Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
America Online

Liberty Alliance Gains Momentum 186

kabanossen writes "News.com reports that AOL is joining the Liberty Alliance, which is a coalition of tech companies who are creating an alternative to Microsoft's Passport. Other members of the alliance are Sun, Nokia, Real Networks and General Motors "This provides a common language for authentication to ensure no one company controls the single authentication network" said a rep. " Mmmm...open standards. Hopefully.
This discussion has been archived. No new comments can be posted.

Liberty Alliance Gains Momentum

Comments Filter:
  • I just don't know which monopoly to cheer for!
    • Re:Eeek. (Score:3, Insightful)

      by ichimunki ( 194887 )
      34 companies isn't exactly a monopoly. Compare to a Microsoft-owned one company scenario.

      What's dangerous, however, is that this 34 company oligopoly is the one that is likely to be the main influence in the SSS-CA and any regulation that results if that bill ever passes. They will have no qualms crushing your freedom to support their revenue models... "Liberty Alliance". Some joke.
    • by darkPHi3er ( 215047 ) on Tuesday December 04, 2001 @04:05PM (#2655437) Homepage
      the most ***important*** sentence in the article

      "The sober truth is that although consumers are bothered by multiple user IDs and passwords, most consumers don't see much relative value in having one credential to navigate the Web," Avivah Litan, vice president and research director for Gartner, said in a statement.

      before "single sign on" becomes useful, let's consider just some of things that don't exist now, that are needed to make it useful/valuable/necessary...to Joe/Jane Average

      1. micropayments - we've been talking about them for years..still no standards, still no positive participation from the major central banking systems..PayPal has had to fight to get as far as it has

      2. user authentication - biometrics are coming along nicely, but they have no useful installed base to speak off, and the first gen laptops with biometric user control has no way to "authenticate" the user

      3. encryption - no agreement on standards, with the US Gov fighting ANY kind of suggestion to implement standard encryption of email, and pushing for "back doors" in every type of system they can

      4. trust - who do you want to have access to ALL your confidential info - Armey, Bush, Case, Daschle, Ellison, Gates, Gephardt, Levin, McNealy, Murdoch, Rather, Redstone?????? All of these individuals (and their respective orgs) have been repeatedly shown to be driven by, UH, "goal achieveing orientation" and NOT by "philosophical/ethical/moral orientation"

      5. Systems Security - even if you perceive that you trust the above folk to know that you peruse "Teletubbie FreakySex Sites" or "Death, The Beginning of your New Love Life" newsgroups,

      ALL of these orgs have systems with major security flaws...so even with the "best of intentions"...chances are the whole world will find out what you did with that purple teletubbie doll...(and if you keep the video in "My Pictures" we can probably all watch it, too).

      i just attended MS Professional Developers Conference in Los Angeles, where PassPort "single sign on" was a BIG push by the MS marketeers...most of the attendees couldn't have cared less

      it's much more likely that after all the members of the "Billionaire Boyz Klub" are done with wrangling over "single sign on" as a way to insure "vendor lock in", that the G will step in, and shove their vision of this down ***EVERYBODIES" throats..."for our own good", of course
  • by Barbarian ( 9467 ) on Tuesday December 04, 2001 @03:43PM (#2655260)
    With the track record of AOL, the last thing we need is people running software similar to AoHeLL on the new authentication system, and hijacking people's accounts.
  • R.I.P. Anonymity? (Score:5, Insightful)

    by AgTiger ( 458268 ) on Tuesday December 04, 2001 @03:44PM (#2655264) Homepage
    Microsoft has Passport. This alliance offers another alternative. Both push our society towards a "know your neighbor", or perhaps "know your customer" model.

    I remember a few years ago there being a pretty significant backlash against banks attempting the "Know your customer" model of business.

    Let's not forget the "None of the above" option when contemplating these systems. Identification of a person is not always necessary or prudent, for a multitude of reasons.
    • It seems to me that no matter who 'wins' this tug o' war, the losers will be the general public and the winners will be corporate america.

      Think about it ... either way, there will be some sort of grand scale authentication scheme arching across the net. And this is what they want. It's not a matter as to if most peoples' privacy will be violated, it's about when and by whom, and about how we must act preemptively to protect ourselves.

      • by Mr_Matt ( 225037 )
        Think about it ... either way, there will be some sort of grand scale authentication scheme arching across the net.

        This point can't be made strongly enough. Sure, the net will still be accessible to all - think anybody's gonna write a .NET/Passport or "Liberty" Alliance frontend for linux? - but how long until the useful things become inaccessible to the user who refuses to sell their soul to the company store? And can online organizations that don't toe the line and require "authorization" continue to exist in the onslaught of corporate sites that do?

