Liberty Alliance Gains Momentum 186
kabanossen writes "News.com reports that AOL is joining the Liberty Alliance, which is a coalition of tech companies who are creating an alternative to Microsoft's Passport. Other members of the alliance are Sun, Nokia, Real Networks and General Motors "This provides a common language for authentication to ensure no one company controls the single authentication network" said a rep. " Mmmm...open standards. Hopefully.
Eeek. (Score:1)
Re:Eeek. (Score:3, Insightful)
What's dangerous, however, is that this 34 company oligopoly is the one that is likely to be the main influence in the SSS-CA and any regulation that results if that bill ever passes. They will have no qualms crushing your freedom to support their revenue models... "Liberty Alliance". Some joke.
Re:Eeek. I don't think we should worry ...YET (Score:4, Insightful)
"The sober truth is that although consumers are bothered by multiple user IDs and passwords, most consumers don't see much relative value in having one credential to navigate the Web," Avivah Litan, vice president and research director for Gartner, said in a statement.
before "single sign on" becomes useful, let's consider just some of things that don't exist now, that are needed to make it useful/valuable/necessary...to Joe/Jane Average
1. micropayments - we've been talking about them for years..still no standards, still no positive participation from the major central banking systems..PayPal has had to fight to get as far as it has
2. user authentication - biometrics are coming along nicely, but they have no useful installed base to speak off, and the first gen laptops with biometric user control has no way to "authenticate" the user
3. encryption - no agreement on standards, with the US Gov fighting ANY kind of suggestion to implement standard encryption of email, and pushing for "back doors" in every type of system they can
4. trust - who do you want to have access to ALL your confidential info - Armey, Bush, Case, Daschle, Ellison, Gates, Gephardt, Levin, McNealy, Murdoch, Rather, Redstone?????? All of these individuals (and their respective orgs) have been repeatedly shown to be driven by, UH, "goal achieveing orientation" and NOT by "philosophical/ethical/moral orientation"
5. Systems Security - even if you perceive that you trust the above folk to know that you peruse "Teletubbie FreakySex Sites" or "Death, The Beginning of your New Love Life" newsgroups,
ALL of these orgs have systems with major security flaws...so even with the "best of intentions"...chances are the whole world will find out what you did with that purple teletubbie doll...(and if you keep the video in "My Pictures" we can probably all watch it, too).
i just attended MS Professional Developers Conference in Los Angeles, where PassPort "single sign on" was a BIG push by the MS marketeers...most of the attendees couldn't have cared less
it's much more likely that after all the members of the "Billionaire Boyz Klub" are done with wrangling over "single sign on" as a way to insure "vendor lock in", that the G will step in, and shove their vision of this down ***EVERYBODIES" throats..."for our own good", of course
Re:Eeek. I don't think we should worry ...YET (Score:2)
hope it's not insecure (Score:3, Interesting)
Re:hope it's not insecure (Score:2)
R.I.P. Anonymity? (Score:5, Insightful)
I remember a few years ago there being a pretty significant backlash against banks attempting the "Know your customer" model of business.
Let's not forget the "None of the above" option when contemplating these systems. Identification of a person is not always necessary or prudent, for a multitude of reasons.
Re:R.I.P. Anonymity? (Score:1)
Think about it ... either way, there will be some sort of grand scale authentication scheme arching across the net. And this is what they want. It's not a matter as to if most peoples' privacy will be violated, it's about when and by whom, and about how we must act preemptively to protect ourselves.
Re:R.I.P. Anonymity? (Score:3, Insightful)
This point can't be made strongly enough. Sure, the net will still be accessible to all - think anybody's gonna write a
We thought the regulation of the airwaves by the government was bad - now we give "authorization" power to the people who stand to profit most from our submission. Why are we so ready to piss away our freedom?
My thoughts exactly... (Score:2, Insightful)
Re:My thoughts exactly... (Score:2)
While not quite "Open", AOL is very tolerant and even supportive of non-AOL AIM clients.
--
Evan
Re:My thoughts exactly... (Score:2)
They run a seperate server that is open for all connections! The only problem that they've ever had was software that actually used the three letters "AIM" in it's title. You could have it in the description, but not in the title. I would assume that was to prevent customer confusion... I imagine that the get support calls for other people's software.
