Passport vs. Plan 9 339
netphilter writes "LinuxWorld is carrying an article about how Apache and Plan 9 are going to defeat Microsoft's Passport. I hate Passport's integration with XP (although that might be because I hate XP). An Open Source single-sign on would be a real blessing. Will we ever get a good single sign-on solution?"
Re:Do we really need a single sign in? (Score:1, Informative)
Re:Solaris 2.9 is the current version? (Score:3, Informative)
>version 9 or something?
"Solaris 7", "Solaris 8", and "Solaris 9" are actually 2.7, 2.8, and 2.9 respectively.
To add confusion, internally it's SunOS 5.x.
-l
Single Sign On (SSO) worked within a limited realm (Score:4, Informative)
Universial SSO, such as this plan and Passport, breaks that and cannot be consistant since different companies want different privacy policies, are governed by different government legistation, yet are suppose to "control" and use the same information (the online identity credientials).
So the goal of only needing one online identity, whether a username/password, or a PIN and smartcard, within a given controlled realm such as your university does make sense. This is possible through sensible use of existing services like directory services and secure network authentication. The use of directory services such as X.400, RADIUS, and more recently LDAP (and LDAP perversions like Active Directory) can help towards this. As well as secure network authentication like Kerberos [mit.edu].
Universial SSO does not make sense, because of the shift of power and control is not carefully thought out in the contexts of legal issues (privacy, evidence, children online protection), contractual issues, limited and total revocation, ownership, and other issues.
Universial identities for an unlimited number of purposes does not make sense, it is a nightmare of management logistics, a total lack of correctness, legal quandary, and telemarketing hell.
Re:Security (Score:2, Informative)
Re: yep 40 accounts, is so simple... (Score:5, Informative)
i love keeping track of 40 accounts/passwords.
Who said you had to do that?
We have already solved the problem of single password authentication, it is built right into SSH. Basically, you send you public key to anyone you want to authenticate to. Your private key resides on your computer and is password protected. A local key agent manages your private key. When you authenticate the first time, your key agent asks you for your private key's password. Note that this password is never transmitted over the network, neither is the private key. The key agent makes it unnecessary to enter the password again for any site that has your public key, a real single sign on for any system that has your public key.
Even if your system is compromised, your private key is protected by the passphrase you set for it. If the Internet sites are compromised, all the attacker gets are worthless public keys.
Why hasn't someone implemented this instead of this passport silliness? The technology has been around to do this right, why do people keep trying to do it wrong?
How to disable Passport integration with XP (Score:5, Informative)
Start/Run/RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove
This worked for me. It finally stopped telling me to register my .NET Passport, and doesn't run Messenger all the time.
Here is a site with more info: http://www.kellys-korner-xp.com/xp_messenger.htm [kellys-korner-xp.com]
PS: Am I violating the DMCA by posting this? Well I'm not an American citizen, but if I was?
Structured Markup (Score:2, Informative)
On the editorial (or printing) side, SGML got its start the day after Gutenberg's invention of movable type made it necessary to formalize editorial instructions to typesetters. From this perspective, SGML's tags were instructional in nature, as in "start using 42 lines per page here".
The author of this sentence should not be allowed to write on the subject of structured markup. SGML has NOTHING to do with "start using 42 lines per page here." It is NOT a typesetting language; TeX is. SGML is a language that makes it possible to represent the semantic structure of a document (rather like sentence diagramming, only on a document scale), not the appearance of a document.
The rest of the discussion of SGML is equally illinformed. Imagine if someone posted an article that described Apache as a method of implementing SSL on a web server. That's how bad his understanding of SGML is.
Re:Thank god (Score:2, Informative)
RSA does not uniquely identify individuals. Assuming the maths works out (which I am actually pretty confident about) all it can ever say is that the entity answering the challenge has access to the private key corresponding to the public key the challege was generated with. What's the difference? Well...
This is very much harder that you realise. There are so many ways this can fail. Deliberate ones such as group or role keys shared between multiple individuals (a better solution for auditability might be to make the role a CA and have it sign special <role+individual> keys), and the more subtle fact the it's never *you* who performs the challenge-response calculation. You delegate the authority for that to your client machine, which you assume is trustworthy to not leak your key or passphrase, and also only to engage in transactions that you have authorised.
