'Open MS Passport': MyUID Goes Beta 208
mastergoon writes "MyUID, which has been refered to as an "open MS Passport", has opened their doors to public beta testing. MyUID is a user database system, with the purpose of allowing virtually anyone to refer to its records using only HTTP or HTTPS. Many companies have unified login systems, like Yahoo! and Microsoft, but unlike MyUID, these databases cannot be put to use by any site. As of now there is an alpha release PHP4 connectivity API, which while not feature rich is in full working order. APIs should be available in your favourite language soon. You can view this example of a site remotely connecting to MyUID using the alpha API, and give a go at spoofing a login. They want the security of the login methods tested extensively before going production."
Flying solo? (Score:5, Informative)
Seems like a one-person project. Very easy to declare standards without all those annoying other people!
That's called a demo site (Score:2, Informative)
get a free gmail account by signing this (Score:5, Informative)
MyUID is giving out three Gmail invitations to it's users. Three MyUID users will be chosen at random on Monday, June 21st at 10:00 PM PDT (GMT minus seven) to receive the invites. Good luck.
Whatever happened to Liberty Alliance (Score:5, Informative)
It's true (Score:2, Informative)
It's true - individuals have reported receiving up to 6 invitations (Source:
www.wired.com/news/infostructure/ 0,1377,63786,00.html?tw=wn_12culthead
).
At least one of people I invited did not open a Gmail account (the invitation was either forwarded or declined).
I have two unused invitations (I won't use them 'cause I don't know a deserving individual to give it to) and I've invited 4 people so far.
If we assume there's about 1m active accounts (say 3-4 racks of mail servers), there's probably been at least 10m invitations given away.)
I haven't read the API but... (Score:4, Informative)
Isn't that about the only sane way to do this?
Holly cow! (Score:1, Informative)
Carefull! (Score:2, Informative)
DO not go to the remote site!!!! (Score:2, Informative)
Nice ID/email collect0r (Score:3, Informative)
http://www.myuid.com/api/usercard.php?uid=12
h
http:
http://ww
http://www.my
http://www.myuid.
http://www.myuid.com/
etc
Laurence Lessig may not love this inititative (Score:2, Informative)
I begin reading the book three days ago, and am up to page 78. It's a thought provoking book. I value my freedom highly. I will examine these issues.
Re:Different from MS Passport? (Score:5, Informative)
Lets add to this the fact that the "story" for this reads like a press release, and one that lies at that.
"Many companies have unified login systems, like Yahoo! and Microsoft, but unlike MyUID, these databases cannot be put to use by any site"
So you can't use Passport on your own site? What utter bollocks. Oh look, there's [microsoft.com] the passport SDK.
But I can't run it on Linux you cry? Really? Step back a version, version 2.1 [microsoft.com] has code for Apache/CGI in it (Or did last time I looked). Admittedly the documentation for it is sparse to say the least.
Finally lets look at the story submitted. mastergoon. OK, lets look at who owns myuid.com,
Registrar: DOTSTER
Domain Name: MYUID.COM
Created on: 28-APR-04
Expires on: 29-APR-05
Last Updated on: 28-APR-04
Administrative Technical Contact:
O'Shea Kevin kevin@mastergoon.com
Oh look, it's another shill story. Someone sumbitting a story about his service without admitting it.
When did slashdot become a press release site?
mindlocked.com - better looking GUI? (Score:3, Informative)
Anyone interested in joining this project (that will be released under GPL soon...) - let us know!
That's my 2 cents worth of marketing =)
Re:Similar but different (Score:4, Informative)
Good idea, maybe not done right (Score:3, Informative)
Re:Wow. (Score:3, Informative)
CheckFree gives you the option.
A lot of sites have optional Passport logins.
It's far from a flop, but it's just as far from the raging success Microsoft hoped for.
Re:They need a better email server (Score:3, Informative)
That isnt the problem, as you state MX records solve that. The problem is that in this case while "smtp.company.com" resolves to an IP address, there is no reverse DNS lookup for that IP address.
Certain firewalls, e.g. Symantec, have their default behaviour to block mail from hosts who either have no reverse DNS lookup or where the reverse DNS doesn't match the A record.
Liberty Alliance : some explanations (Score:2, Informative)
But still, The liberty alliance takes quite a different point of view. Passport and My-Whatever- talk about having a centralized server that would keep your personal data (and spread them around when needed).
The Liberty Project is about federating logins
- You create a local account on some server.
- You create a local account on a "centralized" server
- You federate them.
Now you are able to login in the local server AND the central server, just using your central server login.
And you can have multiple server using this central server. You can actually have multiple central server talking to each other also. And you can even federate our account with many "central server" (it's all related to how the server are bound)
The personal data transfer is not the main goal of this project, but is possible and specified (it's SOAP+XML Security related).
Re:Are we sure this is for real? (Score:4, Informative)