        We thought the regulation of the airwaves by the government was bad - now we give "authorization" power to the people who stand to profit most from our submission. Why are we so ready to piss away our freedom?
  • by Anonymous Coward
    Is this going to be "open standards" just like AOL's instant messenger is open standards? :)
    • You mean how they run a server deticated to non-AOL AIM clients? About how they upgrade and keep the server up and able to handle the load? You mean about how this is all despite the fact that almost none of the free clients even support the ability to display AOL's ads in them?

      While not quite "Open", AOL is very tolerant and even supportive of non-AOL AIM clients.


  • Well, that would be sorta perfect for Ximian's mono [go-mono.com]! And if that "Liberty" thing is really open, what are the advantages of using Microsoft? People claimed that Mono was bad because it would force people into using passport - now if this Liberty thing works out, and somebody makes it work with Mono...

    Great idea! :)
  • Any sites or tips about the minimum info to supply
    in registering for Passport?
  • ummm no... (Score:5, Insightful)

    by Quasar1999 ( 520073 ) on Tuesday December 04, 2001 @03:46PM (#2655283) Journal
    sorry, but I don't want AOL to have my credit card info, just as I don't want Microsoft to have it.

    when will these companies learn that we don't want a huge easily hackable database with all of our info in it? I'm quite happy memorizing my credit card number and providing it only when I feel it's necessary. With these passport like services, it's way too easy for a company to get you to sign in to get free service, and then simply start billing you after 'n' days, since they already have your credit card info, etc, in their database... At least now they have to send you a bill, or at the very least you have to provide a credit card number for a free trial...

    I personally don't care if it's Microsoft, or some other tech company... I don't feel overally confident that a huge database with all of our info in it on the web is not going to get hacked...
    • Re:ummm no... (Score:3, Insightful)

      by sabinm ( 447146 )
      I agree. However, the vision of these corporations is to make the passport, or their standard of it a form of currency, where your very credentials offer you a line of credit. Sort of like Blade Runner currency or Star Trek credits. We're looking at this from the wrong side. It's scary. Very scary to think that a passport or any other authentication service could become the de-facto standard for purchasing online. The credit companies already have this in line. How many places require a credit card to purchase and won't even accept cash? More and more these days. I don't even carry cash in my wallet. My visa(passport) card is my ticket to goods and services.
      • so what you are saying is that this will connect us with a sort of "store " credit line so we can buy stuff based on the credit at that store?

        oh great just what I need, more credit cards!!!!!
    • Re:ummm no... (Score:3, Interesting)

      by MrWinkey ( 454317 )
      sorry, but I don't want AOL to have my credit card info, just as I don't want Microsoft to have it.

      I agree with this. About 7 months ago my local ISP shut down. :( The option was given to us to go with Earthlink for a discount for the first few months. I decied to decline and go with another ISP that was localy owned and had better prices. Needless to say Earthlink would send me bills every month after that for the next 5 months. Luckily I did not give them my Credit card # or I would have been automaticly billed. The best part was that when I would call up to tell them I didnt owe them anything and to quit sending me these stupid bills for no service they could not do anything because they didnt know my "logon."

      Earthlink Phone guy: Yes we can do that what is your login ID?

      Me: I dont have a login ID. I never signed up for your service. I dont want your service.

      Earthlink Phone guy: You really must have one. Your in our computer.

      Me: No I dont. I have never had your service Nor do I want it. Do you have a manager?

      After doing that once every month for 5 months untill they finaly quit sending me bills. But not before threating to send me to a collection agency.

      The less people with my CC #'s the better.
    • sorry, but I don't want AOL to have my credit card info, just as I don't want Microsoft to have it.

      How about Visa?

  • So we now have two choices: a) give away our identities to a monopoly and depend on them to do even basic banking or b) give away our identities to a cartel (er... uh... alliance) and depend on them... Why can't we each just have control of our own identity instead of depending on .NET or some clone of .NET?
  • by nanojath ( 265940 ) on Tuesday December 04, 2001 @03:47PM (#2655289) Homepage Journal
    Of course it makes perfect sense as Microsoft is aiming it's MSN service directly at AOL... "a great alternative to AOL" as one commercial states. Becoming the defacto gatekeepers of the internet by tying up authentication is absolutely essential to Microsoft's .NET strategy - in the software as service model it is the equivalent of controlling the desktop OS.

    This is better than no competition for Passport but not so good as if there were some aggressive and international lobbying and development of public, universal and non-proprietary authentication. This is like watching Fed Ex and UPS duke it out over who gets to run the U.S. Mail.

  • Why isn't a Linux company signing up (like RedHat [redhat.com])? That would give the project a little more clout in terms of a clearly defined software platform ... rather than, say, "Liberty Alliance for Windows", which would have to compete with a passport icon already on the desktop.
  • 'Old' Boys Club (Score:5, Informative)

    by gmhowell ( 26755 ) <gmhowell@gmail.com> on Tuesday December 04, 2001 @03:48PM (#2655292) Homepage Journal
    Sorry, but I can't see where this will be a whole lot better.

