Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Passport to Nowhere

michael posted more than 10 years ago | from the where-did-you-want-to-go-yesterday dept.

Microsoft 361

prostoalex writes "CNET News.com.com talks about less than glamorous acceptance of Microsoft's single sign-on technology, .NET Passport. Being launched as a single sign-on service for online businesses and competing heavily with open Liberty Alliance project, which so far has produced just a large amount of PDF files, .NET Passport is considered a failure (although not by Microsoft). Turns out, high licensing fees, lack of simple implementation, security leaks and server downtime, were not acceptable to most of potential clients out there."

cancel ×

361 comments

Favorite quote from TFA (5, Insightful)

Liselle (684663) | more than 10 years ago | (#8648719)

"Microsoft was kind of pushing Passport for a problem that didn't exist..."

I think that more or less hits the nail on the head. This is aside from the downtime issue, which is embarassing, and privacy issues, which are disturbing. On the privacy/downtime note, the Liberty Alliance may be vapor currently, but the idea of a "federated" system sounds much better to me. It's not a problem I have with Microsoft, rather it's a problem I have with giving all of my personal information to a single organization to put into a central respository.

No sir, that's bad sauce.

My god! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8648755)

I've decidely stepped on my balls.

Who stepped on my balls?

The dirty French did!

AHHHHHHHHHHHHH

Jesus Christ, there were like only three posts! (0, Funny)

Anonymous Coward | more than 10 years ago | (#8648819)

Re:Favorite quote from TFA (4, Interesting)

michael path (94586) | more than 10 years ago | (#8648796)

I had that quote cited and ready to post as well.

It's still not an issue that exists today. However, I'm an avid user of Paypal because it's more convenient to pay with my username and password submitted only to Paypal's server, and let them return the "Success/Fail" of the payment to the vendor. It made eBay easier. It's easy to subscribe to Slashdot/OSDN using it. It's easier to subscribe to some porn sites using it.

Granted, that's just the payment piece, and not the cetnralized repository of all my useful details - but significant just the same.

Now, if Microsoft bought eBay (and thereby, Paypal), they'd have an existing solution they could extend to suit their needs.

That said, the moment Microsoft buys eBay is the moment I evaluate auction alternatives.

Re:Favorite quote from TFA (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8648955)

Why are you subscribing to porn sites when there is plenty of free porn on the web?

Re:Favorite quote from TFA (1)

simonfairfax (747042) | more than 10 years ago | (#8648809)

...rather it's a problem I have with giving all of my personal information to a single organization to put into a central respository...
Exactly! I admit that I use passport for my hotmail account, but I would never use anything even remotely like it period.

Re:Favorite quote from TFA (4, Insightful)

PacoTaco (577292) | more than 10 years ago | (#8648931)

Microsoft wants to push the distributed web services model. Web services are much easier to manage with a centralized authentication system (rather than dealing with many separate passwords/certificates per application). Whether something like Passport is right for end users is another question.

Re:Favorite quote from TFA (2, Insightful)

js3 (319268) | more than 10 years ago | (#8648954)

That's debatable. I don't know anyone who fancies remembering a bunch of passwords for every site he signs up for. I even have a password manager on my usb flash drive because I can't keep up with password. I could use one password for everything but that's insecure too.

So far I've used the Passport on two sites, mcafees online antivirus subscription site and radioshack.ca whenever I order something

Re:Favorite quote from TFA (4, Interesting)

Otter (3800) | more than 10 years ago | (#8648970)

"Microsoft was kind of pushing Passport for a problem that didn't exist..."

I wouldn't say the problem doesn't exist -- every time a link takes me to an article at the LA Times, Chicago Sun, Telegraph or any other paper that requires me to remember some crazy new userid or to go through a lengthy registration process, there's a problem, usually solved by my deciding it's not worth it. Or bidding on eBay from the library, or...

As you say, a central repository seems like a bad solution but I'd really love to have a good one. (And, no, my having to carry everything around on a memory stick is not a good answer. For one thing, you can't just mount them anywhere.)

frist (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8648726)

toast!

Put jelly on your shoulder (-1)

Genghis Troll (158585) | more than 10 years ago | (#8648727)

Re:Put jelly on your shoulder (-1, Offtopic)

Donald Trump (764369) | more than 10 years ago | (#8648742)

You're FIRED!!!!!!!!

Mac Equivelant: (-1, Offtopic)

stratjakt (596332) | more than 10 years ago | (#8648730)

AssPort.

Single LOG-on.

hee hee

fifth post

Personally.. (5, Insightful)

Caedar (635764) | more than 10 years ago | (#8648731)

I never saw a need for .NET Passport in any way. Privacy issues aside, all Passport would achieve for the company using it is something they could already do with simpler, more secure, and less liable technologies already available to them.

