Passport vs. Plan 9 339
netphilter writes "LinuxWorld is carrying an article about how Apache and Plan 9 are going to defeat Microsoft's Passport. I hate Passport's integration with XP (although that might be because I hate XP). An Open Source single-sign on would be a real blessing. Will we ever get a good single sign-on solution?"
Do we really need a single sign in? (Score:4, Insightful)
correct me if i'm wrong (Score:4, Insightful)
Re:Security (Score:4, Insightful)
Good thing your not biased. (Score:2, Insightful)
Good to see people forming opinions based on facts and information rather then knee jerk reactionism.
Oh wait.....
Why try and recreate a bad idea (Score:5, Insightful)
Not only does Passport go against the KISS philosophy embraced by many Unix and Linux developers, but the potential for security breaches is only magnified when a single universal authentication system is developed. It seems to me we'd be better off leaving authentication procedures up to the individual site owner rather than having a universal authentication protocol built-into Apache. This would also be a more practical solution as a single authentication system cannot be tailored to fit all sites. I sure don't want to trust all of my on-line bank transactions to something like Passport, so the need exists for highly encrypted ultra-secure authentication on some sites, while other less secure sites like Slashdot which transmit passwords across the 'net in plain text could probably get by with using a much more basic authentication system.
who is the controller? (Score:3, Insightful)
At the risk of being modded redundant. . . (Score:4, Insightful)
What good is having your system backed up on removable media if your house burns down and * you don't have a copy off site?*
When Egghead was hacked I knew for a fact that I had to be concerned about *one* of my credit card accounts. I could watch that *one* like a hawk and the risk didn't steamroll through my whole life. The argument is, of course, that there is less risk with a well protected central account, but that account is an all or nothing sort of deal. You're either safe, or you lose everything.
I'll take the slightly greater overall risk at sustaining *some* sort of loss against the lower risk of complete and total devestation.
Do you have sort of financial insurance? Say on your car? Exact same deal. You "lose" your insurance payment against the protection from greater potential loss.
Obviously others disagree but I think that single access is just plain dumb, and all to save you a rather miniscule risk to save a few minutes of typing a year.
KFG
Re:Why try and recreate a bad idea (Score:3, Insightful)
And if you think Unix/Linux devs "embrace" KISS, just try browsing Sourceforge a little... most of the programs are anything but user friendly.
Re:correct me if i'm wrong (Score:4, Insightful)
In a word: No.
For one, this doesn't need to be implemented as a single point, physically. By your faulty assertion, DNS can be considered a "single point of failure" , and while DNS is decidedly vulernable, the internet somehow manages to have worked well for a while now. ;)
If it were me, I'd look at the architecture of DNS and copy the strengths of its distributed design. Then again, DNS is borne of scientists aiming for an open internet, not corporations looking to lock it down.
Oh yeah (Score:2, Insightful)
<snicker/>
And why, oh why must every "open source/free software columnist" being their articles with a potshot to Microsoft as a way to justify Linux's existence? Must they always do that? How about letting the technology stand by itself?
Re:Thank god (Score:5, Insightful)
>key to all of your personal information?
Do you trust ANY company enough to give them the key to all of your personal information?
-l
KISS != Easy to use (Score:1, Insightful)
You sure can make a simple program, but it (more often than not) can be real pain to use. The structure and implementation could be simple though the user interface sucks bigtime. Even in applications like this which are meant to ease the use, some of the easy-to-use functionality must be removed to keep the system secure enough. And I think no one can deny the fact that simple programs/protocols/whatever are always easier to secure than their complex counterparts.
Misunderstanding "single signon" (Score:4, Insightful)
#3 Which redirects it back to its authorized Passport server
Notice that it's not "the" passport server, it's "its authorized...". The passport server may or may not be at Microsoft!
I'm busy setting up an LDAP server to allow a rapidly growing (and I do mean RAPIDLY growing, 4x growth in the last year) ISP to scale. We need to allow for future virtual servers, FTP, email, etc. and do so with a single authentication scheme.
LDAP does all this, and more, in a distributed, secure and encrypted fashion. Why are we bothering with HTTP "web services", when LDAP will do all this and lots more?
(Scratches head)
"Single Signon" doesn't mean there's some Microsoft server someplace the whole world logs in to, it means there's ONE server provided by somebody you trust, that authenticates you as YOU and which manages information on your behalf to determine what you should be granted/denied access to. You sign in once, and have immediate access to all the services you have set up.
There can be any number of authentication servers!
Passport, Plan 9, Kerberos, LDAP, and to a lesser extent, NIS and a few others give that ability!
