×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

339 comments

Security (2, Interesting)

skubalon (579506) | more than 11 years ago | (#4297552)

Do we really want a single sign on?

Re:Security (4, Insightful)

RailGunner (554645) | more than 11 years ago | (#4297587)

I was going to ask the same question. Having a single sign on means that security has a single point of failure. Is this what consumers really want? Why is the Open Source community playing "catch-up" to Microsoft when I know we can come up with a better way to do it...

Re:Security (2)

rmadmin (532701) | more than 11 years ago | (#4297801)

How about reversing the idea to some extent? For instance, all of the important information is now stored on your computer (If your running windows, I can understand your uneasiness about this), along with a serial # of some type. Now, the sign on server out in the middle of nowhere has your serial #, and just verifies that your serial # is valid for your computer. So, when you go to buy something, etc, your browser says 'Do you want me to put your info in here?' and you click 'Hell yeah', and it sends that info. Now the server on the other side checks your serial # with the sign on server. Viola.

I know this type of system would need some serious refining to work. And theirs probably lots of problems associated with making this way work. But then again, isn't the same true about the current system they are pushing?

I personally don't want to see any type of centralization, I just thought this idea sounded more fun. :-D

Re:Security (2, Interesting)

Anonymous Coward | more than 11 years ago | (#4297595)

WHo wants singles singn on? I don't. I quite enjoy making up false marketing info whenever I sign up for anything. A single sign-on system, whether an open project or otherwise, still has the possibility of removing anonymity and privacy.

Do we really need a single sign in? (4, Insightful)

dirvish (574948) | more than 11 years ago | (#4297569)

The question should be: Do we really want a single sign in solution? I don't like passport, or its integration into XP and I probably won't like a Linux version. Single sign in sounds terribly insecure. I suppose the Linux version might be more secure since as Microsoft says, their products aren't made for security.

Re:Do we really need a single sign in? (1, Informative)

mojowantshappy (605815) | more than 11 years ago | (#4297671)

Yes, something about Microsoft, or anyone for that matter, having all of your personal information (credit cards, Social Security Number, age, sex, etc. etc.) doesn't settle well with me. What gaurentee do we have that such companies won't sell our information for profit, or someone from the company intenionally creating an insecurity to exploit the system? It is awfully like the identification system they are implementing in Japan currently and is much too centralized for my taste. There is way to much power in Passport like systems...

Re:Do we really need a single sign in? (1)

phorm (591458) | more than 11 years ago | (#4297691)

Anytime your data is on somebody else's server, then you've lost a certain amount of control over that data. A cool idea might be to have a login that allow remote sites to access personal repository servers in order to retrieve required data. Of course, this would only work if you have a domain and/or static IP of your own to designate as the repository, otherwise - same problem again.

Maybe an itty bitty serial hardware device that contains the more significant data, which you could carry on a keychain or something would work?

Re:Do we really need a single sign in? (0)

Anonymous Coward | more than 11 years ago | (#4297696)

It is the Single-Sign-On concept I oppose. The concept itself is of limited value, and it is not a concept one should try to duplicate for any reason.

Given time, all widely-used non-trivial systems can and will be exploited.

Thank god (5, Funny)

Anixamander (448308) | more than 11 years ago | (#4297570)

Here I was worried that a company with billions of dollars would be able to dominate the market with their single sign on technology, but apparently some technology I have never heard of that is named after an Ed Wood movie will defeat it.

Can we mod the article -1, Presumputous?

Re:Thank god (0, Troll)

FortKnox (169099) | more than 11 years ago | (#4297620)

Can we mod the article -1, Presumputous?

Well, I think the real reason it was posted was:
I hate Passport's integration with XP (although that might be because I hate XP). An Open Source single-sign on would be a real blessing.

Anything anti-MS is a good /. story, right?
An open source single sign-on won't solve the problem of a single sign-on.
The reason people hate passport isn't because its written by MS. Why don't people understand that?

Simple: Blind rage of MS.

Tunnel Vision can happen at both ends of the tunnel.