    Okay, yeah, we definately know that AOL will provide the IM:) But what are the odds of a patent-free, royalty free standard? Zero. Check out the faq [projectliberty.org].

    To be verified to use their tech, you'll likely have to either pay an exorbitant fee to join, pay an exorbitant 'license fee', or both.

    Of course, there is no problem with charging to validate against, say, an AOL server, or store information there. But can even DEVELOPMENT occur without significant costs? No.

    The only selling point to this seems to be "we're not Microsoft".

    (And again, could somebody please explain the advantages? Most people on the street I've spoken with don't seem interested in having anybody store their CC and other personal information. And before you mention banks and credit card companies, most people would be quite pleased if they didn't have the info either.)
    • no, all it says is that member companies would pay to be a part of the allience, not member users.
      • According to their fact, it says that members would have to pay fees. Specifically, it says that "There are fees for Alliance membership at various levels that will be used to drive all aspects of this new solution." I don't see where it makes a distinction between companies or users. I also don't see (again, on that page) where it exempts users. And further, I don't see where it specifies what constitutes a user.

        Until they say something to the effect that "all standards will be patent-free, and anyone will be able to develop programs and systems without incurring cost" I'll assume that this is a non-free system.

        (Again, I have no problem paying for authentication services, and even to pay for a "Program Foo is a Liberty Alliance Certified Program".)
        • the allience is a group that requires membership, their product is not somthing that will require consumers to become allience members......I bet that the lowest membership that will exist will be the website and the highest will be a company on the stearing commity.

          if they want people to use their tech they are certainly not going to charge the consumer.
  • by melquiades ( 314628 ) on Tuesday December 04, 2001 @03:48PM (#2655293) Homepage
    I haven't been keeping up with this, and (I admit it) I'm too lazy to read the article carefully. What is the Liberty Alliance's stance on centralization? I certainly don't want Microsoft holding all my info on a centralized server, but I don't trust any of these folks all that much more. I'd really rather have it on my own machine, encrypted, with very specific as-needed permissions for releasing individual details. This should work in such a way that a malicious third party finds it difficult to cross-reference, say, my e-mail account and my medical records having retrieved each individually.

    So where does the Liberty Alliance stand on this? Are my wishes way beyond the scope of this project -- is it a question of "which faceless corporation's basket do you trust with all your eggs"?
    • Check this faq [projectliberty.org].
    • From the FAQ:

      Q: What is the intention of the Liberty Alliance Project?
      A: The charter members of the Liberty Alliance Project, representing a broad, global spectrum of industries, intend to create an open, federated solution for network identity - enabling ubiquitous single sign-on, decentralized authentication and open authorization from any device connected to the internet, from traditional desktop computers and cellular phones through to TVs, automobiles, credit cards and point-of-sale terminals. The alliance represents some of the world's most recognized brand names and service providers, driving products, services and partnerships across a wide range of consumer and industrial products, financial services, travel, retailing, telecommunications and technology
  • I found this part of the release rather interesting:

    Libery Alliance conference attendants noted an unusual episode at the conference where Oracle Chairman Larry Ellison showed up midway with a crew of Oracle employees chanting "Oracle today makes Osama go away!"

    Later, Ellison offered his company's support and participation in the alliance efforts.

    "Oracle would be proud to donate our leading Oracle database software to the alliance project," said Ellison. "To us, it's a matter of killing too birds with a single stone. With the power of Oracle 9i, Liberty's registration information would also serve as a national citizen ID database, protecting all of us from the evils of terrorism."

    White House spokespersons had no comment on Oracle's previous offer of its database for a national registration system.

  • This idea still provides a single point of failure for targetting hacking and DDoS attacks. Regardless of who controls it, one single authentication network is a horrible idea. It is doubtful that Passport will gain any serious momentum, since there have already been numerous attacks on the service. I have yet to see any services which support Passport outside of MSN, and I will never sign up for a Passport or a "Liberty Alliance" account or any other single point of failure.
  • Confusing (Score:3, Insightful)

    by Jucius Maximus ( 229128 ) <m4encxb2sw@NOSpaM.snkmail.com> on Tuesday December 04, 2001 @03:49PM (#2655303) Journal
    With all these things like 'Liberty Alliance,' 'The Patriot Act,' 'Libertyunites.org,' 'Enduring Freedom' etc, it's getting harder and harder to remember what is what.

    Perhaps the Liberty Alliance group is taking their public relations cues from politics - it sounds 'shameful' to turn down something called 'The Patriot Act' regardless of what its details are. Maybe they are aiming for the same kind of thing in defeating passport.

    [Note: I was unable to determine if this post is a trollish type thing. I guess the moderators will tell me.]

  • by anticypher ( 48312 ) <anticypher&gmail,com> on Tuesday December 04, 2001 @03:49PM (#2655304) Homepage
    Mmmm...open standards. Hopefully.

    Someone take the crack pipe away from Hemos.

