Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
The Internet

Liberty Alliance Plans Passport Interoperability 81

EvanDelay writes "The Liberty Alliance Project, which is developing Web technology to facilitate single sign-on authentication, plans to support interoperability between its system and Microsoft Corp.'s rival Passport system. Computerworld has the story."
This discussion has been archived. No new comments can be posted.

Liberty Alliance Plans Passport Interoperability

Comments Filter:
  • DO we want that? (Score:1, Interesting)

    by nervlord1 ( 529523 )
    Do we really WANT that? Seriously, the whole point (atleast for me) with this project was that my data was miles away from the non-security conciense microsoft. That i could pick the lesser of two evil's.

    It would be best if it gave me an option.

    But personally, i agree with what another Slashdot reader said: its the browser's job to look after a user's password. a single username and password for all your site's is absolutly retarded security-wise.

    • problem is that "single sign-on" is the catchword of the year and anyone who manages by magazine is sold on the idea... if my boss is going to tell me (as i'm pretty sure he will) that it will be "nice to have", i'd much prefer to have the option of staying well away from .net and that horrible "D flat" language than not
    • Assuming thier .NET interoperability is on by default (and again assuming there'll be the option to turn it off), doesn't that mean that any security problems that affect one system will affect the other... making the Liberty Alliances system twice as insecure?
    • Re:DO we want that? (Score:5, Interesting)

      by IamTheRealMike ( 537420 ) on Wednesday September 25, 2002 @08:19AM (#4326418)
      But personally, i agree with what another Slashdot reader said: its the browser's job to look after a user's password. a single username and password for all your site's is absolutly retarded security-wise.

      No, it's extremely smart security wise. Now, for all I know you may be the paragon of good security practice, but most people are not. In fact, most people, faced with a morass of passwords for various different services do something that is extremely bad and set all their passwords to the same thing. I've done this, for instance, because it's either that or write down all my passwords (which of course some people do) and keep them on my computer, which means I cannot access any services when I don't have that list.

      There is this fantastically common misconception that centralising your various digital identities will somehow decrease security. Not true! There's a reason most of us have 1 (perhaps 2) personal email accounts. We don't have 100 email accounts with different user names and passwords because the truly minor increase in security that would bring is nowhere near worth the major increase in hassle.

      Single sign on is coming people, and when it arrives not only will 95% of the computer using population be more secure because of it, but computers will be dramatically easier to use as well.

      I've read the liberty specs in more detail than most of the people here on slashdot I'd bet, as I'm working on a server that contains an (open source) implementation of them. No, it's not released yet, perhaps in a few months. But believe me, the LA specs are not scary, they will not force you to tell the government what your favourite colour is, they will not take your first born child. They will make your life easier.

      • Single sign on is coming people, and when it arrives not only will 95% of the computer using population be more secure because of it, but computers will be dramatically easier to use as well.

        I've read the liberty specs in more detail than most of the people here on slashdot I'd bet, as I'm working on a server that contains an (open source) implementation of them. No, it's not released yet, perhaps in a few months. But believe me, the LA specs are not scary, they will not force you to tell the government what your favourite colour is, they will not take your first born child. They will make your life easier.

        I totally agree with you--the Liberty Alliance from what I gathered is basing it's platform on being free and open for everyone. I haven't read the specs as you have, but I've read more from the page than perhaps most here.

        There's way too much FUD being spread around here for my tastes. ;)

      • Single signon is a pretty stupid idea. What if I'm signed in, and reading some mail, and then I get up for a coffee. Now, while I'm AFK, somebody else comes along and starts using my browser to go to amazon.com. Since I'm already logged in, they can order a load of stuff on my credit card, and have it delivered to their own address.

        OK, this could happen already because I have an amazon cookie on my system which means I don't need to log in each time. But, I can always remove the cookie and force a sign on the next time I go there. With single sign on you won't have that option, you will always be logged in.

        • Or you could lock your computer when you get up...
        • OK, this could happen already because I have an amazon cookie on my system which means I don't need to log in each time.

          Technically, anytime you click on any order button for the first time (even if you have that cookie on your system) amazon will force you to log in again. I believe after that, it essentially generates a session for you and you do not have to login again until you close your browser (or reach their timeout level of inactivity)...

        • I see your point, but it could be argued that its not the signon system thats stupid - it's the person signing on and then walking away to get coffee.
        • What if I'm signed in, and reading some mail, and then I get up for a coffee. Now, while I'm AFK, somebody else comes along and starts using my browser to go to amazon.com

          Funny Story:

          A few years ago (1996 or so), a guy at work and I got into a practical joke war.. He got up to get himself cofee, and (as was his habit,) left his email client open.