Re:Thank god (2)

T3kno (51315) | more than 11 years ago | (#4297736)

I'm just wondering, not that I completely disagree with you, but do you actually thing that Passport integration with XP is a good thing? Do you trust Microsoft enough to give them the key to all of your personal information? What will you say when Passport becomes a pay-per-use technology? I dont like Microsoft, because I dont trust them, they have never earned that. I also dont like the blind /. bashing of the zealot crowd it doesn't help anything. But this is a really bad idea, especially with all of the DRM crap that Microsoft is wanting to put in their products. If you think it's a good idea I would really like to hear why.

Re:Thank god (1)

FortKnox (169099) | more than 11 years ago | (#4297775)

I don't like the entire idea of passport. I don't have the same password everywhere, and don't like the idea of having all my eggs in one basket. I have XP, therefore have a passport account, but I don't use it for anything.

Incredible (2)

kiwimate (458274) | more than 11 years ago | (#4297846)

An open source single sign-on won't solve the problem of a single sign-on.
The reason people hate passport isn't because its written by MS. Why don't people understand that?

Simple: Blind rage of MS.


This is, without a doubt, one of the most succinct and lucid comments I've ever read on Slashdot. Thank you, FortKnox.

correct me if i'm wrong (4, Insightful)

discogravy (455376) | more than 11 years ago | (#4297573)

but isn't the biggest thing against single-sign-on the fact that there's a single point of failure? why would open source change that?

Re:correct me if i'm wrong (5, Interesting)

Anonymous Coward | more than 11 years ago | (#4297641)

I certainly don't want a single sign on. Yes, it's a single point of failure. But it's more than that. It's one-stop shopping for anybody who wants to intrude into your life or totally violate your privacy. I don't like passport. I won't like any other system of the same ilk.

I keep differnt account names on different systems. I use multiple passwords that follow rules for mixing case, special chars, and numerics. I never have any programs remember my passwords. It's a hassle to keep up with but I feel a bit more like no one is watching all of what I do.

Am I a paranoid tin-foil hat type? No, I'm an honest up-standing citizen type. I don't think I want to give the keys to my life to anyone, though. I don't want some a hacker breaking in and messing up my life. Nor do I want to be perfectly profiled by a bunch of marketing droids.

Single sign on is great - for a single system. I do not want and will not use single sign on for the internet.

Re:correct me if i'm wrong (0)

Anonymous Coward | more than 11 years ago | (#4297753)

Admit it! Your Slashdot account's password is "S14shd0t_p4SS#"!

Re:correct me if i'm wrong (0)

Anonymous Coward | more than 11 years ago | (#4297702)

This general method was discussed way back in 1997 by Tony Jenkins and David Perell.

Basically they concluded that if it was implemented combining with current authentication techniques, that one could efficiently disguise the firsts methods in a criss-cross pattern.

But as long as it's open source and secure who cares right?

Re:correct me if i'm wrong (-1)

Anonymous Coward | more than 11 years ago | (#4297722)

becasue open source r0x0rz and we r all 1337 h4x0rz

Re:correct me if i'm wrong (4, Insightful)

Pauly (382) | more than 11 years ago | (#4297781)

but isn't the biggest thing against single-sign-on the fact that there's a single point of failure? why would open source change that?

In a word: No.

For one, this doesn't need to be implemented as a single point, physically. By your faulty assertion, DNS can be considered a "single point of failure" , and while DNS is decidedly vulernable, the internet somehow manages to have worked well for a while now. ;)

If it were me, I'd look at the architecture of DNS and copy the strengths of its distributed design. Then again, DNS is borne of scientists aiming for an open internet, not corporations looking to lock it down.

Re:correct me if i'm wrong (2)

daviddennis (10926) | more than 11 years ago | (#4297800)

If I understood the article correctly, Factorium is a way of handling a single sign on in a more distributed way, possibly sharing the signon database and cryptographic information between machines.

So in theory we could have a single sign on and multiple points of failure.

That being said, there wasn't enough detail in the article for me to know for sure.

I would say a single sign-on is fine for reading articles in the NYT and Wall Street Journal while having only one login, but I feel genuinely uncomfortable about using it for financial information, and extremely uncomfortable about giving it to Microsoft.