    These will be competing proprietary standards to M$'s dontNET lockin standard. To prevent M$ from embracing, extending and extinguishing, all the key pieces will be protected with patents and trademarks and every other bit of legal jiggery they can use. Just like with JAVA, the liberty *ack* *gagh* alliance will not allow these to become free and open standards, they will smack any free version in order to create a legal precedent for when (not IF) they have to go after M$.

    the AC
  • Why does it seems like this is just an example of other companies doing things to spite MS? Other than talk, I haven't seen any real advantages to this. Won't having just one password make it that much easier for hackers? If Liberty Alliance is so good, then why is AOL still developing it's own system? Why are there more questions than.. well you get the idea. When someone can show how such a set up can be easy and safe, I'll buy in to it. Until than it is just another "promising tech".
  • Other members of the alliance are Sun, Nokia, Real Networks and General Motors


  • by reachinmark ( 536719 ) on Tuesday December 04, 2001 @03:49PM (#2655311) Homepage
    There was a newspaper article today in Sweden announcing that next years tax returns could be submitted via the internet. To secure the connection, the three tax related government bodies would require a special identity certificate... that can only be provided (and verified) by your bank.

    The bottom line was: since a lot of people here in Sweden use internet banking, and we all hope it is really secure, then your internet bank account would be one safe way of identifying you. So why not make banks account the basis of a net passport? Rather that than make Microsoft the key to my bank account!

    • This is a good point. The big examples of a system of authentication that are vast and work are Visa and Mastercard.
      The two do kind of collaborate, but they provide a global standard that has worked really well. Why not extend these as well for internet identification ? They are already the most important method of internet payment.
    • the three tax related government bodies would require a special identity certificate... that can only be provided (and verified) by your bank.

      In Code and other laws of cyberspace [code-is-law.org], Lessig talks about something just like this. Using digital certificates to indentify yourself online. The problem comes in when said certificate contains things like a "geographic location" field. Then, a gambling site hosted in Las Vegas can be forced to decline you access if you are living in Iowa, and other such abuses.

      This is even without getting into the problems if something like this became prevalent to the point that you got this certificate from your ISP, and were required to have it to go online. Then you could be tracked *everywhere*.

      Yeah, I can think of ways to preserve anonymity, like a "certificate proxy server" hosted someplace out of the reach of US law, but I'd rather not have to deal with it at all.

  • AOL == time warner. Pretty big company? I don't have any numbers, but it seems to me that Time is probably not tiny.

    Between Time and GM, that is some pretty big backing. No offense, but the rest really are small beans. But with some truly massive corporations backing a hopefully open standard, that could really provide some serious competition to M$, if they can deliver.
    • The only trick is that Time makes these books and magazines and movies and tv shows. GM makes these metal boxes with wheels, called cars. Between the two, how much goes into computer services? I don't know. But looked at that way, they are on a more level playing field with M$.

      Get IBM into the mix, and you are again, undoubtedly on top of the world.

      Now, if GM/AOL wanted to somehow integrate liberty-alliance-passport into their AOL or GMC Yukon... Then they'd have an edge. A big one. But I'm not sure how GM can leverage this in the automotive marketplace (sure, some of their subsidiaries can easily take advantage, but their big bucks are cars and trucks)
      • Now, if GM/AOL wanted to somehow integrate liberty-alliance-passport into their AOL or GMC Yukon... Then they'd have an edge.

        Say, a gas station that gets a signal from a chip in your car, presto, you've just paid for gas. Heck, get this required by law, and you've solved the "gas and go" problem.

        • Fat chance at getting sign on. I've had a Mobil speedpass for a couple of years. And I can only use it at Mobil/Exxon stations.

          But it's not a bad start. Add the ability to go to any GM shop (or independent) in the country and let the car pay for repairs itself (provided it's not been stolen:)
  • Magic carpet (Score:3, Insightful)

    by DrXym ( 126579 ) on Tuesday December 04, 2001 @03:55PM (#2655354)
    AOL already has an alternative to Passport called Magic Carpet. Who wants to bet that's what they're going to open up?

    It's too AOL is so myopic about standards. On the one hand you have Mozilla and perhaps this and then on the other you have AIM.

  • I hope I'm wrong on this, but the more I look at this, the more I am reminded of "a camel is a horse designed by a committee" (with due apologies to perl fans and desert dwellers). The Liberty Alliance has all these companies signed up, but it seems pretty vaporous in terms of technical specs, marketing efforts, or much else. Time will tell on whether something real actually comes out of this, but I always get nervous when the hype-to-meat ratio is as high as this. Sort of reminds me of voting machines a year ago - everyone was talking about doing something but there was little/no agreement on what a voting machine should do. Six months later, most of the talk had gone away.

  • 'scuse me? (Score:5, Informative)

    by Cutriss ( 262920 ) on Tuesday December 04, 2001 @03:59PM (#2655388) Homepage
    I've got the karma to burn, so let me just don my "Captain Obvious" hat here...