Re:Personally.. (2, Interesting)

Anonymous Coward | more than 10 years ago | (#8648957)

Yes, and wallet services like Passport will eventually become moot if business merger mania continues. I mean, just imagine if Microsoft buys or is bought by a major credit-card issuer like MBNA. Then your credit card will be automatically connected with a PIN that allows you to shop on MS sites, no Passport needed.

Sound far-fetched? Media companies are buying up content companies and vice versa... US consumer spending is 2/3 GDP and is floated on credit cards. It's only a matter of time before the credit card companies start acquiring retail interests. Wal-mart + Fleet/BOA?

Hmmm (5, Funny)

Anonymous Crowhead (577505) | more than 10 years ago | (#8648733)

Turns out, high licensing fees, lack of simple implementation, security leaks and server downtime

Yet they still buy windows...

Re:Hmmm (1, Interesting)

Anonymous Coward | more than 10 years ago | (#8648827)

And Linux is free, and people still buy Windows. Hmmm...

Generic description (3, Funny)

nother_nix_hacker (596961) | more than 10 years ago | (#8648740)

Turns out, high licensing fees, lack of simple implementation, security leaks and server downtime
Sounds like a generic description of MS products.

Re:Generic description (-1, Troll)

bonch (38532) | more than 10 years ago | (#8648865)

Instead of buying into groupthink, how about explaining and citing examples?

I could easily come up with Linux examples supporting the same statement. In fact, Slashdot posted the study showing Linux was the most-breached OS on the net.

Re:Generic description (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#8648882)

Bonch: You're such a cunt.

Re:Generic description (0)

Anonymous Coward | more than 10 years ago | (#8649012)

Don't forget that 90% of all statistics are made up on the spot to prove a point.

Re:Generic description (0)

Anonymous Coward | more than 10 years ago | (#8648893)

I was going to make a comment asking why flamebait like this would be modded "Insightful" but I stopped and realized where I was.

Re:Generic description (0)

Anonymous Coward | more than 10 years ago | (#8648993)

agreed. Maybe it should be modded as 'funny', but not 'insightful'

"Competing Heavily"? (4, Insightful)

American AC in Paris (230456) | more than 10 years ago | (#8648743)

[.NET Passport is] competing heavily with open Liberty Alliance project, which so far has produced just large amount of PDF files

...by this logic, one could say that Halo is competing heavily with Duke Nukem Forever, or that Coca-Cola is competing heavily with Cola Turka [colaturka.com.tr] ...

I mean, doesn't "competing heavily" imply that there's, well, an active competition in the first place?

Re:"Competing Heavily"? (1, Insightful)

Anonymous Coward | more than 10 years ago | (#8648781)

Liberty Alliance did its intended job -- FUD Passport and put everyone in a Wait-n-See mode until they all forgot about the idea.

Not a Microsoft failure ? (1, Redundant)

ThomasFlip (669988) | more than 10 years ago | (#8648747)

Turns out, high licensing fees, lack of simple implementation, security leaks and server downtime... Could have fooled me

Microsoft and the FBI (-1, Interesting)

Anonymous Coward | more than 10 years ago | (#8648750)


Microsoft's Passport system was quietly co-designed with the FBI and NSA. In this system the cryptographic systems used to secure passwords were secure against almost any attack, save for brute force. However the NSA built in backdoors to this system.

The reason for this was to enable snooping of purchases and communications made over "secure" channels. Your neighbour couldn't tell what you were buying, but the government could watch. For example "Mr. Jones has been researching places to buy fertilizer with few credentials needed..."

This is a terrible system and I'm glad it's dying. It will mean I'm out of a job but it's for the good of the people.

Re:Microsoft and the FBI (3, Interesting)

ioErr (691174) | more than 10 years ago | (#8648816)

Interesting claim. Care to, you know, back it up with something?

Re:Microsoft and the FBI (4, Funny)

Anonymous Coward | more than 10 years ago | (#8648832)

Interesting claim. Care to, you know, back it up with something?

Back it up? You must be new here.

Re:Microsoft and the FBI (0)

Anonymous Coward | more than 10 years ago | (#8648858)

Of course.
I've put the source (well, what part of the source I have access to) on FreeNet early March with any identifying markers removed. Search it for FD_NSA_K and FD_FBI_K. If you're a programmer you'll see what I mean.

Re:Microsoft and the FBI (0)

Anonymous Coward | more than 10 years ago | (#8648820)

cites?

oh I forgot, you're full of shit.

Re:Microsoft and the FBI (1)

baudilus (665036) | more than 10 years ago | (#8648894)

I see .net passports...

they're everywhere...

they don't even know that no one's using them...