I think a lot of people feel the same way, and that's a major reason why Passport failed. Microsoft was unable to sign up any banks or credit card companies for its service, because they didn't want MS's greedy fingers in their customer databases. The mass of everyday consumers may not be sophisticated enough to distrust Microsoft, but banks are not in that position.

D

Re:correct me if i'm wrong (2)

StoryMan (130421) | more than 11 years ago | (#4297863)

It makes you wonder why sometimes -- at least in this case -- a low-tech solution might not be the better alternative.

I mean, cripes, just remember your passwords.

And if you can't do it, try harder.

Simple.

First Post (0)

Anonymous Coward | more than 11 years ago | (#4297574)

First Post

Re:First Post (0)

Anonymous Coward | more than 11 years ago | (#4297653)

omfg, people had posted multiple replies to comments above you already, and you finally have a first post llama comment? my god, what are you, a one fingered midget who has to jump to reach the keyboard in burma, where there's only a 2400 baud modem connecting a hundred poor hungry people on a makeshift network in the jungle?

Re:First Post (0)

Anonymous Coward | more than 11 years ago | (#4297796)

You must know me! Do you have a problem with one fingered midgets? Are you a bored ignorant asshole that has nothing better to do than bash other people to make yourself feel better?

No. (1)

John Hasler (414242) | more than 11 years ago | (#4297580)

"good single-signon" is an oxymoron.

Re:No. (1)

beaverfever (584714) | more than 11 years ago | (#4297689)

I agree. I don't want a single sign-on, I do not care for the "convenience" of a single sign-on. I believe having one company (MS or whoever) control it would be a worst-case scenario, but whether it is MS or open source/non-profit or a government agency I want no part of it; they would all be bad.

I cannot stress how much I want nothing to do with a single sign-on "solution". Nothing, zero, zilch... ever.

NDS (2, Interesting)

Mournblade (72705) | more than 11 years ago | (#4297583)

"Will we ever get a good single sign-on solution?"

What about NDS/Single Sign On from Novell? I haven't looked at it in a while, but last I checked, it ran on most server operating systems (including Linux), makes administration a *lot* easier, and is pretty secure. What's not to like? (besides the fact that it's not opensource/freesoftware) I guess I shouldn't be surprised, since Novell's marketing sucks. They have great technology, but have had a lot of trouble turning that into products.

Re:NDS (2)

Lxy (80823) | more than 11 years ago | (#4297598)

E-DIRECTORY KICKS ASS

nuff said. Need to admin that linux server, Novell server, and NT server with one ID? Problem solved.

Single sign in? (0)

Anonymous Coward | more than 11 years ago | (#4297592)

What is with this obsession with single sign-ins? For the web, just use the facility to remember passwords provided by your browser (with a single secure password to protect them). For everything else, just keep the passwords you don't use often in a PGPed file.

It may be putting your eggs in one basket - but I'd rather put them in *my* basket which I can keep physically secure and encrypted, than in someone else's. Especially if I have no come back if that someone else discloses my information.

Why do OSS projects have such poor names? (0)

Anonymous Coward | more than 11 years ago | (#4297594)

Can't RTA since it's slashdotted, but if this is anything other than the "Plan 9 from Bell Labs" operating system, I suggest that they change their name.

Bad ideas... (0)

Anonymous Coward | more than 11 years ago | (#4297602)

I hate to sound like a troll, but bad ideas are still bad ideas whether or not they are open sourced. The whole "universal login" idea is just a poor idea, given the current state of technology. The whole "putting all your eggs in one basket" thing... and whether or not it's open sourced won't help much.

Good thing your not biased. (2, Insightful)

Kenja (541830) | more than 11 years ago | (#4297608)

"I hate Passport's integration with XP (although that might be because I hate XP)."
Good to see people forming opinions based on facts and information rather then knee jerk reactionism.

Oh wait.....

Why try and recreate a bad idea (5, Insightful)

atrowe (209484) | more than 11 years ago | (#4297610)

It seems to me that Microsoft's Passport authentication is a bad idea in the first place, and the free software community should look toward more intelligent alternatives rather than try and emulate Passport's functionality.

