diff options
Diffstat (limited to 'doc/passport')
-rw-r--r-- | doc/passport | 293 |
1 files changed, 0 insertions, 293 deletions
diff --git a/doc/passport b/doc/passport deleted file mode 100644 index fd402772293..00000000000 --- a/doc/passport +++ /dev/null @@ -1,293 +0,0 @@ -* Updates - - <b>Sep 20, 2001:</b> Microsoft has just announced some changes - to passport that are rather interesting. This document - reflects the Passport system without taking into account the - new changes. - - Read about it <a href="http://www.microsoft.com/presspass/features/2001/sep01/09-20passport.asp">here</a>. - - For an analysis of security problems with passport, check <a - href="http://avirubin.com/passport.html">http://avirubin.com/passport.html</a>. - The bottom line is that you should not put any sensitive - information on passport. - - I have received many comments from people, and I have updated - the page accordingly. From removing incorrect statements, to - fixing typos, to include mentions to other software pieces. - - I also corrected my statement about IIS and a trojan horse, I - should read a more educated press in the future. My apologies - to Microsoft and its employees on this particular topic. IIS - did not have a trojan horse built in. - -* Microsoft Hailstorm and Passport - - Microsoft Passport is a centralized database hosted by - Microsoft that enhances the consumer experience with the Web - by providing a single logon system that they can use across a - number of participant web sites. - - As you might know by now from our extensive <a - href="faq.html">FAQ</a>, the Mono project has nothing to do - with Microsoft Hailstorm or <a - href="http://www.passport.com">Microsoft Passport.</a> - - Still a lot of people have asked us our opinion on them. - -** Passport - - Passport is important not because of it being a breakthrough - technologically speaking, but because the company is in a - position to drive most people toward being suscribers of it. - - At the time of this writing passport is required to use the - free mail service <a href="http://www.hotmail.com">Hotmail</a> - to get customized support for the <a - href="http://www.msn.com">MSN portal</a>, <a - href="http://msdn.microsoft.com">Microsoft Developers - Network</a> and according to the original announcement from - Microsoft <a href="http://www.americanexpress.com">American - Express</a> and <a href="http://www.ebay.com">EBay</a> will be - adopting it. - - There is already a <a - href="http://www.passport.com/Directory/Default.asp?PPDir=C&lc=1033">Large - list</a> of participating sites. - - There are many current users of it and Microsoft will be - driving more users towards Passport as it <a - href="http://news.cnet.com/news/0-1003-200-6343275.html">integrates - it</a> in their upcoming release of Windows. - - Microsoft has also <a - href="http://www.passport.com/Business/JoinPassportNetwork.asp?lc=1033">developed - a toolkit</a> to enable current web merchants to integrate - their services with passport. - - To the end user, there is a clear benefit: they only have to - log into a single network and not remember multiple passwords - across sites on the internet. Companies that adopt passport - will have a competition advantage over those that dont. - Microsoft lists a list of <a - href="http://www.passport.com/Business/Default.asp?lc=1033">benefits</a> - to companies. - - -** The problems of Passport - - There are a number of concerns that different groups have over - Passport. Sometimes I have some, sometimes I do not. But - overall, consumers and businesses can have better solutions. - - <ul> - * <b>Single Point of Failure:</b> As more services and - components depend on remote servers, functionality can - grind to a halt if there is a failure on the - centralized Passport system. - - Such a failure was predicted, and we recently <a - href="http://news.cnet.com/news/0-1005-200-6473003.html">witnessed</a> - got a lot of people worried. - - The outgage lasted for seven days. Think what this - could do to your business. - - * <b>Trust:</b> Not everyone trusts Microsoft to keep - their information confidential. Concerns are not only - at the corporate level policy, but also the fact that - the source code for Microsoft products is not - available, means that trojans or worms could be built - into the products by malicious engineers. - - * <b>Security:</b> With a centralized system like - Passport, imagine the repercussions of a malicious - hacker gaining access to the Passport database. - Personal information and credit card information about - almost everyone using a computer could be stored there. - - Hackers have already <a - href="http://slashdot.org/articles/00/10/27/1147248.shtml">broken - into Microsoft</a> in the past. And the company was - unable to figure out for how long their systems had - been hacked. - - Security holes have been found in <a - href="http://slashdot.org/articles/00/04/14/0619206.shtml">IIS - in the past.