Problem that doesn't exist big time... (3, Insightful)

192939495969798999 (58312) | more than 10 years ago | (#8648752)

It is widely pulicized now how to manage passwords for a website -- it's as simple as using other Microsoft tools, and so in a way, passport puts itself out of business by competing poorly with other Microsoft products. Why would anyone not just use an NT auth login, ASP, or one of the myriad of other ways to do a sign-on. The only place I see passports now is places where Microsoft already had a majorly vested business interest. Passport should go right up there with Microsoft BOB , IMHO.

Re:Problem that doesn't exist big time... (4, Informative)

jfengel (409917) | more than 10 years ago | (#8648888)

The problem isn't managing passwords for a web site. The problem is managing passwords for ALL web sites.

How many accounts do you have, between eBay and paypal and Amazon and slashdot and ...? Do you use a different password for each one? Aren't you the least bit worried that the Slashdot editors will use your Slashdot password against your Amazon account?

The idea of Single Sign-On is to put all of your eggs in one basket, then make sure it's a really good basket. Nobody trusts Microsoft to make that really good basket, but it doesn't mean that they're not trying to solve a real problem. It's a tricky one, because the trust factor is scary, and the stakes are very high.

Only used in hotmail (5, Informative)

sapped (208174) | more than 10 years ago | (#8648753)

I actually created a passport login to see how many places they would use it and if it would be beneficial. Thus far I have only seen it used with Hotmail and on the MSN site. Have any others seen it used on other non-Microsoft sites?

Re:Only used in hotmail (2, Informative)

tim_uk (123339) | more than 10 years ago | (#8648813)

I've used Passport to sign into Ebay. It seems to work fine there.

Tim

eBay! (1)

parawing742 (646604) | more than 10 years ago | (#8648826)

Ebay has some form of Passport.NET implemented on their website, but I've never used it. I don't really see why I should considering that I'm already registered with eBay and my current username and password work just fine.

Re:Only used in hotmail (2, Informative)

Anonymous Coward | more than 10 years ago | (#8648830)

Match.com
Expedia.com (hasn't been a Microsoft product since 1999)
Ebay.com
Paypal.com

There are a few others, but those are the ones that immediately come to mind.

Re:Only used in hotmail (0)

Anonymous Coward | more than 10 years ago | (#8648928)

Expedia.com (hasn't been a Microsoft product since 1999)

I highly doubt that. Like Michael Corleone once said, "I try to get out but they keep pulling me back in!". You never leave the Microsoft family as evidenced by the fact you use Passport to login and images are provided by Corbis. ;-) It may not be Microsoft, but they're part of the Microsoft extended family.

Re:Only used in hotmail (1)

Mr. Sketch (111112) | more than 10 years ago | (#8648841)

I've seen it on one or two, but it was over a year ago, and I can't recall where they were.

Re:Only used in hotmail (0)

Anonymous Coward | more than 10 years ago | (#8648847)

MCP Secure Site :-P

Re:Only used in hotmail (2, Insightful)

Anml4ixoye (264762) | more than 10 years ago | (#8648848)

Ebay has it where you can use it for sign-in (though I don't), and I have seen it on other sites for registration. I had to get a Passport for work, and I tried it at some of those places. One site I signed-in with Passport, and it still wanted me to fill out all of the registration information - not verify what was there, but actually fill it all in again.

I guess it made me feel good to know they didn't just pass over my information, but made me immediately wonder what it was useful for.

Re:Only used in hotmail (1)

for_usenet (550217) | more than 10 years ago | (#8648857)

EBay has it as an option through which you can log on. But I've never used that option, nor any of MS's sites or services, so it's the only "other" instance I've come across ...

Re:Only used in hotmail (1)

CraigoFL (201165) | more than 10 years ago | (#8648884)

I've seen it available on Citibank's credit card member site... it's not required though. I just created my own login and used that instead.

eBay (1)

brucmack (572780) | more than 10 years ago | (#8648910)

I don't know if they still do or not, but eBay used it at one point.

Re:eBay (2, Informative)

ptr2void (590259) | more than 10 years ago | (#8649007)

They do. One more reason to avoid eBay.

Re:Only used in hotmail (1)

jhoude (610589) | more than 10 years ago | (#8648988)

RadioShack.ca also uses Passport logins (but you can also use a normal radioshack account, as with any other website I have seen)

However it seems radioshack.com doesn't use passport...

Re:Only used in hotmail (1)

damballah (691477) | more than 10 years ago | (#8648997)

CITI Bank uses it for it's credit cards(CITI cards, http://www.citicards.com). I wouldn't use that for banking.