Not only does Passport go against the KISS philosophy embraced by many Unix and Linux developers, but the potential for security breaches is only magnified when a single universal authentication system is developed. It seems to me we'd be better off leaving authentication procedures up to the individual site owner rather than having a universal authentication protocol built-into Apache. This would also be a more practical solution as a single authentication system cannot be tailored to fit all sites. I sure don't want to trust all of my on-line bank transactions to something like Passport, so the need exists for highly encrypted ultra-secure authentication on some sites, while other less secure sites like Slashdot which transmit passwords across the 'net in plain text could probably get by with using a much more basic authentication system.

Re:Why try and recreate a bad idea (0)

Anonymous Coward | more than 11 years ago | (#4297663)

card-carrying mensa-member?

sounds like "igorant fuckhead with no life" to me.

Re:Why try and recreate a bad idea (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4297709)

Then what would you call an anonymous douchebag that replies to an "ignorant fuckhead with no life"? I call you stupidcunt! hehehehehehehehehehehhenigger!

Re:Why try and recreate a bad idea (3, Insightful)

ceejayoz (567949) | more than 11 years ago | (#4297725)

I'll agree with the security criticism, but how does Passport violate KISS? It does simplify things on the user side of things.

And if you think Unix/Linux devs "embrace" KISS, just try browsing Sourceforge a little... most of the programs are anything but user friendly.

Re:Why try and recreate a bad idea (1)

oval_pants (602266) | more than 11 years ago | (#4297749)

I agree, it may be a bad idea. If however, Microsoft and their ton$ of money are behind it they can spin anything negative into positive. They are long time running company with the tech "know-how". Big business will listen to all the fluff that is put out by Microsoft.

If however, there is a more secure or cheaper alternative to the Microsoft solution, then it could be chalked up as another victory for Open Source.

Until Linux/Open Source can start shooting their own widely publicized technological salvos at Business, they will always have to live on the coat-tails of Microsoft's way of doing business. Red Hat/IBM better start flexing their marketing muscles in order to start dimming the light on M$.

Catchy Quote (2, Interesting)

QEDog (610238) | more than 11 years ago | (#4297611)

"Money and social skills define the in-crowd, and only nerds kvetch about the importance of better technology."

Someone should come up with a catchy quote against that.

Re:Catchy Quote (0)

Anonymous Coward | more than 11 years ago | (#4297752)

Bill Gates: geek, and the richest man in the world--richer than the entire "in crowd" put together!

brilliant (0)

sirius_bbr (562544) | more than 11 years ago | (#4297612)

Passport brilliantly combines the kludgey and unstable nature of NIS+ with the insecurity of the trusted hosts concept to produce a nine-step process with obvious opportunities (...) for security and other abuses

I just love sarcasm :)

haha (0)

mojowantshappy (605815) | more than 11 years ago | (#4297616)

When I went to read more to read the comments, there was an add for Microsoft Visual Studio .NET right below the story. Is slashdot trying to tell us something? ;)

Liberty?? Passport??? Plan 9???? (2, Troll)

ziadleb (188867) | more than 11 years ago | (#4297617)

Having 3 plans instead of one defeats the whole purpose of SINGLE sign on.
What we should have, as with any other Internet succesfull strategy is a single standard and competing implementations. That way we are insured to have compatibility and the added benefit of market competition.

Re:Liberty?? Passport??? Plan 9???? (2)

poot_rootbeer (188613) | more than 11 years ago | (#4297711)


But what do we do when a fundamental flaw is found in the one single standard? Then EVERYONE is fucked.

I have an idea... (2)

Lethyos (408045) | more than 11 years ago | (#4297625)

Will we ever get a good single sign-on solution?

How about username and password over SSL?

Re:I have an idea... (0, Troll)

MisterBlister (539957) | more than 11 years ago | (#4297788)

Some of us log in to more than one website, and have trouble keeping track of unique passwords on each. You stupid fuckhead!

The Actual Genius of Microsoft is evident on /. (-1)

Whistler's Mother (539004) | more than 11 years ago | (#4297629)

Thanks to OSDN's self serve ad system I see a lot of Microsoft Visual Studio.NET, and other Microsoft ad's on Slashdot. I don't mind these ads. I like them. It is just so pleasing to the eye to see you linux hippies talking about how the latest mozilla release is out, with an advert of the sweet Visual Studio.NET IDE glimmering right above a story one of the janitors posted. ON another note...Hahahaha...I can't beleive the janitors won't publish the stats of browsers that request Slashdot pages.......typical zealots.