That's a pretty durn open policy for a company that is supposed to be about making money. They spend money on something (the open servers) that don't make money (since there are no ads shown). That's a fairly good policy, if you ask me. Maybe not optimal, or the best, but hardly evil... on this issue, at any rate.
--
Evan
Any plans to make Mono support this? (Score:2, Insightful)
Great idea!
If I must use Passport, how to, well, lie to it? (Score:1)
in registering for Passport?
ummm no... (Score:5, Insightful)
when will these companies learn that we don't want a huge easily hackable database with all of our info in it? I'm quite happy memorizing my credit card number and providing it only when I feel it's necessary. With these passport like services, it's way too easy for a company to get you to sign in to get free service, and then simply start billing you after 'n' days, since they already have your credit card info, etc, in their database... At least now they have to send you a bill, or at the very least you have to provide a credit card number for a free trial...
I personally don't care if it's Microsoft, or some other tech company... I don't feel overally confident that a huge database with all of our info in it on the web is not going to get hacked...
Re:ummm no... (Score:3, Insightful)
Re:ummm no... (Score:3, Funny)
oh great just what I need, more credit cards!!!!!
Re:ummm no... (Score:3, Interesting)
I agree with this. About 7 months ago my local ISP shut down.
Earthlink Phone guy: Yes we can do that what is your login ID?
Me: I dont have a login ID. I never signed up for your service. I dont want your service.
Earthlink Phone guy: You really must have one. Your in our computer.
Me: No I dont. I have never had your service Nor do I want it. Do you have a manager?
After doing that once every month for 5 months untill they finaly quit sending me bills. But not before threating to send me to a collection agency.
The less people with my CC #'s the better.
Re:ummm no... (Score:1)
How about Visa?
Monopoly or Cartel? (Score:1)
AOL vs. Microsoft ... It is to laugh (Score:3, Interesting)
This is better than no competition for Passport but not so good as if there were some aggressive and international lobbying and development of public, universal and non-proprietary authentication. This is like watching Fed Ex and UPS duke it out over who gets to run the U.S. Mail.
A Linux company? (Score:2)
'Old' Boys Club (Score:5, Informative)
Okay, yeah, we definately know that AOL will provide the IM:) But what are the odds of a patent-free, royalty free standard? Zero. Check out the faq [projectliberty.org].
To be verified to use their tech, you'll likely have to either pay an exorbitant fee to join, pay an exorbitant 'license fee', or both.
Of course, there is no problem with charging to validate against, say, an AOL server, or store information there. But can even DEVELOPMENT occur without significant costs? No.
The only selling point to this seems to be "we're not Microsoft".
(And again, could somebody please explain the advantages? Most people on the street I've spoken with don't seem interested in having anybody store their CC and other personal information. And before you mention banks and credit card companies, most people would be quite pleased if they didn't have the info either.)
Re:'Old' Boys Club (Score:2)
Re:'Old' Boys Club (Score:2)
Until they say something to the effect that "all standards will be patent-free, and anyone will be able to develop programs and systems without incurring cost" I'll assume that this is a non-free system.
(Again, I have no problem paying for authentication services, and even to pay for a "Program Foo is a Liberty Alliance Certified Program".)
Re:'Old' Boys Club (Score:2)
if they want people to use their tech they are certainly not going to charge the consumer.
Centralized or decentralized? (Score:3, Interesting)
So where does the Liberty Alliance stand on this? Are my wishes way beyond the scope of this project -- is it a question of "which faceless corporation's basket do you trust with all your eggs"?
Karma Whore Link Propagation (Score:2)
Re:Centralized or decentralized? (Score:3, Informative)
Q: What is the intention of the Liberty Alliance Project?
A: The charter members of the Liberty Alliance Project, representing a broad, global spectrum of industries, intend to create an open, federated solution for network identity - enabling ubiquitous single sign-on, decentralized authentication and open authorization from any device connected to the internet, from traditional desktop computers and cellular phones through to TVs, automobiles, credit cards and point-of-sale terminals. The alliance represents some of the world's most recognized brand names and service providers, driving products, services and partnerships across a wide range of consumer and industrial products, financial services, travel, retailing, telecommunications and technology
You'd have to figure he'd be there... (Score:1, Troll)
Libery Alliance conference attendants noted an unusual episode at the conference where Oracle Chairman Larry Ellison showed up midway with a crew of Oracle employees chanting "Oracle today makes Osama go away!"