No thanks (4, Insightful)

Orien (720204) | more than 10 years ago | (#8648757)

I like the concept of passport, but I'm not going to get in bed with Microsoft to put it on my web servers. Besides, it has always seemed to me that doing a scheme like that would introduce so many more points of failure to your web system, that it wouldn't be worth the trouble. That's not to mention security. Somehow I just feel safer when I have to log in to each site separatly.

Re:No thanks (5, Insightful)

AnotherBlackHat (265897) | more than 10 years ago | (#8649013)


I like the concept of passport ...


The entire concept is flawed from the get-go.

If I wanted my passwords stored on a computer, then I might as well do away with them completely.

But assuming I did want to to store my passwords on a computer, I'd want them on my computer.

And if for some reason, I wanted to store them with a third party, I wouldn't want the storage to be a single sourced service.

And if was willing to accept a single sourced service, I still wouldn't want that source to be Microsoft.

And assuming you get past all of the above, you still need to convince the vendor that it's good for them too - and you'll need to convince a lot of them to make it worth while.

-- this is not a .sig

Re:No thanks (0)

Anonymous Coward | more than 10 years ago | (#8649016)

I like the concept of passport... Somehow I just feel safer when I have to log in to each site separatly.

I liken it to having one key for your house and your wall safe and your car and your mailbox and your wife's car and...

Yeah, it's convenient. But you lose that one point of security and it's all over.

Reasons for more MS products? (1)

fembots (753724) | more than 10 years ago | (#8648758)

Is it the reason why we're seeing more and more MS-related "Everybody-Should-Use-It" web services?

Since nobody's really using the passport, MS is really trying to force people to use it by introducting IM, webmail and maybe in the future and passport-based search engine...

hmmm Yes (0)

Anonymous Coward | more than 10 years ago | (#8648761)

Either that, OR it is yet another bash Microsoft story in sla$hdot's endless Ahab-like obsession with Microsoft, that borders on the tedious.

sweets catalogue uses it. (2, Interesting)

Brigadier (12956) | more than 10 years ago | (#8648763)



I am an Architect and I was pretty happy to see Sweets (the product catalogue) uses msn passport as their logon service. I have to admit it was convenient as there are drawbacks to having to remember every online service logon that you subscribe to. It's pitty this couldn't have been implimented better and or be more successful. It would be interesting to see if yahoo or aol takes a stab at this as everyone I know has a yahoo login. It would be nice to use it for everything none critical.

Hotmail Link... (1)

neiffer (698776) | more than 10 years ago | (#8648770)

I can, of course, only speak for myself but I am fairly web-savvy and I was initially confused about the Passport system. It appeared to me that I needed an MSN account or Hotmail account to make it work, though I don't think that was/is the case. I always use my Hotmail account for junk; I'd never use it for e-commerce transactions. Perhaps that is the issue with a company with soooo many services.

60DD4MM1T!!! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8648772)

They said What happens in Vegas stays in Vegas" [direwolf.com] !!!!

Nice! (1)

nycsubway (79012) | more than 10 years ago | (#8648776)

Hotmail was such a pain in the butt when i used it. It was nice before Microsoft bought it, but then it turned downhill. Everything was tied directly into the MSN homepage. Worst was passport system, which magically never worked.

I was pretty happy about that, I didn't feel comfortable with their implementation. I think a common login would be useful, but maybe if it was done by RSA, not by Microsoft.

Failure. (2, Insightful)

rhpenguin (655576) | more than 10 years ago | (#8648777)

An interesting concept coupled with all the bad parts that were exposed and its a wonder why no one wanted to use it. I use it myself with messenger service, but thats about it. I would not trust the security of my website/webapp to Microsoft.

Just PDF files? (5, Informative)

finkployd (12902) | more than 10 years ago | (#8648778)

Liberty Alliance project, which so far has produced just large amount of PDF files

Which is all they intended to produce. Technically Liberty Alliance is a spec, not an implementation.

Now if you are asserting that there are no implementations, the SourceID [sourceid.org] people would probably disagree with that.

Finkployd

Re:Just PDF files? (2, Funny)

El (94934) | more than 10 years ago | (#8648917)

You were expecting maybe .DOC files instead?

Re:Just PDF files? (1)

modder (722270) | more than 10 years ago | (#8648938)

After all, it is security we're talking about.

2 Things (4, Funny)

panthro (552708) | more than 10 years ago | (#8648787)

1. I have yet to meet someone who actually has (let alone uses) a .NET Passport.

2. If you are thinking about replying to this message with "I Do!", then I probably won't meet you, so see 1.

Re:2 Things (0)

Anonymous Coward | more than 10 years ago | (#8648839)

Um, anyone with a Hotmail account?

("I do!"

Re:2 Things (3, Funny)

lpangelrob2 (721920) | more than 10 years ago | (#8648875)

1.) If you're saying that you've never met anyone that's used/uses a Hotmail account, I would find that hard to believe.