Lol (2)

autopr0n (534291) | more than 11 years ago | (#4297633)

As a group, the so-called "mainstream press" often appears to favor Microsoft and show an appalling lack of technical depth in its enthusiastic repetition of the latest Microsoft press release. There's been a lot of speculation on why this is and whether it even happens. So far, no definitive research provides answers one way or the other.

Hrm, is this guy trying to be funny, or is actualy that dry?

I don't get it. (0)

Anonymous Coward | more than 11 years ago | (#4297636)

Most of the time in the article they talk about a one way function, but then they bring in prime number multiplication and factoring of large numbers.
What this seems is like a secure hash function implementation using hardware?

PS. The MSNBC author does not have an understanding of the matter at hand.

so basically... (0)

Anonymous Coward | more than 11 years ago | (#4297637)

When Microsoft comes up with the idea it's the worst idea ever and an obvious attempt to know everything about you - basically a tool of the devil. But when it's an open source copy-cat solution then it's all good and everyone supports it? What a bunch of hypocrites.

who is the controller? (3, Insightful)

pretzel_logic (576231) | more than 11 years ago | (#4297643)

An open source sign on would have to store passwords and usernames in a database. Where would this data be stored, who would maintain it and whos going to pay for the upkeep. Single Sign in is really just away to capture all the data a site needs in order to sort and display ads that might interest the user. Sometimes its really cool to have personalized web experiences but where do we draw the line. When passport came out I remember saying, "Ill never use that" But as larger sites incorporated it in I found it to be useful. I think that SUN will have the answer with their new N1 plans.

Solaris 2.9 is the current version? (1)

Hobophile (602318) | more than 11 years ago | (#4297652)

From the article:

Solaris 2.9, the current release, contains many single-identity tools, but they're all add-ons to the basic OS rather than being truly integrated with it. I think that Solaris 3.0 will change all that...

Correct me if I'm wrong, but isn't Solaris on version 9 or something? Someone who knows more about Solaris than I do want to tackle this?

Re:Solaris 2.9 is the current version? (3, Informative)

Loligo (12021) | more than 11 years ago | (#4297682)

>Correct me if I'm wrong, but isn't Solaris on
>version 9 or something?

"Solaris 7", "Solaris 8", and "Solaris 9" are actually 2.7, 2.8, and 2.9 respectively.

To add confusion, internally it's SunOS 5.x.

-l

Re:Solaris 2.9 is the current version? (1)

Rude Turnip (49495) | more than 11 years ago | (#4297768)

SunOS is the kernel; Solaris is the distribution. Similar to any Linux distro, but there're just one company involved.

Question.... (2, Interesting)

DarkWarriorSS (518859) | more than 11 years ago | (#4297654)

I've seen alot about single sign on with Windows. I have liked the stuff that Novell has put in. I do like some parts, and I don't like other parts. I don't like Passport, only because then it give M$ access to all my personal information(which I wouldn't doubt they already...). But, I've seen a lot about the windows front, and MONO and other projects for GNU/Linux And/or Open Source in general. But... Has anything been done to try and combine the two where you have a single sign on for both *nix and Windows, where you can have the same favorites, address book, etc?? This is what I would like to see happen, as I use GNU/Linux (gentoo/slack) at my house, in my room, but Windows at my church/family computer/ and school. I would like to have it where I could get the same stuff on all of these machines, but I haven't seen anything about combining the two of them yet. Does anyone know if there is such a project going on??

My plan... (5, Funny)

T3kno (51315) | more than 11 years ago | (#4297665)

Plan 10: Blank Passwords.

Why Plan 10? Heres why...