          I went to an online personals site (new at the time :o), and created an account using his email address - as he was away, I was able to 'OK' the email confirmation on his behalf.. (and then promptly delete it :o)

          Using 'his' new account, I posted an ad in the Gay Encounter section, saying that he was just discovered his sexuality, and asking for someone who would be gentle with him..

          The look on his face when he started recieving photos was priceless.

          Now, he learned a lesson that he never forgot, and it's one that you should know as well - if you have sensitive windows open, close them or lock your workstation when it's unattended.

          Even before single sign-on's were thought of, the scenario you envision is still possible.
      • Single sign on is coming people, and when it arrives not only will 95% of the computer using population be more secure because of it, but computers will be dramatically easier to use as well.
        Mikey's bang on on this one. Better late than never 'Universal (Single) Sign-on' is finally becoming a reality ... now where are those 'vampire-capitalists' who laughed themselves hysterical back in '96/7 when I pitched them with this 'interesting' idea which they assured me would have 'little to no traction' in the marketplace?

        The simple truth is, when confronted by more than two or three set of authentication information, people will either use the same password, or simple variations, everywhere or they will write them down ... come-on, you know you've done it :)

        Natty
        • The simple truth is, when confronted by more than two or three set of authentication information, people will either use the same password, or simple variations, everywhere or they will write them down ... come-on, you know you've done it :)

          No, in fact, I have not. I have about twelve different passwords, one for every service I want to keep secure and then two blanket passwords for lower security things. I do not forget them. They are never variations of another password. Five of those are e-mail adresses that I keep, and it is not a hassle to keep them. I do not see what the great challenge is. Use something you know. Everything is a refererence to personal life that I use for a password. Witty phrases are always good, as are things in other languages. You are less likely to forget them. People tell me it's a hassle, but I have no problem with it. An extra thirty seconds is worth my security. It is not like having five different mailboxes in different locations of New York.

          So, yeah, I don't do that. It's not hard, and it is in fact safer.
      • ...most people, faced with a morass of passwords for various different services do something that is extremely bad and set all their passwords to the same thing. And we should remember the Slashdot Poll about passwords which included that answer that one always uses the same password...with the observation by a bystander that it implied that their Slashdot password is the same as their other passwords, therefore the Slashdot system knew all their passwords.
      • Wrong on both counts.

        There is this fantastically common misconception that centralising your various digital identities will somehow decrease security. Not true!

        The problem with centralizing one's data is that once it's broken into (see links below on MS's haphazard security) you've lost the whole lot, rather than just part of it. Your only argument against this is that keeping separate identities is a "major ... hassle" which will induce you to make all your passwords the same. Well, if you make all your passwords the same, then you have poor security, but for the same reason - break one, break all. The smart alternative is to keep them separate and different and under your own control.

        At least, this is true if you trust your own security. I don't even trust those browser utilities - I keep a paper list, not of passwords and logons, but of something that reminds me of each one but which would be meaningless to anyone else. This is easy and secure. I might also trust a compiled-by-me, open-source password manager..

        And second, you're not even considering the privacy implications, which are the main reason many people dislike the whole Passport-type service idea. Maybe online merchants, etc. that I deal with are going to share info anyway, but if they have to figure out that one user on Amazon is the same as one at Altex, by comparing name, address and credit card number (you know that "privacy policies" are worthless, right?), then it will be a little harder for them, and hopefully more incomplete, if I'm not participating in something like Passport.

        The only important question here, as far as I'm concerned, is whether, in the long run people are going to be able to opt out of this sort of thing. If Passport attains a certain "critical mass" then many merchants will no longer allow a non-Passport logon. And MS is probably already planning to tie Passport to Palladium.

      • by AJWM ( 19027 )
        There is this fantastically common misconception that centralising your various digital identities will somehow decrease security. Not true!

        Absolutely true. The annals of computer crime are full of cases where crackers have accessed systems B, C, D and E by harvesting passwords from system A and users re-used the same password on those other systems. Now true, if those other systems had some other gaping hole that would let them be compromised without a password, then in some theoretical absolute sense the security isn't any less because of the shared password (since there was no real security to start with), but such holes are bugs and fixable by the sysadmin, whereas shared passwords are not.