2.) If you really haven't... hi, I'm Rob! Nice to meet you. :-)

Concept Good, at first. (5, Insightful)

jolyonr (560227) | more than 10 years ago | (#8648788)

At first, the concept of a global authentication system seems great. We all have too many passwords to remember, the idea behind Passport seems great.

But in reality, there isn't anyone who is secure enough, trustworthy enough, powerful enough and smart enough to pull off a system that would work and would be trusted.

You need to have the strength and power to be able to build such a system, and with those, trust invariably goes out of the window.

So for now I'll keep all my passwords in my brain, and pay the price of my mistrust.

Jolyon

Re:Concept Good, at first. (0)

Anonymous Coward | more than 10 years ago | (#8648913)

Honestly, who really cares and is this news? I know enough to post this anon cause some linux zealot will mod me down simply because this article game him a chance to bash MS.

Re:Concept Good, at first. (1)

schon (31600) | more than 10 years ago | (#8648916)

there isn't anyone who is secure enough, trustworthy enough, powerful enough and smart enough to pull off a system that would work

What about Network Solutions? :o) /me ducks

Re:Concept Good, at first. (1)

ytztech (764704) | more than 10 years ago | (#8649002)

But in reality, there isn't anyone who is secure enough, trustworthy enough, powerful enough and smart enough to pull off a system that would work and would be trusted.

And isn't that the point? Who can you trust enough to have a "global" authentication scheme, anyway? I think the Passport idea really only become useful when used in the context of large organizations/corporations where thousands of individuals all have common goals/values/purposes. It's those groups of people who can trust each other enough to have a corporate signon or an organization-wide authentication system.

Funny thing... (0)

Anonymous Coward | more than 10 years ago | (#8648789)

I just called Microsoft to get my MCP number and the told me to sign up for a .NET Passport, I declined.

The Trolls have won (-1)

Muda69 (718162) | more than 10 years ago | (#8648797)

The Trolls have scored somewhat of a victory at Kuro5hin [kuro5hin.org] . Rusty Foster over the weekend suspended the creation of new accounts. The bad side is that he apparently banned several well known k5 trolls. These martyrs sacrifices have not gone unnoticed!

Perhaps entering passwords and form fields... (3, Insightful)

Anonymous Coward | more than 10 years ago | (#8648801)

...isn't such a chore that we would need a freakishly-complex infrastructure to save us a couple of keystrokes.

Which one is Microsoft? (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8648804)

...in this picture? [hottylips.com]

How can they sell it to IT? (0)

wedding (618458) | more than 10 years ago | (#8648818)

When it doesn't even work on their own partners' sites? Ever try to update any information you have actually given to MS for whatever reason?

Please Login using your .net passport: blah blah blah. Change pages again, move to something else inside MS' own site:

Please Login using your .net passport: blah blah blah.
The stupid thing doesn't even work on your site, why would I pay you to use it on mine?

What's .NET again? (2)

Eberlin (570874) | more than 10 years ago | (#8648821)

Was this .NET My Services?

I know there was a .NET The Platform, C# -- .NET's Revenge, and VB.NET -- a new SOAP. A while ago, the company put forth this .NET strategy and then backed away as people started going "eh?" as to what it all meant.

From general consensus, the .NET platform seems to be doing ok into adoption (if those "Senior .NET Programmer" ads are an indication) while the whole "My Services" single sign-on deathtrap was greeted with uberskepticism. If I remember correctly, this was one of the grand awakenings BillyGoat had -- when nobody would adopt it because of security concerns, he realized he had to coin "Trustworthy Computing."

I don't think the idea is going to die away -- when they've come up with their "Best Windows Ever!!!" in 2007 or so, look for that same "My Services" pitch.

I'd Hate to See.... (0, Troll)

ThomasFlip (669988) | more than 10 years ago | (#8648833)

What Microsoft does considers a failure.

.NET is dying (1, Funny)

Anonymous Coward | more than 10 years ago | (#8648842)

It is official; Netcraft confirms: .NET is dying

One more crippling bombshell hit the already beleaguered .NET community when IDC confirmed that .NET market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that .NET has lost more market share, this news serves to reinforce what we've known all along. .NET is collapsing in complete disarray, as fittingly exemplified by failing dead last [samag.com] in the recent Sys Admin comprehensive networking test.

You don't need to be a Kreskin [amdest.com] to predict .NET's future. The hand writing is on the wall: .NET faces a bleak future. In fact there won't be any future at all for .NET because .NET is dying. Things are looking very bad for .NET. As many of us are already aware, .NET continues to lose market share. Red ink flows like a river of blood.

Microsoft .NET is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time Microsoft developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: .NET is dying.