1) No one cares about me
2) Steal my credit cards they're maxed out anyways
3) I probably wouldn't mind if you changed my investments you probably would make more money that I do in the stock market
4) All of my email is mailing lists and spam, I have no friends
5) You could probably accumulate more karma on /. that I can
6) Sneak preview of my bank account $0.02 (which I'm giving away here right now)
7) My social security number has been reused more times than the sayings "going forward" and "at the end of the day" combined
8) All passwords are hackable by the NSA anyways
9) At some point all information will be decrypted
10) You can have my body, but you cant take my mind

Which one? (1)

I_am_Rambi (536614) | more than 11 years ago | (#4297666)

There are now two people working against passport. Liberty Alliance [slashdot.org] and now Plan9. I am more than welcome for any compition. But it will still be diffucult to have all three work together. I know of people that use passport, but the question would be are they will to trust an open source project, and stuggle finding websites that use this sign on process?

Its a great idea, but all these will struggle until websites start to incorporate them for users to sign on.

It's about time this got noticed (0)

Anonymous Coward | more than 11 years ago | (#4297668)

This general method was discussed way back in 1997 by Tony Jenkins and David Perell.

Basically they concluded that if it was implemented combining with current authentication techniques, that one could efficiently disguise the firsts methods in a criss-cross pattern. But as long as it's open source and secure who cares right?

Plan 9 (1)

estoll (443779) | more than 11 years ago | (#4297669)

I haven't heard about Plan 9 since taking distributed computing classes in college. I'm surprised this operating system hasn't caught on faster. Its sweet.

Re:Plan 9 (1)

estoll (443779) | more than 11 years ago | (#4297868)

BTW, Plan 9 [bell-labs.com] is brought to you by the same Bell Labs research group that bought you Unix (according to a Plan 9 developer I talked to).

single sign on (2)

Apreche (239272) | more than 11 years ago | (#4297672)

is a great idea. It means you have one name and one password and you don't have to bother remembering different log-ons for every different website and computer you use. However, it does provide one big problem. Someone who is trying to crack you now only has to figure out one name and password to have everything.
currently I have seperate password for online banking and my credit card and my computer and a random ftp server. If I have a single log-on someone who cracks the ftp server now has access to my bank account and credit card. Joy!

Its a crap Idea (2)

night_flyer (453866) | more than 11 years ago | (#4297675)

no matter who does it, I didnt like passport because I dont want one group/entity holding my data, not because it was Microsoft. That still hasnt changed

Great, more duplication of project names.. (0, Flamebait)

nurb432 (527695) | more than 11 years ago | (#4297677)

Ever hear of Plan9 OS? the idea sounds good though, on the surface anyway..

Re:Great, more duplication of project names.. (1)

Loligo (12021) | more than 11 years ago | (#4297701)

>Ever hear of Plan9 OS?

Ever hear of reading the article?

What's wrong with... (0)

Anonymous Coward | more than 11 years ago | (#4297678)

ldap and krb. Seriously it works great it's standard's based, supported by almost everything and anything else you need(addresses, bookmarks, ...) can be stored in ldap.

At the risk of being modded redundant. . . (4, Insightful)

kfg (145172) | more than 11 years ago | (#4297681)

I too will question the very advisability of single sign on. There are good reasons I keep multiple banking, credit card and merchant accounts. I specifically * don't want* one single authority to be tracking my every move. I * don't want* all my finacial and personal assets and records piled up in one location. I keep a *diversified* portfolio.

What good is having your system backed up on removable media if your house burns down and * you don't have a copy off site?*

When Egghead was hacked I knew for a fact that I had to be concerned about *one* of my credit card accounts. I could watch that *one* like a hawk and the risk didn't steamroll through my whole life. The argument is, of course, that there is less risk with a well protected central account, but that account is an all or nothing sort of deal. You're either safe, or you lose everything.

I'll take the slightly greater overall risk at sustaining *some* sort of loss against the lower risk of complete and total devestation.

Do you have sort of financial insurance? Say on your car? Exact same deal. You "lose" your insurance payment against the protection from greater potential loss.

Obviously others disagree but I think that single access is just plain dumb, and all to save you a rather miniscule risk to save a few minutes of typing a year.

KFG

Re:At the risk of being modded redundant. . . (2, Interesting)

Entrope (68843) | more than 11 years ago | (#4297750)

"Single sign-on" does not mean you have to trust some third party with all your records, or that you cannot have a fallback.

To solve the first, keep your authentication cookies on your machine (or other secure hardware local to your person). Just pick a single sign-on solution that allows you to use that. You only need to worry about making it secure from interlopers.