    America Online? Open standards? You're joking, right?

    I seriously doubt [jabber.org] that I need to explain [slashdot.org] myself here [opensource.org].

    And don't even think about pointing me in this [aolserver.com] direction.

    • And don't even think about pointing me in this [aolserver.com] direction.

      You missed one: mozilla.org
      • I didn't really count Mozilla because it existed before it got swallowed by AOL, and it would've been a PR disaster for AOL to suddenly rein in Mozilla and tell all the developers to bugger off. Mozilla is a wonderful project, and I'm glad it's still around, but it can't really be counted toward AOL's successes.
    • <aol>
      Me too!

      Rant: Sounds like bullsh*t to me.

      The only reason They (Sun, AOL, etc.) are touting Open Standards is because they're getting their butt kicked by M$. The only way they seem to be marketing Liberty is through anti-M$ measures by saying things like..

      "It would be a positive step if Microsoft would join Liberty as well," the AOL spokesman said. "If they chose to do so, it would indicate they were moving away from leveraging their monopoly to control this new generation of services."

      And using M$'s monopoly as an excuse to point fingers at M$, and say, "We must stop the evil. People, rally with us" as if Sun, AOL, etc. were the Good Guys. But the fact is that They would do (and have done) the same monopolistic practices if They had the chance. The only reason They're bouncing about with Open Standards is because if they didn't, they'd be lumped with the Bad Guys (M$) and they're gonna juice all the PR by saying they're going to keep Liberty open.

      Libery will just follow open standards until they have Passport on the ropes. Then all your base are belong to Sun/AOL.
    • Re:'scuse me? (Score:2, Insightful)

      by djweis ( 4792 )
      What's the problem with AOLserver? They bought it because they used it, and then released the code under the MPL and GPL. How evil is that?
      • The point is not that whether or not that's evil. AOLserver's just not a very good product. It would be akin to Microsoft releasing Microsoft Paint as an open-source product, and then using that to spin up a great big "We support open source!" PR bonanza. I specifically mentioned AOLserver because it's a poor-quality program that doesn't qualify to exempt AOL from being a closed-minded monolithic giant.
  • But why? (Score:4, Interesting)

    by The Bungi ( 221687 ) <thebungi@gmail.com> on Tuesday December 04, 2001 @03:59PM (#2655390) Homepage
    I just don't get all this. We do not need a centralized personal information system. That much is apparent. Not from Microsoft and not from anybody else.

    These companies are doing all this stuff just for the sake of *doing* it, to spite and fight Microsoft. Nothing more.

    While I'm not blind to the fact that whoever controls all this information will have a measure of power, it remains to be seen if people actually buy into the whole thing. Microsoft may claim 88 gazillion-trillion Passport subscribers, but how many of those are really one-time half-filled and fake entries used to get a temporary spamming Hotmail account? How many people are actually dumb enough to store their credit card information in a Passport (or whatever)? With all the negetive press e-commerce site hack-ins have received in the past few years I'd be surprised this constitutes any significant percentage of Passport users, even among clueless computer users.

    The whole industry is overestimating this supposedly "next killer thing" for the Internet. But, predictively enough, the lemmings have all decided to jump over the cliff together. Well then, let them be squashed together.
    • Microsoft may claim 88 gazillion-trillion Passport subscribers, but how many of those are really one-time half-filled and fake entries used to get a temporary spamming Hotmail account?

      Very few. Hotmail deletes unused free accounts after 45 days.

  • by Rob Kaper ( 5960 ) on Tuesday December 04, 2001 @04:00PM (#2655394) Homepage
    How hard can it be to create a client-side wallet?

    Keep all the data local, but allow third parties to access it. I choose that SomeShop.com may read my creditcard and address info and if it changes, they automatically have the new data when they request it.

    Even better, they would not have to store my details themselves. I do a lot of e-shopping and there are quite a few e-commerce shops that store my creditcard info. To be honest, I couldn't even name all the stores that do without going through my creditcard invoices.

    The FSF or another capable OSS team should join this Alliance (that, or I should stop being lazy, start being capable and start coding).

    I have no problem with third parties accessing an encrypted database through encrypted channels, served by an open source applications running on my own server. Yes, it's still vulnerable, but it puts the vulnerability and control in *my* hands.

    Hm, but I will continue to be lazy. And the FSF would never create a cross-platform wallet that integrates with the 90% desktop OS. I guess our best hopes are with this Alliance?

    (on the other hand, I've placed hundreds of orders in the past years with a creditcard and unless I'm really making so much money that I don't even notice, my card hasn't been abused a single time)

    • I've actually got something very similar to this, it's a non-virtual wallet that I actually store in my pants. When I want to buy something on the internet my hand simply enters the pocket of my pants, removes the wallet, and then I take out a credit card and enter the information required. I have to say it works great and I have yet to be bothered by fraud.

      Now if Microsoft tries to get into my pants, then I'll get seriously up in arms.