Let's keep to the facts and look at the numbers.

.NET leader Bill states that there are 7000 users of .NET. How many users of .NET are there? Let's see. The number of .NET versus .NET posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 .NET users. .NET/OS posts on Usenet are about half of the volume of .NET posts. Therefore there are about 700 users of .NET/OS. A recent article put .NET at about 80 percent of the .NET market. Therefore there are (7000+1400+700)*4 = 36400 .NET users. This is consistent with the number of .NET Usenet posts.

Due to the troubles of Walnut Creek, abysmal sales and so on, .NET went out of business and was taken over by .NETI who sell another troubled OS. Now .NETI is also dead, its corpse turned over to yet another charnel house.

All major surveys show that .NET has steadily declined in market share. .NET is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. .NET continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, .NET is dead.

Fact: .NET is dying

Apples to Oranges (1)

finkployd (12902) | more than 10 years ago | (#8648846)

Liberty does not compete with Passport, it competes with WS-Federation. Liberty scores points on an open developement process (as opposed to MS and IBM doing ws-fed in a darkend backroom somewhere) and also on having actual software implementations of their specs available. However WS-fed scores big because managers these days see Web Services is the silver bullet, holy grail for everything. Time will tell.

Personally I like SAML (the technology Liberty is built off of), but supposedly WS-Fed is going to interop with Liberty, so maybe the two are not so different. (I really need to read up on WS-fed more)

Finkployd

surprising it is (2, Funny)

spectasaurus (415658) | more than 10 years ago | (#8648850)

"Turns out, high licensing fees, lack of simple implementation, security leaks and server downtime, were not acceptable to most of potential clients out there."

It's strange that this didn't appeal to most users who already use Windows. I would think people would tend to use things they are already familiar with.

This is not just a passport issue (2, Insightful)

Anonymous Coward | more than 10 years ago | (#8648852)

I have yet to ever see a Liberty Federated login screen so I'm not sure that it is even implemented. The Microsoft acceptance outside their own network is shifting, but I think this is an inevitable result of companies not wanting to rely on SLAs for business critical components of their solutions. This really is the single biggest problem of any web service in that you lose control and true accountability. Smart businesses will continue to internalize business critical components.

the best functional single signon (1)

C0vardeAn0nim0 (232451) | more than 10 years ago | (#8648853)

can be found in your nearest pr0n site.

i remember loggin on i a porn site back in 1999 from where i could jump to several others without loggin on again.

maybe sir bill could buy a pr0n site or two to learn how it's done.

can u imagine MSN with an adults only warning ???

Virus What???? (0)

Anonymous Coward | more than 10 years ago | (#8648854)

Let's just say that single sign-on is going to be a Virus writers most effective tool for global infestation. No VPN, ssh, or any such tool will be effective once a single signon is comprimised. The same can be said for biometrics too.

Recent Hotmail Problems (1)

drgonzo59 (747139) | more than 10 years ago | (#8648855)

From what I understood the recent hotmail problems where caused by the Passport .NET log-in failure not Hotmail per-se.

.Net FAILS IT!!!! (0, Troll)

Anonymous Coward | more than 10 years ago | (#8648861)

Ahh... what a relief to know that the Passport system has failed and is unlikely to make it as the world leader in single sign-on. To be honest, if anyone has the ability to nail this issue once and for all, it's Apple. Just watch... within the next two years, Apple will have a single sign-on system that works with *nix. This will cause a massive revolution in computing the likes of which we've never seen. Combine that with true centralized management of workstations as provided by OS X Server and you can say bye bye Micro$haft. The future's gonna be great without that dicktater Micr$oft!!!

Re:.Net FAILS IT!!!! (0, Troll)

Anonymous Coward | more than 10 years ago | (#8649020)

TROLL!!!? WTF???!!! You fucking jizzgobbling moderator. What the fuck was up with that stupid fucking fucked moderation!!? This was NOT a troll. Why don't you pull your head out of your Micro$haft infested asshole and read what I'm saying you cumwad? Jesus Cheezeburgers! Here are some irrefutable facts:

1. Micro$oft has an unfair monopoly and is destroying the field of computing.
2. Passport was a disaster waiting to happen. Well. it's finally reached the critical point and no one can seriously claim that .Net/Passport is usable to anyone with half a brain.
3. Apple has the intelligence, the resources and the drive to completely decimate Micro$hit with their own single sign on. They're already killing M$ on the server and portable music player fronts.
4. It's only a matter of time before M$ is bombed into irrellevance.