To solve the second, your bank/insurance company/email provider/etc can reissue you an authentication cookie once you prove to them through some other trusted mechanism (say, showing up in person, or answering hard-to-research personal questions over the phone).

("Authentication cookie" could be a password, asymmetric key pair, or whatever.)

Re:At the risk of being modded redundant. . . (0)

inteller (599544) | more than 11 years ago | (#4297774)

at the risk of being modded obvious, three entities track your every financial move already....it's called having a credit rating.

single sign-on (3, Funny)

af_robot (553885) | more than 11 years ago | (#4297683)

Will we ever get a good single sign-on solution?

Yeap. This is really easy.
all you need is just enter "linux single" during lilo startup.

Partent is damn funny... (1)

DraKKon (7117) | more than 11 years ago | (#4297808)

So far this is the best smart-assed reply to the question! If I had mod points I'm mod it funny!

Answer... (0)

Anonymous Coward | more than 11 years ago | (#4297734)

"Will we ever get a good single sign-on solution?"

"In a word, 'No'"

Love,
Bill Gates

Why? (2, Redundant)

sdjunky (586961) | more than 11 years ago | (#4297741)

Why do we need a single signon? This is so unsecure as to not be funny.

E.g. a wife figures out the password to a husbands email account. Now she can

Read his bank account information
Read all of his other emails
Peruse his wishlist on enterbookstore.com here
etc.

Sure... most people use the same password for everything so it's a moot point but it still bothers me

Unfortunately not (2)

WildBeast (189336) | more than 11 years ago | (#4297744)

I don't think that we'll ever get a single sign-on solution. Corporations always want to have there own registration forms.

There's no doubt that Passport failed for that and so did Sun.

Sorry but it just won't work. I wish it would but it just wouldn't.

Passgo (1)

kaoshin (110328) | more than 11 years ago | (#4297746)

I'm in a large company that uses the passgo single sign on product for synchronizing novell, domain and mainframe passwords. It goes down constantly, and often will not synchronize domain passwords, and so on. It really sucks, but I'm sure that it handles the brunt of the synchronizations. If linux could replace the mainframe apps (yeah right), then maybe we could use a better product but I'm guessing there are not a lot of options for people still stuck with apps running on S390. Anybody else have any experience with passgo?

What a fucking useless article (0)

Anonymous Coward | more than 11 years ago | (#4297759)

He outlines the contraption that is Password authentication, with it's browser redirections and whatnot. Great. Yes, it sucks.

But then waffles over to an introduction to XML and encryption, talks about Microsoft putting insecure extensions into XML, starts on about how great Plan 9 is, waffles a bit about how great Plan 9 is, and never gives the Plan 9 equivalent to Microsoft's authentication procedure, which was the whole problem he started out with.

What is it? How does it work? Will it work in a browser-independant fashion (like Passport actually does), or will it require browser or even OS extensions? Yes, we know XML is great. We know authentication is great. We know Microsoft does insecure stuff. We know the Password authentication procedure is a kludge.

But in order to actually find out if the way Plan 9 is actually better, I have go read the Liberty Alliance specifications. That article completely wasted my time.

Re:What a fucking useless article (2)

Chris Pimlott (16212) | more than 11 years ago | (#4297853)



But in order to actually find out if the way Plan 9 is actually better, I have go read the Liberty Alliance specifications. That article completely wasted my time.


I have to agree with you here. The extended history of markup languages and primer on public key incryption are completely superfluous and add nothing useful to the article. I keep hearing good things about Plan 9 but he doesn't go into enough detail to understand what is really so great about its model.

This is a biased opinion... (0, Flamebait)

j_kenpo (571930) | more than 11 years ago | (#4297762)

The concept of a single sign-on, no matter who makes it, is a bad one. All it would take to steal your identity and all complent sites is to get your info off one. This is more of a security issue than a "who makes it" issue. Do we trust Microsoft... a billion+ dollar company, or do we trust a bunch of free software enthusiests and company who are contributing to a project that they arent making any money off of it? Not to ruffle any feathers here, but I dont think Im going to trust the disgruntled developers who arent getting paid. This article is just a blantent attempt to say "I dont like it because its Microsoft".