        Single sign-on, whether Passport or Liberty Alliance, seems like a disaster waiting to happen, although if properly designed and correctly implemented (bloody big "if"), it'd be safer than multiple sign-ons all using the same password (because the latter gives multiple points of attack). But it's also painting a huge target and sign on itself that says "crack me!". And it's still less-safe than multiple sign-on with different passwords. (Think about it -- if you're a big-time crook (or terrorist, etc), do you go for the high-stakes bank job, or just stick up a string of 7-11s? It all comes down to effort vs payoff.)
        • Single sign-on, whether Passport or Liberty Alliance, seems like a disaster waiting to happen, although if properly designed and correctly implemented (bloody big "if"), it'd be safer than multiple sign-ons all using the same password (because the latter gives multiple points of attack). But it's also painting a huge target and sign on itself that says "crack me!".

          Possibly, but bear in mind if you break into somebodies email account you can usually compromise most of their web passwords anyway, as almost all sites have an "email me my password feature". In effect, your email account is your digital identity, as it holds the keys to all your other passwords too. So that's also a pretty big target in a way, yet email breakins are fairly rare - possibly because people recognise its importance and choose good passwords?

      • Does someone (the dotGnu project, perhaps) have
        a big matrix of all SSI proposals, both open
        and closed? Since I came up with my own, TJAIS
        or DGAIS (since AIS is completely useless as
        a searchable term due to noise from AI), about
        a year ago, I can't stop myself from mentioning
        it as if it has any hope at all of getting mindshare
        (what? David Nicol [davidnicol.com]? That crank? Isn't he a DJB
        sock puppet or something?) in the free SSI protocol
        space.

        Seriously, looking at theoretic.com gives links to
        PingID. Way to hold back, IamTheRealMike! I lack
        your fortitude. AIS description, such as it is,
        hangs off of
        http://pay2send.com/cgi/ais/about

        AIS is a protocol for exporting a SSI domain (any kind) to remote web services, passing messages
        via both the user, by Location headers, and a
        back-channel between the remote service and the
        AIS service.

        There are a few defined primitives, and room to
        expand.

        It is offered as a standards-track proposal.

        david nicol (hurried and working on other things)
    • Depending on how this is done, it can be a good thing. The point is to have the greatest possible interoperability, without compromising the security of your personal information. The real critical issue in all of this is who (or more to the point, whose code) controls my private information. Even if the data is stored on a server, that's ok if it is encrypted and the private key is safely protected on my local machine under security protocols that I can control (choose). The private data can be held on any number of servers, and sent back to my local machine for parcelling out as required. Authentication shouldn't require sending out private data, but rather challenge/response that can only be correct if I possess the proper keys.

      Passport must be made open to third party scrutiny if they want to play with everyone else. Industry standards are that they must publish their design and code for open third party review and analysis. I personally would not accept less, and would be shirking my professional responsibilities not to advise this to anyone I do work for. I assume they have not done so, nor do they plan to. I would also expect the Liberty Alliance to have a similar standard to mine, and if not I wouldn't advise anyone to use that either.

      The logic of symetric and asymetric key systems isn't that deep, although their can be a lot of hazards in the implementation. The only good solution to this is lots of eyes, and all responsible professionals should insist on it.

      But personally, I agree with what another Slashdot reader said: its the browser's job to look after a user's password. a single username and password for all your site's is absolutly retarded security-wise.

      Well, not the browser itself, but an independant security module that can be accessed by the browser and any other program that needs to. Having one or many user names isn't really the issue, and the only password needed should be to open up your locally stored private key chain.

      That puts all the load on protecting that private key chain, and anything you can do to secure that information is a good thing. Single point of failure isn't the issue that people make it out to be. The issue is keeping the most sensitive data, the private keys that can open up everything, private. Opening them up in the memory of your PC is better than trusting that function to a third party, but better is to never expose the private keys.

      One cool job I had was for a company trying to market a secure messaging system. They went belly up before the dotcom crash, but the technology was very cool. It was a message hub system with key escrow and the works. The actual message processing was done by a purpose built box that had no disks or permanent storage, just a network connection. The keys were stored in PC/MCIA cards that had processors and non-volatile storage, and only half of the key was stored on each card. The only place you would ever have private or session keys in clear text was on the closed box or half of one inside the PC/MCIA cards.

      The point is that it might be good to have a sub-processor that can do things with the private keys, but never have them in clear text outside of that. This could be done with the kind of physical tokens that some people have suggested when single sign on came up before. Although some will find this excessive, I think it is a good idea.

