'Open MS Passport': MyUID Goes Beta

mastergoon writes "MyUID, which has been refered to as an "open MS Passport", has opened their doors to public beta testing. MyUID is a user database system, with the purpose of allowing virtually anyone to refer to its records using only HTTP or HTTPS. Many companies have unified login systems, like Yahoo! and Microsoft, but unlike MyUID, these databases cannot be put to use by any site. As of now there is an alpha release PHP4 connectivity API, which while not feature rich is in full working order. APIs should be available in your favourite language soon. You can view this example of a site remotely connecting to MyUID using the alpha API, and give a go at spoofing a login. They want the security of the login methods tested extensively before going production."

They need a better email server

[Anonymous Coward]

It has no reverse DNS, which will mean some people won't allow it to send them mail.

Are we sure this is for real?

[LostCluster]

They have the most useless FAQ in recorded history... [myuid.com]

The API is also decidedly undocumented. [myuid.com]

Please come back when there's actually something to show us...

Usefulness?

[wwahammy]

Kudos to whoever made this, I know you must have put your heart into this. I don't mean this comment as an insult to you or your idea. But really is there a need for this? I like the idea of simplifying the web for people but Passport exists (and failed) and I believe there's a competing group with Sun in it called the Liberty Alliance that has a non-centralized model which I think sounds much safer. A centralized database has too many problems related to it to be useful.

Re:Totally backwards

[kiddygrinder]

I'd just like to have one fake email/password so i could remember it for the thousand different sites that want my details

TheirID or an Identity Commons?

[Broadcatch]

I'm concerned that it is just another centralized database of information. At least with Passport you don't have to worry about their database being bought by Microsoft.

At Identity Commons we intend to give people full control over their personal profile information, including not only who has access to which parts under what circumstances, but also where which parts of it are stored. If you don't trust any of the "banks" you can store it under your virtual mattress (if that's where you keep your server, though it might get kinda hot under there).

The free and open source code base is built upon two new OASIS XML standards, Extensible Resource Identifiers (XRI) which add (among other things) persistence and cross references to URIs, and the XRI Data Interchange (XDI) spec which enables a "dataweb", much like URIs enable a "document web". The coolest part of XDI is the concept of Link Contracts, that enable fine-grained access control over profile data while simultaneously recording the details that both parties agree to (and electronically sign) before any data exchange takes place.

While we're still a month (or more) from announcing, we [identitycommons.org] have enjoyed [digitalidworld.com] some good initial [betanews.com] exposure [blueoxen.net].

BTW: we're looking for people to play with the (pre-alpha) software (it's on SourceForge and there are even some CPAN modules) and help us [idcommons.net] bring it to the next level.

Google?

[p0]

I have just signed up, and my welcome message reads:

"MyUID is giving out three Gmail invitations to it's users. Three MyUID users will be chosen at random on Monday, June 21st at 10:00 PM PDT (GMT minus seven) to receive the invites. Good luck."

Why wouldnt google come up with its own 'passport' service?

Re:Good SPAM

[Anonymous Coward]

Public email = PUBLIC EMAIL. It's optional. They don't put your private email in.

What about Jabber Tickets?

[ironfroggy]

Why not use Jabber Tickets? I already have an account with a Jabber server, and this way the site can automatically tell me if my friends are also using the site, or even notify me that they are using it, so I can spark up a conversation about some topic on the page I know they are at.

Re:I think that some people are missing the point

[photon317]

Yeah, but their concept and framework appears to basically suck. They made a simple user database, tagged in some email address verification and a (currently gimped) "Read this image test", and release an API for any other website to authenticate against this database. Welcome to Web Programming 101. If the problem was this easy to fix, it would've been fixed a long time ago.

There is a (more than one probably) right way to do this, and this isn't even close to being it.

As a matter of fact, I came up with one while typing this, but I deleted my description of it. Why feed slashdot my design work when I should just jot this down somewhere and go implement it myself :)

Re:Google?

[NemesisEnforcer]

I'm just making an assumption here, but I don't think Google is in anyway related to these guys. They seem very unprofessional, and very not serious. I've heard from friends that once getting a Gmail account, you'll get 3 invites within a few days. Chances are one of them got an account, and is going to give his invites away to the "lucky" few who sign up. However, if Google ever started a service like this, I'd sign up instantly. They're one of the first companies I feel I can trust.

These guys should really tell us who they are

[joeykiller]

It's not that I distrust them or anything, it's just that I couldn't find any information on who these people are and why they're making MyUID.

Since this is Slashdot I can only assume that these guys are on the "good" side, but a few answers to "why?" and "who?" in their FAQ wouldn't hurt.

Re:The "My" prefix

[Tony-A]

I can't even begin to understand what "MySQL" is supposed to mean.

Derived from and/or to be consistent with muSQL. Also the name of a daughter of one of the developers was "My".
At least it's not "My SQL" with the embedded blank. /etc/my.cnf is the configuration, so MySQL AB has at least some legitimate claim to the prefix "my".

"My Computer" belongs to whoever stuck the "My" label on "Computer". It wasn't me who did that.
MySQL belongs to MySQL AB. They happen to be nice enough to allow me to use their SQL.

Re:Are we sure this is for real?

[nacturation]

Were they the first mover? (scratches head) That's not quite how I remember it happening.

Well not exactly. I was mostly referring to the "ship first, deal with bugs later" approach Microsoft routinely took. But which other OS company on the PC struck deals with manufacturers to bundle their graphical OS with new systems? The only other one that comes to mind is IBM's OS/2 and I don't know the timeline enough to know if this was explicitly bundled with IBM systems before Windows was.

Fails to implement basic requirement

[Rob Kaper]

I don't leave a copy of my creditcard at the mall so stores can ask the mall for access to it. No, I keep it with me, and will show it to selected stores when *they* ask *me*.

The first project I'll seriously look into trying to tackle this problem will be a project that has code to download for me to run: either a web service I can run or an XMPP services (presence subscribtion could probably be extended to data ACLs).. whatever.

Any project that requires me to store information on a remote server will be ignored. Obviously most users will actually use the passportd of their company or ISP, but the freedom to run your own - just like httpd/sshd/smtpd/jabberd - that's really a REQUIREMENT.

Instead of pushing my data to centralized databases, I want an interface where third parties can pull it directly from me.