    • by Anonymous Coward
      There was a microsoft wallet around the time of IE4, but I think most people were wary of it. .net will be MS sneaking the technology under your nose without explicitly calling it 'wallet'.

      After all, Passport is a happier name invoking thoughts of holidays and happiness, whereas Wallet focuses on finance and work.
    • I work on four different computers all the time, some shared, some not. Do I want to set up wallets everywhere? What about my mobile phone, my wireless organizer, need I synchronize wallets there too? Bank terminals in different countries?
    • http://www.ecml.org/

      Nice n simple. If all registration/payment forms used the same field names, browsers could spot this and fill in details for you. So what names to settle on? This is where ecml came in.

      Part of the problem with this was that browsers seem perfectly happy to roll over and give out everything they know about you to any crackers passing through. So would you really trust having your credit card details held there? Hence the need for ewallets which could store this info.

      There's two different concerns here though - single sign on identities (for login etc) and identity for payment. Frankly I DO NOT WANT single sign on which covers my wallet as well as my ability to post to /.

  • great- even more spyware to collect my personal data and raise the purchase cost based on my demographics and browsing habits.

    Are we looking in the window and not seeing the diference between the pigs and the humans?
    (reference to G. Orwell's Animal Farm)
  • From the first paragraph of the article: "creating a common online registration and identity system". Such a thing would be just as bad as Passport. When AOL/Sun/etc says "trust us, we'll hold all your personal info" it's no better than when MS says the same thing.

    But if you go on to read the rest, you'll find that they are unveiling a common framework. This way the information remains decentralized -- everyone would only collect the info they need and have their own policies regarding to whom and how they reveal that information.

    Much better.

  • As of now, three sites I use utilize passport for authentication. I log into one, then I'm in all three. Ebay, Hotmail, and Expedia. Sure, this makes things a bit faster, but as other posters have pointed out, it also makes a single point of entry that hackers can focus in on. My university is going to a single-authentication scheme that actually seems to be pretty secure, but I wouldn't trust that to the whole internet.

    The solution seems obvious. Expanding and integrating password tracking features into browsers. The w3c would be wise to set this down as a standard. This way, a user could store CC, mailing info, and passwords for *any* site they wanted. As of now, the best implementation of this is Mozilla (that i've seen) because it automatically fills in the form fields when you return to a page. (IE requires you to click on the field and choose from a dropdown box.) This to me gives the ease of single login (because in *nix, you have to log in, and in XP the default is to require each user to log in.) But, you don't have the problems of the passwords (or other personal information) stored at a website.

    Heck, you could almost do this with cookies, at least for things like mailing address and cc info. This is where I think amazon failed. Why store CC and mailing information in a database on the web when you can just store it as a cookie?

    Am I way off base on this, or does this actually make sense. This is how I manage my many different logins, but of course if uninstall/reinstall mozilla, I've got to retype it. It would be nice if this was actually a package on the browser, and I could save (and backup) this information, and be able to restore it, or even better, copy it over to another browser if I want.
    • Hmmm good point- is it really that hard for me to enter my info for each site, if not for each purchase? I guess it's the old security vs. usability thing- though security is probably the better way to go with all the info needed to charge your CC! That reminds me, I *really* have to get a new low limit CC just for web purchases..
  • Why do I even want sites to know who I am immediately when I log on? Sure it's nice for them to save my preferrences and so forth, but I like putting in my CC# every time I purchase. I'd prefer info like that not to be saved anywhere. (Even if it is client side I clear that out regularly) And my preferences are already stored via any cookies I choose to accept. I don't like any sort of push to take the control from my capable hands to those of a large (or a mixture of large) corporations. Plus the day I see my options between going with MS Passport of and initiative including *shudder* AOL, is a sad day indeed.

    Warning, warning, you will not be allowed to log onto this website because you are using a non-ms operating system!


    Warning, warning, you will not be allowed to log onto this website because your ISP is not AOL!

    Doesn't really seem like a choice to me.

    But then again, maybe I'm missing the point, it happens...

    • Warning, warning: You may not log on this webpage because you don't agree that all if your personal information is stored centrally.

      [And because I live in Germany, they actually have to ask me prior to doing this. Opt-in is mandatory. Well, by law, anyway...]
      • Hey, that's pretty cool about the mandatory opt-in. Yeah, it may just be law, but at least when some yahoo billionaire tells you that you have no privacy, the gov is on your side.
  • by MantridDronemaker ( 541253 ) on Tuesday December 04, 2001 @04:07PM (#2655452) Homepage
    It sounds like the Liberty Alliance is trying to create a set of common standards and not, as many people are freaking over, a second centralized database.