    • Well, I have separate secure passwords for the few
      services I care about (like my bank, credit
      card, and other stuff); but I would happily
      have a single account for nytimes, slashdot,
      various online fora, and other sites that
      require membership - who really cares?

  • They've changed their name to "The Alliance Project"
  • Microsoft's Passport single sign on system still has many security flaws, well as do all of Microsoft's products, but using the single sign on system for business transactions in the Liberty Alliance Project may not be a step in the right direction. The LAP should have designed a new system for login and account management.
  • I dont mind having the *choice* to let MS have some of my personal data.

    Interoperability is great if it increases choice - although I hope that we'll also have the choice not to interoperate.
  • Nice for us. (Score:4, Interesting)

    by miffo.swe ( 547642 ) <daniel.hedblom@gm[ ].com ['ail' in gap]> on Wednesday September 25, 2002 @07:46AM (#4326317) Homepage Journal
    I really hope it will work with linux. If it does we will have a free ride onto passport-only sites. I cant imagine MS letting off a passport client for linux by themselves (or anyone using it for that matter).
    • I really hope it will work with linux. If it does we will have a free ride onto passport-only sites.

      I really hope it doesn't myself, I understand why others might have the need. Well, I went over to the Liberty Alliance [projectliberty.org], and though the website looks rather 'corporate' and polished, it says in big bold on the front (my bolding):

      The mission of the liberty alliance project is to establish an open standard of federated network identity through open technical specifications...

      Since it's all open, a linux client would be easily implemented, and if us OSS users would choose LA's solution, it could put a small dent in Microsoft's network identity marketshare.

      The federated network identity is simply corporate jargon for the obvious (from their website's FAQ):

      On a very basic level, federated network identity means consumers and businesses can allow separate entities to manage different sets of identity information.
    • I really hope it will work with linux. If it does we will have a free ride onto passport-only sites.

      I don't understand. Passport is browser neutral, you can access it with Mozilla on Linux for instance.

    • You're misinformed. When you login to Hotmail you log into passport. Are you saying you can't log into hotmail from Linux? I think not.
  • from the last-nail-in-that-coffin dept.

    Sure, it's probably the last nail, but for which service? As much as the majority of the userbase hates MS, it doesn't really change these two simple facts:

    1) They have a single platform they can use to push their services from
    2) They have a Scrooge MacDuck style bank-vault to dip into whenever they start to feel the sting of competition. Interoperability with Passport is only going to force Liberty into anonymity, not give it the huge marketshare we're all hoping for.

    • 1) They have a single platform they can use to push their services from

      Correct me if I'm wrong, but isn't the important part of this platform on the server, not the client? MS is still losing on the server, so if the LA supports passport clients in their server implementations, the game is up. MS clients such as IE are not likely to support LA client protocols, but so what? They will still be able to connect to all servers. More open clients can support both, but are only likely to do this if they can trust the passport implementations.

      So MS has three choices:
      1) Don't play (no non-MS client or server implementations of Passport allowed, I take no MS implementation of LA to be a given).
      2) Allow other clients (no non-MS servers).
      3) Allow other servers (no non-MS clients).

      In 1), if you use MS clients, you will only function with MS servers (.NET platform). This is a lose for them since they don't have much market penetration in the server side.

      With 2), only MS clients would be disadvantaged, unless they added LA support to their clients (won't happen).

      Case 3) would be interesting because all clients would be able to play with open servers, but only clients that adopt passport will be able to access .NET servers (I'm assuming MS server == .NET server until they abandon that for something new). This situation could persist for a while since non-MS clients and MS servers are likely to be the minorities for some time. It can't be helpful in selling .NET to a wider audience.

      I almost forgot that there is a forth case, but MS is not going to play nice, so that won't happen anyway.

  • by e8johan ( 605347 ) on Wednesday September 25, 2002 @08:00AM (#4326361) Homepage Journal
    This is too early to give in to Microsoft. As neither version has any significant market advantage yet it is not good to make the systems one-way compatible. This only makes it easier for customers to move to .Net, not the otherway around.

    The priority must be to compete with .Net, not to become the little brother of it. There are a number of points that need to be equally good/better than .Net:

    1. Ease of use (both user-wise and coder-wise).
    2. Security and user control of information
    3. User base (on both sides again).