Accidental ones are the threat here though. You can have your passphrase shoulder-surfed. You can leak a non-critical password or enough information about the way your mind works to allow a good social engineer to reconstruct your passphrase. (Some people are *very* good at this.) Protocol failures may accidentally send out secret data when they shouldn't. Your system may be attacked by trojans over the wire, or by physical monitoring means by a sufficiently committed adversary. The fact is that no one's client machine is absolutely trustworthy in the sense required above, and although it may be statistically unlikely that any one person is ever attacked, or that an exploit is ever developed and deployed for the remaining vulnerabilities that even the most security conscious user inevitably leaves exposed, this still does not make their machine trustworthy.
This is why using a single key for multiple systems, and the whole single sign-on thing are bad ideas. These systems fail badly - a single compromise exposes every function of the key to abuse, and having lost your whole visible 'identity' it can be very hard to convince some people to revoke their trust in that key.
By separating different functions into different keys and different sign-ons, you both limit the scope of any one breach, and also make it easier to convince third parties (who may never have met you in the flesh, and may never do) of the problem by pointing out the different behaviour patterns in your multiple 'identities'.
SSO: The Corruptor of Good Companies (Score:3, Informative)
I once joined a startup that was based on a good idea that incorporated SSO, but the VP of Engineering swore to me the company would never abuse that power. Within months, marketing managers were telling me that end users "wanted" us to abuse SSO "for their own good." For legal reasons, I won't go into more detail, but the company I left was not the company I joined -- all because of the temptation SSO brings.
End Users believe that SSO is a gift from heaven because it allows them to mindlessly go through the "troublesome" task of authenticating themselves. This has several implications:
- Authentication is designed to require you to use your brain. It's like the roughed-up pavement that precedes many toll booths, saying, "you're going to need to wake up now."
- Authentication is designed to require you to use your brain. It helps ensure that you are the only one who has access to certain data. You should not be entrusting this to a conscience-free multinational who has no qualms about "sharing" your access with all its employees, partners and anyone who pays them enough money.
- One of the places most consumers often see authentication forms are on shopping sites. When you are going to buy something, you have to go through the steps of entering your username and password, entering your credit card number, your address, etc. It's a protective speed bump that makes you think before you purchase. With SSO (or One-Click), you have no way of knowing when you've "authorized" a charge to your credit card. You assume that it's only when you click a button, but the fact is you've authorized the company to charge your card whenever it claims you want to buy something.
- Single point of failure. Enough said.
- Memory decay. When you use SSO, you tend to forget your user names and passwords because you don't need them. Then when your SSO provider does something you don't like and you decide to leave, you feel like you can't. You're trapped because you can't remember that data -- you think you need that service to continue accessing your other services. Even if the SSO service provides a method of retrieving your passwords, most users are unaware of it.
- Then, of course, there are the tracking issues. The SSO provider will track all the sites you visit, sell that data and market appropriately. Common sense, yet commonly ignored by the common End User.
A wise wizard would do well to distance himself and everyone he can from this evil.Re:Thank god (Score:4, Informative)
To say that you've never heard of it, and because of that it is therefore worthless, is awfully presumptuous.
You can get Plan 9 from CheapBytes.
It was supposed to be the next evolution of UNIX, even created by the guys who came up with UNIX in the first place. But UNIX was too popular, and Plan 9 never really caught on.
But this article seems a bit outdated, or maybe the author has been living in the stone age. Solaris 2.9? 3.0? Unless I'm gravely mistaken, we're at Solaris 9 right now, and I don't see a lot of shops running Plan 9.
Plan9 not Open Source/Free/Libre/Whatever (Score:3, Informative)
Now, depending on your own philosophy (or lack thereof), you may or may not care personally whether this code is truly free/OSS/whatever, but in practical terms, what it means is that neither Red Hat nor Debian is going to buy into this solution, which pretty much means that it's probably dead in the water. Oh, I suppose it might be accepted by the UnitedLinux folks, but I'm not holding my breath on that.
Re:Thank god (Score:2, Informative)
IIRC, Solaris 8 is actually Solaris 2.8. Solaris 9 is 2.9. Not to be confused with the SunOS version, which would be 5.8 for Solaris 8...
Don't ask. I never really understood Sun's versioning.