    If they can come up with a decentralized yet intercompatible way of authentication then they might be on to something positive! Anything that can be done to prevent a Microsoft having a total strangle hold with .NET is a good thing I think.
  • Use XNS (Score:1, Interesting)

    by Anonymous Coward
    They should use XNS (http://xns.org). It's here today and it works. Otherwise, it'll take them to long to reinvent the wheel and Passport wins.
  • Is this good news or bad news? It's getting hard to tell these days, with both Microsoft and AOL in it.
  • Check out dotGNU's virtual identities [dotgnu.com]. They're very early in the process, still considering proposed solutions, but I'm willing to bet that what they eventually come up with will be both really open and better than either passport or liberty.
  • Does anyone else find it disturbing that AOL has risen to be our defender against Microsoft. They can't be the hero. They've been evil *far* longer than Microsoft. And they actually hire intelligent people. I think the people that work at AOL must get paid minimum wage, because that's all they're worth.

    Granted, AOL can't be entirely blamed for the idiocy of its user base (and there are smart people who have no other choice) but AOL is responsible for more landscape filling with their CD coasters than MS has been with their inflated OSs.
  • Maybe this shouldn't be a standard. The whole idea behind this is to make YOUR information PUBLIC. Ideally it should only be accessible by you, but we all know how hacking works.

    Why isn't anybody creating some free software so you can setup your own server for yourself or your company. It just needs to be a little server, with SSL and some basic security measures (no buffer overflows).

    The whole idea is you'd have access to information from multiple locations. We all know the original MS ideas behind why they want to implement this, and it's not to make our lives easier. These other corporate entities simply see how they can make money off this and they also know there is more money to make if they can usurp power from MS instead of joining them.

    Honestly, what about these services would make your life easier? Answer that question, there's YOUR solution, most likely it's the solution for MANY people, so write the software that meets YOUR needs. Make it open source and/or free and let many people benefit. I'm sure one cable modem connection could more than handle the load of a mid-size company looking up contact information.

    • No one seems to be taking to task that the big thing to worry about, that this is just a way to rope us in so that when Windows goes to a subscription service, they'll have an easy way to charge us. In fact, I didn't much mind using passport to log into sites... I mean, at worst, a hacker can read my hotmail account. However, when they started talking about web services and tying that into the OS, I knew I had to get away (I've since been working to get rid of my hotmail account and been moving to the mozilla browsers. I can't bring myself to use linux yet... I just don't like it as much as winXP.)

      Granted, having to pay $10 a month to keep using our computer sounds insane, but for most users (who, btw, will already have their CC info stored with MS) they're probably not going to notice, and not know they have an alternative.

      Indeed, if MS ties .NET soley to passport, that's yet another reason that no one will go with other solutions.

      Will splitting up the company alleviate this? Probably not. I mean, AT&T was split up 20 years ago into a bunch of little companies. Now look at them. They own half the local service in the country, plus a bunch of cable companies.
  • "This provides a common language for authentication to ensure no one company controls the single authentication network" said a rep. "

    Right, no one company other than AOL.
  • What always suprised me with these kinds of developments, is how easily people skip step 2, i.e.:

    1. Someone starts doing X (where X = passport, p2p, XML, ...)
    2. ?
    3. everyone sees X as a necessity, and is trying hard to not be left out.

    So, we are already assuming we won't be able to live without these authentication networks, but noone along the line ever asked why? Am I the only one who finds this funny (or sad, your pick)?

    Is it THIS easy to make a whole planet go along with a phenomenon without using basic brain functions?
  • Mmmm...open standards. Hopefully.

    Sorry, but this was a bad idea when Microsoft ahd it, and it is still a bad idea. Developing and 'open standards' version of an unnecessary, intrusive and ripe-for-abuse system does not make it any less of these things.
  • Who came up with that corny name? Makes me think of a super hero team =P
  • The irony of course is that it took Microsoft to piss them enough to do this. So in fact Microsoft deserves credit no matter which one takes hold.

    How many of you are guilty of re-using your passwords on various sites. All it takes is one of those sites to be stupid and store your password in plaintext somewhere. As soon as someone gets ahold of it, just build a spider that tries your login on every site that requires one.

    If joeblow.com gets compromised, maybe I won't find out until something odd shows up. Whereas if Passport or the new thing gets broken into, I'm sure sparks will fly.
  • by Chibi ( 232518 ) on Tuesday December 04, 2001 @04:32PM (#2655611) Journal

    In these times, I can't believe people are saying something called the "Liberty Alliance" is a bad thing. Dear God, you people must all be atheist, Communists. Or maybe Muslim extremists. I will support the good old US of A by letting anyone and everyone associated with the Liberty Alliance have all of my personal information. It's the patriotic thing to do!

    Some people are just too cynical...

  • Do you really mean that one in six americans is handicapped? I guess that means that we need to lose more up front parking...
  • Microsoft claims that they already have several hundred million Passport users, on the strength of the fact that all Hotmail users are automatically signed up for a Passport.

    However, how many people actually use Hotmail for serious email? I doubt foxychic52@hotmail.com and hot_guy334@hotmail.com really provided accurate information when they signed up for their Hotmail accounts...
  • As we all know, Passport was created by Microsoft not to provide a service, but as an attempt to force people to go through MS to use the Internet.