Later, Ellison offered his company's support and participation in the alliance efforts.
"Oracle would be proud to donate our leading Oracle database software to the alliance project," said Ellison. "To us, it's a matter of killing too birds with a single stone. With the power of Oracle 9i, Liberty's registration information would also serve as a national citizen ID database, protecting all of us from the evils of terrorism."
White House spokespersons had no comment on Oracle's previous offer of its database for a national registration system.
*scoove*
Re:You'd have to figure he'd be there... (Score:2)
Seriously, when I mod, I make sure my own political views don't result in a desire to mod down. But there are those that use moderation to supress opposing viewpoints - that's why it's important to Metamod.
All I can figure is that JonKatz has too many mod points...
*scoove*
There should be no "single authentication network" (Score:2, Insightful)
Re:There should be no "single authentication netwo (Score:4, Interesting)
Confusing (Score:3, Insightful)
Perhaps the Liberty Alliance group is taking their public relations cues from politics - it sounds 'shameful' to turn down something called 'The Patriot Act' regardless of what its details are. Maybe they are aiming for the same kind of thing in defeating passport.
[Note: I was unable to determine if this post is a trollish type thing. I guess the moderators will tell me.]
Open standards? With sun/oracle/aol? (Score:5, Flamebait)
Someone take the crack pipe away from Hemos.
These will be competing proprietary standards to M$'s dontNET lockin standard. To prevent M$ from embracing, extending and extinguishing, all the key pieces will be protected with patents and trademarks and every other bit of legal jiggery they can use. Just like with JAVA, the liberty *ack* *gagh* alliance will not allow these to become free and open standards, they will smack any free version in order to create a legal precedent for when (not IF) they have to go after M$.
the AC
MS leading the way? (Score:1)
One of these things is not like the others... (Score:2, Funny)
GENERAL MOTORS?!?!?!
okie-dokie...
If General Motors Were Like Microsoft (Score:1)
If Microsoft can join Ford, why GM can't join Aol?
But what if General Motors Were Like Microsoft [inav.net]?
Re:If General Motors Were Like Microsoft (Score:2)
Banks! (if you trust them) (Score:4, Interesting)
The bottom line was: since a lot of people here in Sweden use internet banking, and we all hope it is really secure, then your internet bank account would be one safe way of identifying you. So why not make banks account the basis of a net passport? Rather that than make Microsoft the key to my bank account!
Re:Banks! (if you trust them) (Score:2)
The two do kind of collaborate, but they provide a global standard that has worked really well. Why not extend these as well for internet identification ? They are already the most important method of internet payment.
Sounds like what Lessig was warning about. (Score:1)
the three tax related government bodies would require a special identity certificate... that can only be provided (and verified) by your bank.
In Code and other laws of cyberspace [code-is-law.org], Lessig talks about something just like this. Using digital certificates to indentify yourself online. The problem comes in when said certificate contains things like a "geographic location" field. Then, a gambling site hosted in Las Vegas can be forced to decline you access if you are living in Iowa, and other such abuses.
This is even without getting into the problems if something like this became prevalent to the point that you got this certificate from your ISP, and were required to have it to go online. Then you could be tracked *everywhere*.
Yeah, I can think of ways to preserve anonymity, like a "certificate proxy server" hosted someplace out of the reach of US law, but I'd rather not have to deal with it at all.
Time Warner (Score:1)
Between Time and GM, that is some pretty big backing. No offense, but the rest really are small beans. But with some truly massive corporations backing a hopefully open standard, that could really provide some serious competition to M$, if they can deliver.
Re:Time Warner (Score:2)
Get IBM into the mix, and you are again, undoubtedly on top of the world.
Now, if GM/AOL wanted to somehow integrate liberty-alliance-passport into their AOL or GMC Yukon... Then they'd have an edge. A big one. But I'm not sure how GM can leverage this in the automotive marketplace (sure, some of their subsidiaries can easily take advantage, but their big bucks are cars and trucks)
One idea off the top of my head. (Score:1)
Now, if GM/AOL wanted to somehow integrate liberty-alliance-passport into their AOL or GMC Yukon... Then they'd have an edge.