</a> If all the world's data is stored on - a central location, when a single security hole is - detected, it would allow an intruder to install a - backdoor within seconds into the corporate network - without people ever noticing. - - Microsoft itself has been recently hit by worms, - imagine if all your business depended on a single - provider for providing all or your authentication - needs - </ul> - - Microsoft might or might not realize this. The idea behind - Passport is indeed a good one (I can start to get rid of my - file that keeps track of the 30 logins and passwords or so - that I use across the various services on the net myself). - -** Alternatives to Microsoft Passport - - An alternative to Microsoft Passport needs to take the above - problems into consideration. Any solution of the form `We - will just have a competing offering' will not work. - - The system thus has to be: - - <ul> - * <b>Distributed:</b> The entire authentication - system should not create an internet `blackout' in the - case of failure. - - A distributed system using different software - platforms and different vendors would be more - resistent to an attack, as holes in a particular - implementation of the server software would not affect - every person at the same time. - - A security hole attack might not even be relevant to - other software vendors software. - - * <b>Allow for multiple registrars:</b> Users should - be able to choose a registrar (their banks, local - phone company, service provider, Swiss bank, or any - other entity they trust. - - * <b>Mandate good security measures:</b> As a - principle, only Open Source software should be used - for servers in the registrar, and they should conform - to a standard set of tools and software that can be - examined by third parties. - </ul> - - An implementation of this protocol could use the DNS or a - DNS-like setup to distribute the information of users with the - possibility of replicating and caching public information - about the user. - - For instant messaging (another piece of the Hailstorm bit), - you want to use a non-centralized system like Sun's <a - href="http://www.jxta.org">JXTA</a>. Some people mailed me to - mention Jabber as a messaging platform and other people - pointed out to the <a - href="http://java.sun.com/products/jms/">Java Message - Service</a>. The JMS does support a number of very - interesting features that are worth researching. - - It could also just use the user e-mail address as the `key' to - choose the registrar (msn.com, hotmail.com -> passport.com; - aol.com -> aol.passport.com; you get the idea). - - The <a - href="http://www.soapware.org/xmlStorageSystem">xmlStorage</a> - idea from <a href="http://www.scripting.com">Dave Winer</a> - could be used to store the information. - - A toolkit for various popular web servers could be provided, - authenticated and should be open sourced (for those of you who - think that a binary program would give more security and would - prevent people from tampering: you are wrong. You can always - use a proxy system that "behaves" like the binary, and passes - information back and forth from the real program, and snoops - in-transit information). - - Good cryptographers need to be involved in this problem to - figure out the details and the possible insecure pieces of a - proposal like this. - -** Implementation: In short - - To keep it short: <b>DNS, JXTA, xmlStorage.</b> - - -** Deploying it - - The implementation of such a system should be a pretty - straightforward task once security cryptographers have - designed such a beast. - - The major problems are: - - <ul> - * <b>People might just not care:</b> In a poll to US - citizens a couple of decades ago, it was found that - most people did not care about the rights they were - given by the Bill of Rights, which lead to a number of - laws to be passed in the US that eliminated most of - the rights people had. - - * <b>The industry will move way too slow:</b> - Microsoft's implementation is out in the open now: it - is being deployed, and soon it will be insinuated to - many, many users. The industry needs to get together - soon if they care about this issue. - - By the time the industry reacts, it might be too - late. - </ul> - -** Passport and Mono - - The .NET class libraries include a Passport class that - applications might use to authenticate with Passport. Since - we do not have information at this point on the exact protocol - of Passport, it is not even feasible to implement it. - - If at some point the information is disclosed, it could be - implemented. - - If a competing system to Passport existed, we could probably - hide all the authentication information to use a number of - different passport-like systems. - - If a user does not want to use Passport at all, he could - always turn it off (or completely remove the class from the - library). After all, this is free software. - - Currently, we are too far from the point where this is a real - issue. - -** Passport and endangering Open Source. - - A few people have said: `Mono will allow Passport to be - available for Linux and that is bad'. This is plain - misinformation. - - Currently, you can obtain Passport for Linux from Microsoft - itself and deploy it today on your Web server. Mono does not - even enter the picture here. Go to passport.com and download - the toolkit and you will see with your own eyes that passport - is <B>already</b> available for Linux. - -** Disclaimer - - This is just a group of personal thoughts of mine that I have - placed here because I get asked this question a lot lately. - The views of this page are not a statement from my employer - (Ximian, Inc). - - This is not part of Mono. We are not trying to deal with this - problem. - - Nat Friedman (Ximian's co-founder) has his own ideas on how a - competing system to Passport could be designed, but I will let - <a href="http://www.nat.org/">him</a> post his own story. - -** Other Passport Comments - - An interesting study on the security of passport is available at: <a - href="http://avirubin.com/passport.html">http://avirubin.com/passport.html</a> - -** Other Alternatives - - Some people have pointed out <a - href="http://www.xns.org">XNS</a> - -Send comments to me: Miguel de Icaza (<a - href="mailto:miguel@ximian.com">miguel@ximian.com</a>) - |