Alternatives To Microsoft Passport?

Passport-less asks: "With more and more Web sites requiring registration, I believe 'one login for multiple sites' services (like Microsoft Passport) will become more and more popular. Are they are open-source or community-based projects similar to Passport available? Passport's SDK is currently only available on Win2K (big surprise) -- although support for many UNIX-like platforms is planned in Q2 and Q3. I also don't like the idea of a profit-seeking corporation being in charge of a service like this especially Microsoft, considering their past security record. I also don't like their high fees, so I really think a community-oriented system with high deposits or bonds would be the best solution. Comments, anyone?"

Pasport is a bad thing

[Citrix]

Passport is simply a bad idea. It doesn't take much thought to realize how much info they could/would collect about you.

Where you shop, when, how often you check your order tracking. Wouldn't be hard to know which prodcuts you clicked on the buy now button. It is bad enought that double click knows more about the surfing habits of my web browser then I really know. Do you want some one knowing that and dollar amounts with proof positive info to id you.

NO!

Don't support any passport type anything. Look at the US goverment. It is scary what they have on me. At least there are (legal) limitations on what info the IRS can ask the police for and the police can ask the fed for, etc...

Personall I won't ever use any web service that requires a passport type service but there are people who like all their secrets exposed. How else does MTV get a cast for the real world/road rules.
Citrix

Re:Pasport is a bad thing

[tetrode]

Agreed. It is a bad thing. However, it will happen. So why not create an open source alternative, and perhaps a non-profit organisation which will serve as an alternative for Passport?

Sadly, I don't know of any...

[barbaBob]

But I would be very interested in having an alternative, especially one that puts the decision on which data to disclose into the hands of the user. Heavily encrypted data exchange etc.

I am not sure having such a thing as Open Source would the best option; it would allow any company or organization to fork from the project, adapt the system to what they want from it without notifying the users. One would need a supervising organization that could control the use of the data people store in such a system

BTW, Passport is a typical example of Microsoft's innovative strategy. Originally made by FireFly, I might not remember correctly but the system looked a lot better back then :(

bBob

--

Security?

[Stskeeps]

I don't really like the idea of "passport", because if one person gets my password to for instance hotmail, he can access any other of my accounts. Most likely banks would join the passport system too. One login/password hacked and your life is fucked. Different passwords are _always_ good - Security decreases with laziness really.

An Alternative, but not for everyone

[fuerstma]

A great alternative of this done right, IMHO is the Keychain feature as implimented by Apple Computer in Mac OS 9.0. Here are some links to info on its features.

Using the Keychain [apple.com]

Mac OS 9 Features [apple.com]

Creating a KeyChain [apple.com]

Changing your Keychain [apple.com]

Using your Keychain on another computer [apple.com]

ZKey

[Matts]

Zee-Key gave a talk about their product at XML DevCon. I think its probably what you're after. www.zkey.com.

Re:Pasport is a bad thing

[Citrix]

I don't think it needs to happen.

Some other people suggested a keyring type freature of the browser. good idea! no need to keep all data centeral.

What we should be doing is makeing a defined, supported (Mozilla, then others) standard for form autofill for just what the user wants (name, addr, state, zip, etc but not phone). let the user decide.

If your insistant on a passport type thing then don't make it open. I get enought spam from people that I'm sure got my email via whois at the internic/network solutions with out agreeing to the terms. Make that kinda thing open would be creating a spam database.

The way to do itis to get some human rights group to host/admin it. I know their not equiped but they can charge fees and raise a few nickles to support their cause while there would be a chance I may belive what they say enought to trust the system.
Citrix

but wait, does ANYONE use passport?

[happystink]

I was just thinking about this the other day, and I don't know anyone who uses passport, or even knows what it is really (from the half a dozen people I asked). I don't think it'll really catch on for a while, it woul dhave to reach a critical mass that I don't think it's even close to hitting.

And personally I hope to god it never does. It is a ridiculous idea, and people can come up with security safeguards for it as much as they want but history has proven time and time and time again that these kinds of security precautions will simply not work consistently if the idea itself is inherently insecure.

RFC2795

[jabber]

RFC-2795 [rf.cx] is likely a good solution. If not, then it's proposed outcome will provide a suitable solution in due time.

Re:ZKey

[thule]

I work at Zkey. We're trying to take the idea of Passport to another level. The next version of the site will be completely crypto based (*much* more than it is in the current version). We will not be able to read the information unless you allow us to. SDK kits will be made available to Zkey enable your site. It will be based on XML so any platform should be able to participate as long as you have client SSL support. We will not let things pass over the net in the clear.
Zkey's main idea is that information is *yours*. Who you give that information to is up to you and you alone. We're building the system in a distributed way because:
1. The internet is distributed.
2. You should have the choice on who you trust to store your encrypted information. Maybe you want to store it on your DSL connected computer. It shouldn't matter.

For another take on the Zkey idea, take a look at http://www.openprivacy.org/. Zkey will hopefully become an implementation of OpenPrivacy. We're in talks with them to make sure we will comply.

Qpass

[jelwell]

www.qpass.com [qpass.com] Has these services I believe. If not - wait for Netscape 6.0 and store all your logins into the wallet. At least you'd only have to type them in once; because it won't be long before you can store all your Netscape prefs remotely, and securely.

Joseph Elwell.