Say, a gas station that gets a signal from a chip in your car, presto, you've just paid for gas. Heck, get this required by law, and you've solved the "gas and go" problem.
Re:One idea off the top of my head. (Score:2)
But it's not a bad start. Add the ability to go to any GM shop (or independent) in the country and let the car pay for repairs itself (provided it's not been stolen:)
Magic carpet (Score:3, Insightful)
It's too AOL is so myopic about standards. On the one hand you have Mozilla and perhaps this and then on the other you have AIM.
design by committee (Score:1)
I hope I'm wrong on this, but the more I look at this, the more I am reminded of "a camel is a horse designed by a committee" (with due apologies to perl fans and desert dwellers). The Liberty Alliance has all these companies signed up, but it seems pretty vaporous in terms of technical specs, marketing efforts, or much else. Time will tell on whether something real actually comes out of this, but I always get nervous when the hype-to-meat ratio is as high as this. Sort of reminds me of voting machines a year ago - everyone was talking about doing something but there was little/no agreement on what a voting machine should do. Six months later, most of the talk had gone away.
'scuse me? (Score:5, Informative)
America Online? Open standards? You're joking, right?
I seriously doubt [jabber.org] that I need to explain [slashdot.org] myself here [opensource.org].
And don't even think about pointing me in this [aolserver.com] direction.
Re:'scuse me? (Score:2)
And don't even think about pointing me in this [aolserver.com] direction.
You missed one: mozilla.org
Re:'scuse me? (Score:2)
Re:'scuse me? (Score:2)
Me too!
</aol>
Rant: Sounds like bullsh*t to me.
The only reason They (Sun, AOL, etc.) are touting Open Standards is because they're getting their butt kicked by M$. The only way they seem to be marketing Liberty is through anti-M$ measures by saying things like..
"It would be a positive step if Microsoft would join Liberty as well," the AOL spokesman said. "If they chose to do so, it would indicate they were moving away from leveraging their monopoly to control this new generation of services."
And using M$'s monopoly as an excuse to point fingers at M$, and say, "We must stop the evil. People, rally with us" as if Sun, AOL, etc. were the Good Guys. But the fact is that They would do (and have done) the same monopolistic practices if They had the chance. The only reason They're bouncing about with Open Standards is because if they didn't, they'd be lumped with the Bad Guys (M$) and they're gonna juice all the PR by saying they're going to keep Liberty open.
Libery will just follow open standards until they have Passport on the ropes. Then all your base are belong to Sun/AOL.
Re:'scuse me? (Score:2, Insightful)
Re:'scuse me? (Score:2)
Re:'scuse me? (Score:2)
Re-read my post as this: Here are some products that proves AOL doesn't give a shit about open standards. And if you think that AOLserver proves otherwise, then be aware that I know of its existence and consider it to be folly, such that it's not worth considering as an exception.
But why? (Score:4, Interesting)
These companies are doing all this stuff just for the sake of *doing* it, to spite and fight Microsoft. Nothing more.
While I'm not blind to the fact that whoever controls all this information will have a measure of power, it remains to be seen if people actually buy into the whole thing. Microsoft may claim 88 gazillion-trillion Passport subscribers, but how many of those are really one-time half-filled and fake entries used to get a temporary spamming Hotmail account? How many people are actually dumb enough to store their credit card information in a Passport (or whatever)? With all the negetive press e-commerce site hack-ins have received in the past few years I'd be surprised this constitutes any significant percentage of Passport users, even among clueless computer users.
The whole industry is overestimating this supposedly "next killer thing" for the Internet. But, predictively enough, the lemmings have all decided to jump over the cliff together. Well then, let them be squashed together.
Hotmail expires unused accounts (Score:1)
Microsoft may claim 88 gazillion-trillion Passport subscribers, but how many of those are really one-time half-filled and fake entries used to get a temporary spamming Hotmail account?
Very few. Hotmail deletes unused free accounts after 45 days.