Get a fucking clue you shiteating moderators. Don't waste your points by modding things you don't agree with even though they might be true. Instead moderate up posts you agree with. And I seriously advise you to reconsider your flawed position that the above was a troll. Instead you should moderate that post as well as this one, up high enough for people to make their own minds. Prevent /. from becoming an echo chamber for mindless droids who think that Windows and Microsoft might suck, but are still OK to use. Apple and Linux all the way baby!!!! Fuck off to all you idiots out there using Windows and supporting the beast that is Micro$osft (cock).

Vendors don't want it. (4, Informative)

AnotherBlackHat (265897) | more than 10 years ago | (#8648872)

From the article

"I can't imagine a Web site today being willing to pay $10,000 a year and go through the whole process necessary to implement Passport."


Hello? It's not very easy to imagine a site that's willing let a third party handle customer information for free.

Most companies aren't even willing to tell you how many customers they have, much less let you collect personal information about them.

-- this is not a .sig

Re:Vendors don't want it. (1)

prostoalex (308614) | more than 10 years ago | (#8648942)

Hello? It's not very easy to imagine a site that's willing let a third party handle customer information for free.

Depends on the definition of the customer. For example, if I am running a site with a bunch of forums and discussion boards, I implement registration, so that no user can steal other's identity and misrepresent him.

Registration on all small sites and various PHP boards is a pain, I don't want to leave a whole bunch of info at hundreds of different sites. If I see a button that allows me to use my Passport/Yahoo/Slashdot/etc ID and password, I'd go for it.

Looking at it from the Webmaster's point of view, I'd go for it, too, if there was an easy way (a drop-in PHP/Perl/Python/ASP script) to implement it. After all, I don't care about most of the information the users leave anyway, I just want the nicks to be unique.

Not that bad (1)

dnoyeb (547705) | more than 10 years ago | (#8648899)

Passport is probably more secure that ssl. Its an excellent technology for Microsoft to use for all of its various services.

hotmail
MSDN
MSGaming Zone
etc.

For an intra-corporate login system its excellent. But to be used across multiple websites, it just puts all your proverbial security eggs in one basket.

I think the best solution is simply the browsers remembering passwords on websites. If they were to make that pwd list exportable, that would really be great!

p.s. ebay uses it along side standard logins.

Look for the .NET Passport Sign In button (4, Interesting)

GillBates0 (664202) | more than 10 years ago | (#8648903)

From the .NET Passport page linked to in the blurb, people are supposed to look out for the "button" and when they see it on their site, they can login with their .NET account.

What's to prevent me from copying their pretty gif and collecting people's logins/passwords?

My $0.02 (2, Insightful)

pragma_x (644215) | more than 10 years ago | (#8648912)

The original concept behind the design of the internet (DARPAnet) was to spread out the whole mess as to make it impervious (or at least resilient) to a tactical nuclear strike.

Fast forward almost three decades and now we should keep desigining it to avoid tactical commercial strikes.

If everything, like commercial web security, was placed in the hands on one trusted authority, some problems would be solved. (I for one welcome single sign-on to all my messageboards and other non-sensitive websites regardless of their affiliation) But build that authority on single corporate entity and the whole mess comes tumbling down once that solitary company folds, runs out of funds or cuts the project. Not to mention that they then have the power to determine limits of use to suit their own agenda.

MS Passport is one such technology that attempted to carve a market niche contrary to the spirit of the medium it was intended to support. The internet is not monolithic and it's use and enrichment should follow.

</soapbox>

Bad idea from the start (1)

keath_milligan (521186) | more than 10 years ago | (#8648919)

Passport was a lame idea from the very beginning. While it may make sense for Microsoft, with MSN, MSDN, Messenger, etc., no right-thinking company is going to let go of such a critical element of customer account management. Think about it, one the first things a new customer needs to do is create an account - businesses just aren't going to trust that to a third party.

Lets hope today's failure doesn't pay off tomorrow (2, Interesting)

Fluidic Binary (554336) | more than 10 years ago | (#8648939)

.NET Passports like .NET in general are not merely about today. Many of these sorts of projects are part of a larger scheme of Microsoft, so today's 'failure' is also an investment for the future of their corporation.

Microsoft is one of many companies that would like to one day see us subscribing for software monthly rather than merely suffering through outlandish licenses, having little knowledge of what is actually going on inside of our infrastructure and ultimately making them into another 'ma Bell'.

Their goal is seamless computing, controlled entirely by monopolies. I think the advantages of this are clear: Configuration of software could be done automatically based on users preferences, licenses could be validated behind the scenes, displays of resources similar to what you have shown an interest in can be compiled by their networks.

This future will be dominated by web based resources and applications. Just as Windows allows them to dominate the desktop, .NET was their plan for domination of net commerce and secure applications.

The downside to all of this is clear I assume.

I'm glad it is presently considered a failure, I merely hope their long term investment doesn't pay off.

