stored passwords to access them. Programs cannot access others' passwords without your consent (in the form of "The application blah wants to access your keychain. Do you want to allow this?"). As would be expected, the whole shebang is encrypted on disk, I believe with AES. Finally, if you don't want all of your passwords in one spot, you can create multiple keychains (e-mail accounts, financial sites, other web sites) and unlock them only as needed.
It's all local, all secure, very flexible, and by default so easy it's completely transparent.
LDAP? (Score:2, Informative)
Adopting a common lookup structure to filter on (and this can be accomplished via referral chasing as well so that existing structures can be acommodated) would mean that your email address would identify you and your password would authenticate you to web services anywhere, with permissions based on the DN of the bind - if I supply me@domain.com, I authenticate via uid=me,cn=users,dc=domain,dc=com and the password I supply, and permissions are granted/withheld based on components of the DN.
With referrals security and authentication is left up to individual LDAP directory administrators.
Re:Only used in hotmail (Score:3, Informative)
Once I did, it opened the doors to tons of content I didn't give a shit about. I just wanted to delete all the useless bookmarks they shove in there.
Re:My "Passport" (Score:2, Informative)
Re:MS isn't giving up... (Score:2, Informative)
Isn't the whole point of private keys so only you have them? People need to take some responsibility in looking after their private data. I think I'll pass on their oh so kind offer...
I'll stick with private local backups, especially considering Microsoft's far-from-perfect security record.
Of course Passport is flopping. (Score:3, Informative)
First of all, as others in this thread are already pointing out, the security issues are problematic, to say the least... you want to store all that financial information in a Microsoft server, with Microsoft's terrible security record? No, thanks.
Second, Microsoft already has a ridiculous amount of power over the lives of the ordinary consumer, and the ordinary consumer knows it and deeply resents it. Even if they're not technically literate enough to be able to use non-MS products regularly, they still don't want to give Billgatus of Borg any more power over them than they absolutely have to.
Related to that, Passport is designed to force people to use MS products. I have a Passport ID (which I created only because I have friends on MS Messenger, not because I wanted to), and it's nothing but one solid headache. Just as an experiment, I've tried to log in to a number of sites with Passport using my regular browser, Safari, and it never works. It works fine in Internet Explorer, though -- gee, you don't suppose MS purposely designed it not to function with any browser other than its own, do you? Nah... I mean, they've never done anything like that before...
My background on this.. (Score:4, Informative)
Asherons Call (when it originally came out) used the MSN Zone login system to keep track of whos in the game, who has accounts, etc. Probably a year or so later, they (being Microsoft) decided that it would be better of all of the MSN Gaming Zone went to passport instead of using their own login system. When this first went thru, the passport servers got hammered, and people were unable to make passport accounts. Most of these people that were making new accounts were because of Asherons Call. Then the real troubles began.
First, they had it setup so only one active Asherons Call account could be tied to a passport. Sure, you could have multiple accounts under one passport, but you would have to go to the Asherons Call website each time you wanted to use a different account, and change that info on the webpage. (What pretty much happens is you login to passport when you go to the AC page, and then you go into the game, you dont put another password or anything in the actual game interface). So, when you logged in, it just used the "active" AC account tied to the passport you used. This really isn't a big deal for those who have just one account, but there was a lady who called in with 22 AC accounts. Don't ask me why she had so many, people get a little crazy with these games I guess. So, for her to be able to easily login to each one of those accounts, she would have to create 22 seperate passport accounts. So much for the "single sign in system" that they like to tout so much.
Second, the MSN Gaming Zone, and Microsoft are pretty much 2 seperate companies. They don't really share much info behind the scenes (im talking support wise). So, when someone called me up, they would say they couldn't login to Asheron's Call. I would have them go thru the process of making a passport account. At times, the passport account creation wouldn't go well, and Microsoft (at least at that time) had not a single person who could really help me with the passport system at all. There really isn't a phone extension I could have called to get more info, i just had to like figure it out on my own. Not something I dont think really should be done in a big support deal. Anyway, walk the person thru creating the passport account, and then going in and linking the AC account with the newely created passport account. For the few weeks after they decided to do this, it was the worst that you could think of, having to fix that 20 times in a day. It wasn't really our problem (games and multimedia) but they didn't have anywhere else for them to go.
Ok, so that said, I couldn't imagine what a seperate company would get in terms of support when trying to, lets say, integrate passport into thier website. I was representing myself as a Microsoft employee and I couldn't really find anyone to help fix problems with passport, and I was access to the full MSKB (one of the cool things they have, even if it is all just text)Eventually we got some tools towards the end of my days that we could look up what account was tied to what passport, but it really didn't matter much because all the problems we had with it were pretty much taken care of. As a side note, if you were to call them up today, you would be talking to someone in India.
Vapor? Definitely not. (Score:2, Informative)
We're just about to ship, transparently, a Liberty architecture here - and we're doing so internally amongst ourselves and our assembled services. There's nothing vapor about the technology.
The fact that there's no pretty website offering a "Passport" to be used anywhere on the internet for Liberty is missing the point: that isn't what Liberty is all about. The fact that you could has nothing to do with whether or not you *would* do so.
Sibboleth (Score:3, Informative)
I think it looks very interesting, and it is much better than both Passport and Liberty Alliance in that you control your own data and decide yourself what you want to share (if I have understood it correctly).
I haven't seen it been discussed a lot on /., and:
2004-02-22 20:10:08 Shibboleth For User Info Exchange (developers,privacy) (rejected)
There's a lot of really random comments, here. (Score:3, Informative)
1) Liberty Alliance protocols aren't about setting up a single auth provider that the world uses to authenticate you: It's a way of businesses and sites to create an agreement to allow each other to cross-login, or to support logins from foreign systems. Any site wishing to turn its login system into an Identity Provider is free to do so - other sites can then use that federated identity.
2) Liberty Alliance protocols don't require that one central identity hold all information. Each service provider has a local account which can hold information specific to that service without requiring your private information to be shared indiscriminately.
You can Liberty-enable a set of websites today. This can be done transparently to users, and is about businesses sharing sign-ons and authentication information without actually having to share your data. Site X doesn't need to have your account information, or your password; it can find out from the identity provider enough information to know whether you've been authenticated, or direct you over to them to authenticate safely.
Read the docs, folks. It's not Passport. It's not even really *like* passport, in its intended use. It's real, it's implementable, it serves a real purpose, and it's going to be BIG.