Re:But why? (Score:2)
Not when you listen to the party line at Microsoft, no. They're selling it as an all-encompassing "digital wallet", whatever the heck that means. The fact that you can opt not to include your children's vaccination history and a list of all your dogs since 3rd grade makes no difference. It's what they want it to be that matters. Ditto for the Liberty Alliance.
But what is clear is there is obviously a need for a centralized authentication mechanism. People are frustrated and tired of trying to manage 50 different username/password combo's just to register for services.
I don't think that's clear at all. The normal internet user visits no more than 10 websites consistently - why do they need to manage 50 accounts? Again, it's a solution for a problem that does not exist.
I think if you'd actually bother to take the time to understand what either of these offer you would go "Hey cool, yeah I can see a need for that!" I know that's my general feeling.
I'm amazed that you think it's cool - most rational, intelligent people think it's just a way to excercise more control over our online habits. But don't let that stop you from flaming me, though.
Re:But why? (Score:2)
10 websites is still too many to keep track of, made worse by the fact that each has bizarre limitations that make it impossible to use the same ID. Or in many cases even a secure password(what do you mean max of 8 chars?)
It is a problem that does exist for many people. Maybe it is not a problem for you, but then guess what? I'm not interested in selling you a golf cart if you don't golf. Duh.
And as for you last jab. Nice try. Can't discuss a thing from a rational logical manner, resort to name calling. Is that how you are going to win people over to your argument? Call them stupid?
It's obvious to me, anyway, that confusing yourself with a rational, intelligent person was your first mistake.
Client side, client side (Score:3, Interesting)
Keep all the data local, but allow third parties to access it. I choose that SomeShop.com may read my creditcard and address info and if it changes, they automatically have the new data when they request it.
Even better, they would not have to store my details themselves. I do a lot of e-shopping and there are quite a few e-commerce shops that store my creditcard info. To be honest, I couldn't even name all the stores that do without going through my creditcard invoices.
The FSF or another capable OSS team should join this Alliance (that, or I should stop being lazy, start being capable and start coding).
I have no problem with third parties accessing an encrypted database through encrypted channels, served by an open source applications running on my own server. Yes, it's still vulnerable, but it puts the vulnerability and control in *my* hands.
Hm, but I will continue to be lazy. And the FSF would never create a cross-platform wallet that integrates with the 90% desktop OS. I guess our best hopes are with this Alliance?
(on the other hand, I've placed hundreds of orders in the past years with a creditcard and unless I'm really making so much money that I don't even notice, my card hasn't been abused a single time)
Re:Client side, client side (Score:1)
Now if Microsoft tries to get into my pants, then I'll get seriously up in arms.
Re:Client side, client side (Score:1, Insightful)
After all, Passport is a happier name invoking thoughts of holidays and happiness, whereas Wallet focuses on finance and work.
Re:Client side, client side (Score:1)
Re:Client side, client side (Score:2)
Nice n simple. If all registration/payment forms used the same field names, browsers could spot this and fill in details for you. So what names to settle on? This is where ecml came in.
Part of the problem with this was that browsers seem perfectly happy to roll over and give out everything they know about you to any crackers passing through. So would you really trust having your credit card details held there? Hence the need for ewallets which could store this info.
There's two different concerns here though - single sign on identities (for login etc) and identity for payment. Frankly I DO NOT WANT single sign on which covers my wallet as well as my ability to post to
-Baz
And this is a good thing? (Score:1)
Are we looking in the window and not seeing the diference between the pigs and the humans?
(reference to G. Orwell's Animal Farm)
not a registry system (Score:1)
But if you go on to read the rest, you'll find that they are unveiling a common framework. This way the information remains decentralized -- everyone would only collect the info they need and have their own policies regarding to whom and how they reveal that information.
Much better.
It seems like a superficially beneficial idea... (Score:1)
The solution seems obvious. Expanding and integrating password tracking features into browsers. The w3c would be wise to set this down as a standard. This way, a user could store CC, mailing info, and passwords for *any* site they wanted. As of now, the best implementation of this is Mozilla (that i've seen) because it automatically fills in the form fields when you return to a page. (IE requires you to click on the field and choose from a dropdown box.) This to me gives the ease of single login (because in *nix, you have to log in, and in XP the default is to require each user to log in.) But, you don't have the problems of the passwords (or other personal information) stored at a website.