It 's a lot like (1, Insightful)

callipygian-showsyst (631222) | more than 10 years ago | (#8648944)

.MAC accounts! And what was the name of that propritary Mac dial-in service that Apple had going for a while?

boondock saints... (0, Offtopic)

rebekah5 (199772) | more than 10 years ago | (#8648952)

"Where do you think you're going..... NOWHERE!!"

In fact some companies lost my business on this! (1)

cpotoso (606303) | more than 10 years ago | (#8648961)

A couple of years ago I wanted to buy some espresso pods from Starbucks online. Unfortunately the only way to log in was through opening a passport account. I shopped elsewhere and have never been back...

Problems? (0, Troll)

Atzanteol (99067) | more than 10 years ago | (#8648976)

Turns out, high licensing fees, lack of simple implementation, security leaks and server downtime, were not acceptable to most of potential clients out there."

They also had problems with Passport.

Tiddy-boom!

Besides BOB and Clippy..... (0, Offtopic)

i_want_you_to_throw_ (559379) | more than 10 years ago | (#8648977)

.NET Passport is considered a failure (although not by Microsoft).

Just what does Microsoft admit to as a failure?
XENIX? OK I'll buy that....

MS isn't giving up... (4, Interesting)

brucmack (572780) | more than 10 years ago | (#8648991)

I attended an MS tech talk a couple of months ago about the identity system coming in Longhorn. It seems like they are really targetting mass acceptance with that one too.

While I can't remember exactly how everything worked (hey, I was there for the food), it was basically an RSA key system, with the private key stored on ones own computer. The main MS involvement was to have some servers set up to allow one to back up their private key so they aren't screwed over if their computer crashes without a backup... and the presenter seemed confident that there would be non-MS providers of the service as well.

It seemed like a pretty neat idea anyway... There were also systems in place to allow one to deactivate their key if it was compromised. Basically one's computer could notify all of the places it had exchanged its public key with to tell them that it is no longer valid anymore. It seemed like an interesting system that took a lot of the control away from MS, as long as one trusts the OS not to beam the keys back to them :)

The only real downside was that it seemed like they weren't too keen on getting the server-side software operating on non-MS platforms. But who knows... It certainly seems to be a better solution than Passport, since there would be no fees beyond having a supported OS.

No passport (1)

fm6 (162816) | more than 10 years ago | (#8648992)

I think the main problem with Passport is not the idea itself, but who's behind it. I personally don't trust any infrastructre backed by MS. It's not just that I don't trust them to misuse their status as gatekeeper. (This is a problem you have to face no matter who the gatekeeper is.) I don't trust them to make an infrastructure that works. Not when they've shown that they can't build public databases that scale. (Their anti-piracy measures that are such a pain to deal with would work a lot better if they didn't discard all their activation records after 3 months!) Or web applications that are reliable and secure. And absolutely not when they do stupid things like forget to renew the passport.net domain!

On the other hand, exactly how is the Liberty Alliance "competing heavily" with Passport? As you point out, they've produced nothing but specification that nobody seems to have implemented. Or if they have, they haven't been obvious in any product I've used.

And believe it or not, we really do need some kind of universal sign on system. Actually more than one, since you don't want everybody dependent on a single vendor. Right now we have millions of people managing dozens of passwords, using sticky notes and other methods equally insecure. Plus it's much too easy to intercept passwords, or con people into giving them to you.

Not to mention that an identify infrastructure would do a lot to eliminate spam.

I'll say it again: I want a smart card that I can plug into any machine and establish my identity, without sending passwords over insecure media. The technology's there: when will somebody actually use it?

Too expensive (5, Interesting)

truelight (173440) | more than 10 years ago | (#8648998)

Passport has extremely high potential. I tried it out a while back... I went to Slate.com after signing up for a passport, and clicked the "Sign In" button. Now, I had never visited Slate, nor did they have any data on me prior to this. When I clicked "Sign In", that was it. I was registered. No filling out forms. No nothing. From a usability standpoint, Passport has tremendous potential.

With that said, the fees are absolutely horrendous. I checked it out - $1000/year for "small implementations", and $10000 for other. While I'm all for paying for a good solution, I can't see how having a single-sign-in solution on any website would generate $10000/year in profits.

I'm sure it would catch on like wildfire if they just lowered the fees to more manageble levels.

Oh, and buy paypal.

I thought folks already used Passport... sorta. (1)

Lord_Pain (165272) | more than 10 years ago | (#8649006)

Not that I think this is a good idea but I've come to realize that many people use the SAME userid and password for different sites. That's how they remember how to get in.... I have come to this conclusion after observing the user habits of some of my clients.

So bottom line: MS Passport is redundent in terms of making it easier for the user. As for security... that's just a whole different ball game.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...