    Passport provides NOTHING useful in any way. Passport is actually HARMFUL to it's users, as it is an extreme danger.

    We all know that, and even most non-computer oriented people can see that just as clearly, which is not surprising considering the nature of Passport.

    As a programmer and web developer, I vow to never implement anything that in any way uses Passport(or a derivative)'s authentication mechanism or other ridiculous "features".

    I promise I will let my company fire me before I would submit to this nonsense. I hope most of you would do the same.

    Personally, I think Passport is doomed to fail. While MS might be able to force people to create a Passport account, Microsoft will never be able to force Passport upon other services, as there will be no benefit to using Passport.

    • Wait, why again is passport so bad? For as opposed to it as you are you don't give any clear reason why you are so opposed to it. Don't bother saying it lets websites track you, it's been done before.
      • It's a database storing personal info for millions of people. It could easily become the largest target of hackers and corporate espionage in the world.

        And with that HUGE risk, the consumer gains... absolutely nothing. The whole thing is simply Microsoft trying to gain control of what they want to become the gateway to everything on the Internet.

        • Uh...you realize every little bit of information about you IS ALREADY FUCKING STORED IN SOME DATABSE. Fuck dude, if you think Passport is homehow eviler than TRW you need to get the jaws od life to pry your head out of your fucking ass.
  • ...spoil the broth.

    Not that I'd use any of these services, but if I was, I'd rather be using Microsoft's service.

    Think about it. You'd be giving your personal information and credut card information to one of these databases. With Microsoft, its just them. With this Liberty thing, look how many hands are in the cookie jar.

    And I'm sure that this is going to get me labeled a troll, but open source might be worse than closed source. With the source open, anyone can look at it and find security holes. If the source is closed, its harder to find holes (not impossible, of course).

    But do we really need these services? And how secure would it be anyway? You're probablly going to be using a password to get into the system. For the average user, they're going to be using a simple password that is easy for them to remember. Simple = easily broken.

    It would be a lot more secure and useful to build a hardware system that would scan a card (MSR, probablly) and had a huge-ass "password", something like 128k, and ENCRYPTED the whole way. You've got the problem with losing the car, but then again you have the same problem with a credit card. Could this be the "killer app" of the "smart" credit card?
  • "The sober truth is that although consumers are bothered by multiple user IDs and passwords, most consumers don't see much relative value in having one credential to navigate the Web," Avivah Litan, vice president and research director for Gartner, said in a statement.

    Of course, it's still the way of the future, and at some point we'll all be pretty much forced to use something like this. That's not all bad, I certainly won't fight it, but I don't think it's necessary either. I definately don't trust MS with it, but I don't think I'd trust AOL with it either.

    AOLs support will certainly make this a viable sollution, though, and the competition will hopefully benefit us little folks.

    I'm just not sure how I feel about this whole thing.

  • No one can be a wolf if people did not make themselves sheep. The masses are the ones who allow such an ID if they are tired of putting in User names and Passwords over and over.

    It matters not if Microsoft or Liberty has the ID it matters that people know enough to realize that this is a bad Idea.
  • Can anyone think of an example where a technology company/organization with market momentum behind them created and started pushing a new "standard", a consortium formed to create a competing standard, and the consortium won out? Seems to me that the existance of the consortium usually just validates what the first company was trying to accomplish, and that company takes all the spoils. The consortium members usually just end up losing a lot of competitive time and some money.


    • Can anyone think of an example where a technology company/organization with market momentum behind them created and started pushing a new "standard", a consortium formed to create a competing standard, and the consortium won out?

      Sure, compare MSN version 1.0 vs W3C. The first MSN was a dialup competing against Prodigy and AOL.

      Or IP vs. Novell IPX, or X vs. NeWS. One can argue reasaonably that these aren't clones, but are things that "changed the game" compared to the proprietary thing. But that is one of the advantages of the open-ness.

      The question is whether the closed thing can get a knockout before the open thing gains footing.

  • Will some sites deploy it? Sure. But any vendor that says "We only accept payment via MS Wallet" is committing suicide. As much as they wish you'd pay by credit card, even checks are accepted by most online businesses. No one is going to turn away money.

    It will only be useful if it's super convenient- and practically everyone who buys stuff over the internet has accounts at all of the places they buy from consistently, making check-out a snap.

    But on the other hand...

    People routinely make convenience/security tradeoffs. If we were having this discussion 20 years ago credit cards would be pure evil to us. Having your credit card number stolen nowdays is an inconvenience rather than life ruining. And most of us have come to accept the fact that law enforcement can track our iron dildo purchases from the comfort of their desks if they wanted to.

    In the absolute worst case most sites will simply feature a "Use my passport account" link above the "Create an account" link.

    My how the world turns.

The rich get rich, and the poor get poorer. The haves get more, the have-nots die.