Heck, you could almost do this with cookies, at least for things like mailing address and cc info. This is where I think amazon failed. Why store CC and mailing information in a database on the web when you can just store it as a cookie?
Am I way off base on this, or does this actually make sense. This is how I manage my many different logins, but of course if uninstall/reinstall mozilla, I've got to retype it. It would be nice if this was actually a package on the browser, and I could save (and backup) this information, and be able to restore it, or even better, copy it over to another browser if I want.
Re:It seems like a superficially beneficial idea.. (Score:1)
I don't even get it. (Score:1)
Warning, warning, you will not be allowed to log onto this website because you are using a non-ms operating system!
vs.
Warning, warning, you will not be allowed to log onto this website because your ISP is not AOL!
Doesn't really seem like a choice to me.
But then again, maybe I'm missing the point, it happens...
-Q
The real scare (Score:1)
[And because I live in Germany, they actually have to ask me prior to doing this. Opt-in is mandatory. Well, by law, anyway...]
Re:The real scare (Score:2)
Did I read it wrong? (Score:5, Insightful)
If they can come up with a decentralized yet intercompatible way of authentication then they might be on to something positive! Anything that can be done to prevent a Microsoft having a total strangle hold with
Re:Did I read it wrong? (Score:2)
Use XNS (Score:1, Interesting)
umm (Score:1)
If you're really looking for an open alternative (Score:1)
An off-topic commentary on the state of computing (Score:1)
Granted, AOL can't be entirely blamed for the idiocy of its user base (and there are smart people who have no other choice) but AOL is responsible for more landscape filling with their CD coasters than MS has been with their inflated OSs.
Proprietary alternatives? (Score:2)
Why isn't anybody creating some free software so you can setup your own server for yourself or your company. It just needs to be a little server, with SSL and some basic security measures (no buffer overflows).
The whole idea is you'd have access to information from multiple locations. We all know the original MS ideas behind why they want to implement this, and it's not to make our lives easier. These other corporate entities simply see how they can make money off this and they also know there is more money to make if they can usurp power from MS instead of joining them.
Honestly, what about these services would make your life easier? Answer that question, there's YOUR solution, most likely it's the solution for MANY people, so write the software that meets YOUR needs. Make it open source and/or free and let many people benefit. I'm sure one cable modem connection could more than handle the load of a mid-size company looking up contact information.
good point about what's behind this. (Score:1)
Granted, having to pay $10 a month to keep using our computer sounds insane, but for most users (who, btw, will already have their CC info stored with MS) they're probably not going to notice, and not know they have an alternative.
Indeed, if MS ties
Will splitting up the company alleviate this? Probably not. I mean, AT&T was split up 20 years ago into a bunch of little companies. Now look at them. They own half the local service in the country, plus a bunch of cable companies.
No one company.... (Score:1)
Right, no one company other than AOL.
THE single authentication network? (Score:1)
1. Someone starts doing X (where X = passport, p2p, XML,
2. ?
3. everyone sees X as a necessity, and is trying hard to not be left out.
So, we are already assuming we won't be able to live without these authentication networks, but noone along the line ever asked why? Am I the only one who finds this funny (or sad, your pick)?
Is it THIS easy to make a whole planet go along with a phenomenon without using basic brain functions?
No thanks. . . (Score:1)
Sorry, but this was a bad idea when Microsoft ahd it, and it is still a bad idea. Developing and 'open standards' version of an unnecessary, intrusive and ripe-for-abuse system does not make it any less of these things.
Liberty Alliance eh? (Score:1)
Don't you see the irony? (Score:1)
How many of you are guilty of re-using your passwords on various sites. All it takes is one of those sites to be stupid and store your password in plaintext somewhere. As soon as someone gets ahold of it, just build a spider that tries your login on every site that requires one.
If joeblow.com gets compromised, maybe I won't find out until something odd shows up. Whereas if Passport or the new thing gets broken into, I'm sure sparks will fly.
It's all in the name.... (Score:3, Funny)
In these times, I can't believe people are saying something called the "Liberty Alliance" is a bad thing. Dear God, you people must all be atheist, Communists. Or maybe Muslim extremists. I will support the good old US of A by letting anyone and everyone associated with the Liberty Alliance have all of my personal information. It's the patriotic thing to do!
