'Open MS Passport': MyUID Goes Beta 208
mastergoon writes "MyUID, which has been refered to as an "open MS Passport", has opened their doors to public beta testing. MyUID is a user database system, with the purpose of allowing virtually anyone to refer to its records using only HTTP or HTTPS. Many companies have unified login systems, like Yahoo! and Microsoft, but unlike MyUID, these databases cannot be put to use by any site. As of now there is an alpha release PHP4 connectivity API, which while not feature rich is in full working order. APIs should be available in your favourite language soon. You can view this example of a site remotely connecting to MyUID using the alpha API, and give a go at spoofing a login. They want the security of the login methods tested extensively before going production."
They need a better email server (Score:3, Interesting)
Are we sure this is for real? (Score:5, Interesting)
The API is also decidedly undocumented. [myuid.com]
Please come back when there's actually something to show us...
Usefulness? (Score:5, Interesting)
Re:Totally backwards (Score:2, Interesting)
TheirID or an Identity Commons? (Score:5, Interesting)
I'm concerned that it is just another centralized database of information. At least with Passport you don't have to worry about their database being bought by Microsoft.
At Identity Commons we intend to give people full control over their personal profile information, including not only who has access to which parts under what circumstances, but also where which parts of it are stored. If you don't trust any of the "banks" you can store it under your virtual mattress (if that's where you keep your server, though it might get kinda hot under there).
The free and open source code base is built upon two new OASIS XML standards, Extensible Resource Identifiers (XRI) which add (among other things) persistence and cross references to URIs, and the XRI Data Interchange (XDI) spec which enables a "dataweb", much like URIs enable a "document web". The coolest part of XDI is the concept of Link Contracts, that enable fine-grained access control over profile data while simultaneously recording the details that both parties agree to (and electronically sign) before any data exchange takes place.
While we're still a month (or more) from announcing, we [identitycommons.org] have enjoyed [digitalidworld.com] some good initial [betanews.com] exposure [blueoxen.net].
BTW: we're looking for people to play with the (pre-alpha) software (it's on SourceForge and there are even some CPAN modules) and help us [idcommons.net] bring it to the next level.
Google? (Score:4, Interesting)
"MyUID is giving out three Gmail invitations to it's users. Three MyUID users will be chosen at random on Monday, June 21st at 10:00 PM PDT (GMT minus seven) to receive the invites. Good luck."
Why wouldnt google come up with its own 'passport' service?
Re:Good SPAM (Score:1, Interesting)
What about Jabber Tickets? (Score:2, Interesting)
Re:I think that some people are missing the point (Score:4, Interesting)
Yeah, but their concept and framework appears to basically suck. They made a simple user database, tagged in some email address verification and a (currently gimped) "Read this image test", and release an API for any other website to authenticate against this database. Welcome to Web Programming 101. If the problem was this easy to fix, it would've been fixed a long time ago.
There is a (more than one probably) right way to do this, and this isn't even close to being it.
As a matter of fact, I came up with one while typing this, but I deleted my description of it. Why feed slashdot my design work when I should just jot this down somewhere and go implement it myself
Re:Google? (Score:2, Interesting)
These guys should really tell us who they are (Score:3, Interesting)
Since this is Slashdot I can only assume that these guys are on the "good" side, but a few answers to "why?" and "who?" in their FAQ wouldn't hurt.
Re:The "My" prefix (Score:3, Interesting)
Derived from and/or to be consistent with muSQL. Also the name of a daughter of one of the developers was "My".
At least it's not "My SQL" with the embedded blank.
"My Computer" belongs to whoever stuck the "My" label on "Computer". It wasn't me who did that.
MySQL belongs to MySQL AB. They happen to be nice enough to allow me to use their SQL.
Re:Are we sure this is for real? (Score:2, Interesting)
Well not exactly. I was mostly referring to the "ship first, deal with bugs later" approach Microsoft routinely took. But which other OS company on the PC struck deals with manufacturers to bundle their graphical OS with new systems? The only other one that comes to mind is IBM's OS/2 and I don't know the timeline enough to know if this was explicitly bundled with IBM systems before Windows was.
Fails to implement basic requirement (Score:3, Interesting)
The first project I'll seriously look into trying to tackle this problem will be a project that has code to download for me to run: either a web service I can run or an XMPP services (presence subscribtion could probably be extended to data ACLs).. whatever.
Any project that requires me to store information on a remote server will be ignored. Obviously most users will actually use the passportd of their company or ISP, but the freedom to run your own - just like httpd/sshd/smtpd/jabberd - that's really a REQUIREMENT.
Instead of pushing my data to centralized databases, I want an interface where third parties can pull it directly from me.