    The first point is the reason of the project from the start and must be maintained.
    The second point is the advantage, no-one can reach me, and on-one can reach the customer-records of a competing company without authorization. Not only geek users should be afraid of giving too much info away, also the companies utilizing these platforms must be aware and protect their customer bases.
    The third point is probably the pass/fail issue of the entire project. It must get adopted, from the average user and by the service providing companies.
    • As neither version has any significant market advantage yet

      Wrong, amigo. Ever sign up for a Hotmail account? You were automatically signed up for Passport as well.
      In other words, for the Liberty Alliance, the fight was pretty much over before it began.

      • Ever sign up for a Hotmail account? You were automatically signed up for Passport as well.
        In other words, for the Liberty Alliance, the fight was pretty much over before it began.


        But does this really give Passport a huge advantage? The only advantage I can see is that they have got someone to fill in a form, once, and probably with junk.

        The most important thing is surely the websites that sign-up to use Passport/Liberty i.e. Amazon, eBay, the banks etc. To say the fight is over is somewhat defeatist at this early stage. There's still everything to play for.

      • Easy solution: Make every AOL/AIM screename the default Liberty logon.

        AOL is part of the Liberty Alliance.
  • Looks to me like Microsoft is getting far more than LAP out of this deal:

    Hotmail will still tell you to get a Passport logon, no-one will tell you to get a liberty alliance logon. So MS still gets the majority of the customers.

    Added to this, MS gets your information free from liberty alliance, so the obsessive geeks who just had to go with the minority service are still giving all their information to MS, so they get marketing info for even more people, basically at no cost to them.

    Whereas liberty alliance gets.. nothing really. Maybe some people who wouldn't otherwise sign up will now that their logon works with Hotmail. But not many. Out of the 1% of the population that knows Liberty Alliance exists, 50% won't be signing up for either system if they can avoid it, because they understand the stupidity of the idea security-wise, and 90% of the people who do are signing up just because they don't like MS, so the added ability to use Hotmail is not going to make any difference.
  • " ... this option [interoperability] could be part of a 1.1 specification ... "

    kinda sounds like a w3c statement about a new standard protocol or language. amazing how ballmer & co. said [zdnet.com] this would "have little chance of mattering". gee, looks like it matters now. big banks, all the major credit companies, several of the web's biggest commerce fronts - i'd call that a strong base of interest and support for Liberty.

    maybe they need a 3rd party [com.com] to mediate so everyone plays nice for a while
  • by Futurepower(R) ( 558542 ) <MJennings.USA@NOT_any_of_THISgmail.com> on Wednesday September 25, 2002 @08:24AM (#4326428) Homepage

    In the past, Passport has been shown to have zero security. See the Wired News article, Stealing MS Passport's Wallet [wired.com].

    On August 8, 2002, the U.S. Government's Federal Trade Commission (FTC) ordered Microsoft to stop lying about its Passport service. The FTC's order is titled Microsoft Settles FTC Charges Alleging False Security and Privacy Promises [ftc.gov].

    From: Windows XP Shows the Direction Microsoft is Going. [hevanet.com]
  • by IamTheRealMike ( 537420 ) on Wednesday September 25, 2002 @08:25AM (#4326434)
    1) This is merely an offer from the Alliance to Microsoft. MS probably won't take it up.

    2) Even if they did decide to co-operate, it'd largely be meaningless. There are so few websites using Passport the list can fit into less than a screenful.

    3) Even if this wasn't a problem, making Passport interoperate with anything would be a major technical headache. It simply wasn't designed for that at all. It's centralised so badly it'd need to be ripped apart and rebuilt to allow for "federation". Notice how that using Kerberos to open it up idea seems to have faded away? That's because Kerby was never meant for that anyway, and because it's extremely hard to open up Passport.

    4) Passport is growing at a snails pace, with good reason. The gain you get from it is small (often the user needs to give a password anyway, regardless of whether they use passport or not) and the cost is huge, both in developer time and various costs involved in working with Microsoft.

  • I don't like the idea of single sign-on for every freakin website I purchase from. I actually feel safer knowing that my personal information isn't accessible on all the sites if some kid hacks into a IIS box. Heck webservers have bugs and exploiting takes less time than building and maintaining them, so I'd rather keep my login's to myself.

    I would hate to wake one morning and get an email from microsoft saying "sorry some one hacked passport and stole 100K user accounts including everyone's credit card info."

  • A chain is only as strong as it's weakest link. This may be good for garnering general acceptance, but for those of us who are looking for a complete alternative to Passport, is it really a good idea?
  • The name of each authentication effort implies that we'll be gaining some type of "freedom" in handling our online commerce affairs. But isn't this just bringing us one step closer to Larry Ellison's vision of user profiling on a nationwide -- perhaps even global -- scale?