Some people are just too cynical...
50 Million handicapped? (Score:1)
Re:50 Million handicapped? (Score:1)
Those millions of Passport users (Score:2)
However, how many people actually use Hotmail for serious email? I doubt foxychic52@hotmail.com and hot_guy334@hotmail.com really provided accurate information when they signed up for their Hotmail accounts...
my stance (Score:2)
Passport provides NOTHING useful in any way. Passport is actually HARMFUL to it's users, as it is an extreme danger.
We all know that, and even most non-computer oriented people can see that just as clearly, which is not surprising considering the nature of Passport.
As a programmer and web developer, I vow to never implement anything that in any way uses Passport(or a derivative)'s authentication mechanism or other ridiculous "features".
I promise I will let my company fire me before I would submit to this nonsense. I hope most of you would do the same.
Personally, I think Passport is doomed to fail. While MS might be able to force people to create a Passport account, Microsoft will never be able to force Passport upon other services, as there will be no benefit to using Passport.
Re:my stance (Score:2)
idiot! (Score:2)
And with that HUGE risk, the consumer gains... absolutely nothing. The whole thing is simply Microsoft trying to gain control of what they want to become the gateway to everything on the Internet.
Re:idiot! (Score:2)
Re:double idiot! (Score:2)
To Many Cooks... (Score:2)
Not that I'd use any of these services, but if I was, I'd rather be using Microsoft's service.
Think about it. You'd be giving your personal information and credut card information to one of these databases. With Microsoft, its just them. With this Liberty thing, look how many hands are in the cookie jar.
And I'm sure that this is going to get me labeled a troll, but open source might be worse than closed source. With the source open, anyone can look at it and find security holes. If the source is closed, its harder to find holes (not impossible, of course).
But do we really need these services? And how secure would it be anyway? You're probablly going to be using a password to get into the system. For the average user, they're going to be using a simple password that is easy for them to remember. Simple = easily broken.
It would be a lot more secure and useful to build a hardware system that would scan a card (MSR, probablly) and had a huge-ass "password", something like 128k, and ENCRYPTED the whole way. You've got the problem with losing the car, but then again you have the same problem with a credit card. Could this be the "killer app" of the "smart" credit card?
Couldn't have said it better (Score:2)
Of course, it's still the way of the future, and at some point we'll all be pretty much forced to use something like this. That's not all bad, I certainly won't fight it, but I don't think it's necessary either. I definately don't trust MS with it, but I don't think I'd trust AOL with it either.
AOLs support will certainly make this a viable sollution, though, and the competition will hopefully benefit us little folks.
I'm just not sure how I feel about this whole thing.
The problem is not in the ID's but the public (Score:2, Interesting)
It matters not if Microsoft or Liberty has the ID it matters that people know enough to realize that this is a bad Idea.
.
Does the consortium thing ever work? (Score:2)
sPh
Re:Does the consortium thing ever work? (Score:2)
Sure, compare MSN version 1.0 vs W3C. The first MSN was a dialup competing against Prodigy and AOL.
Or IP vs. Novell IPX, or X vs. NeWS. One can argue reasaonably that these aren't clones, but are things that "changed the game" compared to the proprietary thing. But that is one of the advantages of the open-ness.
The question is whether the closed thing can get a knockout before the open thing gains footing.
-dB
Single login grabbag (Score:2)
Will some sites deploy it? Sure. But any vendor that says "We only accept payment via MS Wallet" is committing suicide. As much as they wish you'd pay by credit card, even checks are accepted by most online businesses. No one is going to turn away money.
It will only be useful if it's super convenient- and practically everyone who buys stuff over the internet has accounts at all of the places they buy from consistently, making check-out a snap.
But on the other hand...
People routinely make convenience/security tradeoffs. If we were having this discussion 20 years ago credit cards would be pure evil to us. Having your credit card number stolen nowdays is an inconvenience rather than life ruining. And most of us have come to accept the fact that law enforcement can track our iron dildo purchases from the comfort of their desks if they wanted to.
In the absolute worst case most sites will simply feature a "Use my passport account" link above the "Create an account" link.
My how the world turns.
Re:How many companines does it take (Score:1)