Re:Which one? (Score:2, Insightful)
Comment removed (Score:3, Insightful)
Re:Security (Score:1, Insightful)
Re: yep 40 accounts, is so simple... (Score:2, Insightful)
Re:correct me if i'm wrong (Score:1, Insightful)
Re:Security (Score:2, Insightful)
Single signon allows you to use hard tokens (either the changing number kind, smartcards, etc.). No one site can afford them for their own use (though Bank of America uses them for medium-sized businesses) but they're quite affordable if everyone shares. Most people don't want 20-30 smartcards anyway.
The cry of single point of failure is really a desire for security through obscurity. Most people I know have a text file with tens to hundreds of passwords (I have 25 or so for work and about 150 for home). They don't change them on a regular basis. (I'm forced to change mine every 60 days -- another reason for the text file) Where's the security?
If I had one password accompanied by a hard token I'd have it memorized and you'd have to mug me to get the token. A single system also allows proper redundancy, security monitoring, etc. You can also have multiple passwords if desired/required -- what's important is that the same security infrastructure is utilized for compatibility (token type, etc.). Just because Microsoft's passport is awful, doesn't mean the SSO concept isn't sound.
My take on single sign-on (Score:2, Insightful)
We've all watched as the threat of micro-payments has sat dormant for quite some time. I've felt this is due to the effort required to send the money. If I run across a website that won't let me get past their front page without going through a full-blown registration page needing credit card info and billing address, I'm not going to give it a second thought when I back up and proceed to a FREE site. Now, let's say Plan9 or Passport is full blown and widely used(say optimistically 50% of people/websites are signed up). When you arrive at Pay4MyData.com or some sort of micro-payment site, your only effort to pay them is going to be a Pop-Up asking if you in fact want to send $0.03 to the site. All of the sudden, it becomes a penny-here penny-there issue and people just accept it because hey "bandwidth isn't free, DON'T COMPLAIN" I think everyone knows where this is going, it becomes nearly impossible to do anything without paying some small amount. And people like me who refuse to pay simply for the principle of it will be left with old abandoned pages to look at.
Don't get me wrong, Plan9 is a great idea, I just see a huge opportunity for abuse.
Linux press is biased and immature (Score:2, Insightful)
Do not complain about the dynamics of what articles a publication is going to write if it happens to get more readers. And do not whine that they are not covering enough about Linux. What has Linux done lately anyway? Has it defined a new communications protocol such as XML-RPC and made it pervasive? Has it provided the home user with an network appliance they do not have to maintain may any more than a toaster? No, there is nto dramatic difference to the general public between Linux, BSD, Solaris or any other OS besides MacOS X and Windows.
The article should just cover that topic described in the headline and cut all the whining. The Slashdot community has grown up a lot over the last several years, but I hate to think that we are going to fall back into the same old and immature debates about how things should be. We all need to recognize how things are and work towards how things should be. Without a good deal of hard work we will not get anywhere.
Personally, I prefer MacOS X and FreeBSD. That is what I use at home and I play Warcraft 3 and Starcraft on my Windows 2000 PC. I do not like Windows, but at least I am not running Windows XP.
Take it or leave it (Score:2, Insightful)
Do I worry about it leaving me open to hack attacks and marketing invasion? No, not really. Information I really care about is not exposed via my passport. It is all safely locked up elsewhere. Dont dismiss it on principle - if you dont like the idea dont use it. Simple as that.
factotum is not necessarily single sign on (Score:4, Insightful)
factotum (plan 9's authentication agent) is not a single sign-on solution, although it can be when used in conjunction with secstore [bell-labs.com]. what it does mean is that applications do not have to be burdened with complex and error-prone authentication code, and that there is one, well-verified, point in the system that holds secrets and understands the protocols.
in the factotum scheme, you can mark certain accounts (e.g. your bank account access) so that they will always require a password to be entered; you can also use the scheme without secstore (which is what i'm doing currently) which just forces you to type in each password the first time it's required. secstore is a means to store all your passwords in one place securely, which you can then use to prime factotum.
this is the essence of the plan 9 approach - choose an abstraction and write it in a simple, modular way so that it's applicable to a wide range of previously unanticipated scenarios. it's a wonderful system, and one that carries forward the true unix tradition, something that UNIX lost long ago.
My worries (Score:2, Insightful)
If someone learns your single source login then they can easily impersonate you everywhere, not just on one site.
It is real easy to trick ordinary users into giving away their passport login names and user IDs. Create a bogus site. Have the bogus site display a realistic Passport login page that says "Your Passport Login has expired, please re-enter it." Most folks will just follow the instruction. The page then just stores the login name and password in a file. It is the oldest computer Trogan Horse known and it will still work amazingly well because users won't realize that it isn't a Microsoft Login Page.
Now if they had a single sign on solution, possibly also a roming profile, built into a flash memory card in an encrypted form then I might be quite enthusiastic about the idea.