wininsider.com— Microsoft this week revealed that it will finally kill off its once-reviled Passport system, which is uses for universal Web logon. And we all breathe a sigh of relief.
Mar 11, 2006View in Crawl 4
Here what I think is wrong with passport:The reliance on Microsoft-specific identification stores such as Passport or Windows domains for authentication and authorisation purposes means that .Net applications may require end-users to subscribe to Microsoft's Passport service. As an example of why this might be a bad thing, Microsoft had to temporarily shut down part of its Passport service during November 2001 due to a security issue. Current copyright restrictions prevent non-Microsoft vendors from providing alternatives, forcing .NET application developers to rely upon a single vendor for back-end services. Concern at this stance in the wider developer and Internet communities has resulted in projects like DotGNU and Project Liberty. DotGNU is an FSF (Free Software Foundation) initiative to provide an open-source implementation of the .Net framework, and a non-vendor controlled Passport alternative (Virtual Identities), which is intended to use encryption wherever possible to protect user details. Project Liberty is an alliance whose members include Sun, AOL, Vodafone, American Express, HP and RSA, to name but a few, with the stated aim of creating a federated single-sign-on scheme allowing authentication and authorisation from any type of network connected device.Reference: www.cgisecurity.com/lib/J2EEandDotNetsecurityByGerMulcahy.pdf
They technically COULD BE killing passport when Vista launches. They are creating a new system called InfoCard based on web services (w3c standard) so that other non-MS systems can easily work with it. Pretty sweet technology, and is done it the 'correct' way. ie, though standards. A video was just on Channel9 about it.
Passport authentication is an *option* for .NET solutuons, you can also leverage a variety of other security providers. In practice, Passport is rarely if ever used (for a wide variety of reasons). More importantly, in contrast to your FUD, Passport is an option for .NET apps, not forced, required or any other misinformed b.s. you're trying to spew.You've also misrepresented what DotGNU is really doing and it's a project of minimal if any consequence. If you want oss or platform-independent .NET, go Mono.
What I don't like is how Passport isn't really a one-account-fits-all service. I need Passport to SIGN UP for MSN, I need Passport to SIGN UP for XBox Live, etc. Why can't I just use my Passport account as my MSN or XBox Live account?At least with Google my GMail alone gets me into several services.
hchaudh1Mar 12, 2006
Here what I think is wrong with passport:The reliance on Microsoft-specific identification stores such as Passport or Windows domains for authentication and authorisation purposes means that .Net applications may require end-users to subscribe to Microsoft's Passport service. As an example of why this might be a bad thing, Microsoft had to temporarily shut down part of its Passport service during November 2001 due to a security issue. Current copyright restrictions prevent non-Microsoft vendors from providing alternatives, forcing .NET application developers to rely upon a single vendor for back-end services. Concern at this stance in the wider developer and Internet communities has resulted in projects like DotGNU and Project Liberty. DotGNU is an FSF (Free Software Foundation) initiative to provide an open-source implementation of the .Net framework, and a non-vendor controlled Passport alternative (Virtual Identities), which is intended to use encryption wherever possible to protect user details. Project Liberty is an alliance whose members include Sun, AOL, Vodafone, American Express, HP and RSA, to name but a few, with the stated aim of creating a federated single-sign-on scheme allowing authentication and authorisation from any type of network connected device.Reference: www.cgisecurity.com/lib/J2EEandDotNetsecurityByGerMulcahy.pdf
seanabernethieMar 12, 2006
not goodLONG LIVE LIVE ID
furtwan1Mar 12, 2006
They technically COULD BE killing passport when Vista launches. They are creating a new system called InfoCard based on web services (w3c standard) so that other non-MS systems can easily work with it. Pretty sweet technology, and is done it the 'correct' way. ie, though standards. A video was just on Channel9 about it.
orsoihaveheardMar 12, 2006
Passport authentication is an *option* for .NET solutuons, you can also leverage a variety of other security providers. In practice, Passport is rarely if ever used (for a wide variety of reasons). More importantly, in contrast to your FUD, Passport is an option for .NET apps, not forced, required or any other misinformed b.s. you're trying to spew.You've also misrepresented what DotGNU is really doing and it's a project of minimal if any consequence. If you want oss or platform-independent .NET, go Mono.
wdotMar 13, 2006
What I don't like is how Passport isn't really a one-account-fits-all service. I need Passport to SIGN UP for MSN, I need Passport to SIGN UP for XBox Live, etc. Why can't I just use my Passport account as my MSN or XBox Live account?At least with Google my GMail alone gets me into several services.