Re:This is a biased opinion... (1)

j_kenpo (571930) | more than 11 years ago | (#4297785)

Let me correct that last sentence... Its the post, not the article... doh

Slashdot biast (0)

Anonymous Coward | more than 11 years ago | (#4297784)

"I hate Passport's integration with XP (although that might be because I hate XP)".

Simple minds "hate". Why not work on something better as opposed to "hate".

Lucky underwear (3, Funny)

2Bits (167227) | more than 11 years ago | (#4297794)

Kludges like NIS+ and FNS could be made to work for as long as the sysadmins wore their lucky underwear,...

Good journalist will provide resource links to where one can buy lucky underwear.

Please reply if you know of any, please...

Whats wrong with XP? (-1, Offtopic)

LordYUK (552359) | more than 11 years ago | (#4297797)

Really, whats wrong with it? It's a heckuva lot better than the previous releases of windows. Go on, mod me down for being Off Topic.

Oh yeah (2, Insightful)

The Bungi (221687) | more than 11 years ago | (#4297803)

I'm really looking forward to this type of technology [bell-labs.com]

<snicker/>

And why, oh why must every "open source/free software columnist" being their articles with a potshot to Microsoft as a way to justify Linux's existence? Must they always do that? How about letting the technology stand by itself?

If ya don't like it, don't use it (2, Interesting)

caudron (466327) | more than 11 years ago | (#4297824)

It's not like apache and plan9 are looking to make it mandatory. They just want the option available for those instances when it is a useful addition. Like ChiliASP and Tomcat, if you don't need what it provides, just don't add it to your server install. But definately do not gripe that they should do it at all. Such griping is shortsighted and pointless.

Nonrepudiation and psuedonymic technologies will /have/ to emerge if we want to see real commerce online, while I don't approve of MS having control of that technology, I recognize that MS is in some sense right...for some transactions to occur, nonrepudiation is a must.

The more people who are willing to act as trust servers in that sense, the better. Right now we have MS Hailstorm, XNS and OneName, Sun and the Liberty Alliance, and I see no reason not to add another to the mix, so long as we are moving toward standardization where players can compete on implementation of the standard.

Single Sign On (SSO) worked within a limited realm (4, Informative)

plcurechax (247883) | more than 11 years ago | (#4297839)

Single Sign On (SSO) works within a limited realm under the same control, such as within the scope of a government agency, a corporation, or a school. These bodies already exist deal with issues of various policies including privacy policies within the scope of the "realm" (i.e. the laws of the nations a multinational corporation is functioning within).

Universial SSO, such as this plan and Passport, breaks that and cannot be consistant since different companies want different privacy policies, are governed by different government legistation, yet are suppose to "control" and use the same information (the online identity credientials).

So the goal of only needing one online identity, whether a username/password, or a PIN and smartcard, within a given controlled realm such as your university does make sense. This is possible through sensible use of existing services like directory services and secure network authentication. The use of directory services such as X.400, RADIUS, and more recently LDAP (and LDAP perversions like Active Directory) can help towards this. As well as secure network authentication like Kerberos [mit.edu].

Universial SSO does not make sense, because of the shift of power and control is not carefully thought out in the contexts of legal issues (privacy, evidence, children online protection), contractual issues, limited and total revocation, ownership, and other issues.

Universial identities for an unlimited number of purposes does not make sense, it is a nightmare of management logistics, a total lack of correctness, legal quandary, and telemarketing hell.

Some facts about Passport (0)

Anonymous Coward | more than 11 years ago | (#4297847)

  • Passport stores minimal infromation about users, and the tiny subset of information can be further culled if the user desires. Passport does not contain a superset of all information any Passport enabled site contains. This shit about social security numbers and how many ass dildos you purchased per month is just FUD(ge packing)
  • Passport enabled sites do not see your password. Instead you authenticate directly with Microsoft, and Microsoft passes your passport ID back to the calling site.


Morons.

Open Souce Single Sign on? (1)

civik (244978) | more than 11 years ago | (#4297852)

I hate Passport's integration with XP (although that might be because I hate XP). An Open Source single-sign on would be a real blessing.

Great, trade one set of inflated egos and flawed ethos for another. Was that sarcastic, nawwwww....

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...