    In addition, there's no way I trust what a corporation is going to do with my data, given the ease with which privacy statements are altered. Maybe if I lived in the European Union, I might feel better about it -- those guys seem to take privacy seriously, even if their networks aren't as built-up as those in the US -- but I simply don't trust American Big Business at all these days.
  • Wasn't this supposed to be a feature (or even the point of?) of Novell 4.x NDS? (I could be wrong. Again.)
  • Here's an idea (Score:2, Insightful)

    by Peter Lake ( 260100 )
    How about a decentralized, open system which puts the user in control of her identity:

    From PingID [pingid.org]

    Ping Identity exists because we believe that digital identity systems need to first uphold the rights of the identity holder. We exist because market momentum and existing approaches lack the fundamental attributes required to ensure our personal freedoms, choice, privacy and control. We exist because something as personally important to our future ability to communicate, interact and transact in a digital world must never come under the control of single entity, government or corporation.
  • by Anonymous Coward

    I was at SunNetwork last week. They had a demo of Liberty in one of the Keynotes. As the demo went on, my stomach turned and I blanched.

    Instead of Microsoft holding your balls, Sony will.

    Feel better now?

    Clearly there's a whole whack of MANAGERS and BUSINESS TYPES at Sun and in the Alliance who are simply putting together their own version of Passport, which allows the corporation who sets up the given "circle of trust" between inter-acting corporations to hold the bag. Guess whose likely to be holding the bag? Whoever has the most clout. In the demo, it was Sony.

    It's *not* a bunch of techies doing the right thing. Somehow we've all been conned into "oh it's not Microsoft and so it's less evil".

    Bullshit.
  • With this new interoperability I can refuse to use either of them interchangably!

    -
  • by jjoyce ( 4103 )
    What happened to all those people who were slamming single sign-on a few days ago?
  • by kbielefe ( 606566 ) <karl,bielefeldt+slashdot&gmail,com> on Wednesday September 25, 2002 @12:15PM (#4328043)
    Why would I give Microsoft the password for my doctor's or stock trading website when I won't give my own family members the root password to my computer?

    While I may trust Liberty Alliance more than Microsoft, I still would prefer to manage my passwords myself. Single sign on just provides a single point of attack.
  • by Anonymous Coward
    Why do we need the whole concept of Passport. It's a broken idea to be giving this kind of data to a third party -- any third party.

    Would you give just any Microsoft employee your bank card PIN?

    Good lord.

    Now, Mozilla has a file where you can keep form data, including passwords. When you hit the page, the fields are filled for you.

    That does the job for anyone sitting at "their" PC.

    If you move about, then all they have to provide is some serverish sort of thing whereby Mozilla can query/update that file on your PC , or a server of your choice, from wherever you are working. All kept fairly secret using PKI/gpg.

    Now all you have to do is worry about the level of trust you have in the owner of the version of Mozilla you're using. They may hack mozilla to record your data, but I'd rather take that risk than hand it over to N employees at Microsoft.

    You could go further and create a web site security standard other than a simple password. It would offer a public key meta field, then Mozilla could query YOUR server to get a cert that containted an encrypted password to be handed over.

    The point is ... WHY DOES THIS HAVE TO BE CENTRALIZED?

  • Irony (Score:3, Funny)

    by Dirtside ( 91468 ) on Wednesday September 25, 2002 @02:53PM (#4329757) Journal
    Yeah, let's hear it for the Liberty Alliance! You know, because I always associate "liberty" with "centralization of power and resources," as opposed to, "distrbution of power so that people may have more control over their destinies." 'Cause, you know, that would suck. </sarcastro>

    (My weapon is the razor-sharp sting of sarcasm!)
  • I don't like the idea of my passwords being stored anywhere, except in my wetware. That said, I think local storage of passwords (e.g. the password managers built into some major browsers) is a good solution for many users. Many people who would use a tool to remember their passwords don't need to access the same service from different computers anyway, and for those who do there's always networked filesystems. (roaming profiles, etc.) Of course there's a way around it for smart people, and the clueless don't have a clue of the badness of Passport (doh).
  • "For that matter, compare your pocket computer with the massive jobs of
    a thousand years ago. Why not, then, the last step of doing away with
    computers altogether?"
    -- Jehan Shuman

    - this post brought to you by the Automated Last Post Generator...

"The identical is equal to itself, since it is different." -- Franco Spisani

Working...