web/passport


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231

* Microsoft Hailstorm and Passport

	Microsoft Passport is a centralized database hosted by
	Microsoft that enhances the consumer experience with the Web
	by providing a single logon system that they can use across a
	number of participant web sites.

	As you might know by now from our extensive <a
	href="faq.html">FAQ</a>, the Mono project has nothing to do
	with Microsoft Hailstorm or <a
	href="http://www.passport.com">Microsoft Passport.</a>

	Still a lot of people have asked us our opinion on them.

** Passport

	Passport is important not because of it being breaktrough
	technologically speaking, but because the company is in a
	position to drive most people toward being suscribers of it.

	At the time of this writing passport is required to use the
	free mail service <a href="http://www.hotmail.com">Hotmail</a>
	to get customized support for the <a
	href="http://www.msn.com">MSN portal</a>, <a
	href="http://msdn.microsoft.com">Microsoft Developers
	Network</a> and according to the original announcement from
	Microsoft <a href="http://www.americanexpress.com">American
	Express</a> and <a href="http://www.ebay.com">EBay</a> will be
	adopting it. 

	There is already a <a
	href="http://www.passport.com/Directory/Default.asp?PPDir=C&lc=1033">Large
	list</a> of participating sites.

	There are many current users of it and Microsoft will be
	driving more users towards Passport as it <a
	href="http://news.cnet.com/news/0-1003-200-6343275.html">integrates
	it</a> in their upcoming release of Windows.  

	Microsoft has also <a
	href="http://www.passport.com/Business/JoinPassportNetwork.asp?lc=1033">developed
	a toolkit</a> to enable current web merchants to integrate
	their services with passport.

	To the end user, there is a clear benefit: they only have to
	log into a single network and not remember multiple passwords
	across sites on the internet.  Companies that adopt passport
	will have a competition advantage over those that dont.
	Microsoft lists a list of <a
	href="http://www.passport.com/Business/Default.asp?lc=1033">benefits</a>
	to companies. 


** The problems of Passport

	There are a number of concerns that different groups have over
	Passport.  Sometimes I have some, sometimes I do not.  But
 	overall, consumers and businesses can have better solutions.

	<ul>
		* <b>Single Point of Failure:</b> As more services and
	 	components depend on remote servers, functionality can
	 	grind to a halt if there is a failure on the
	 	centralized Passport system.  

		Such a failure was predicted, and we recently <a
		href="http://news.cnet.com/news/0-1005-200-6473003.html">witnessed</a> 
		got a lot of people worried.  

		The outgage lasted for seven days.  Think what this
	 	could do to your business.

		* <b>Trust:</b> Not everyone trusts Microsoft to keep
	 	their information confidential.  Concerns are not only
	 	at the corporate level policy, but also the fact that
	 	the source code for Microsoft products is not
	 	available, means that trojans or worms could be built
	 	into the products by malicious engineers.  This is not
	 	unheard of, as the <a
	 	href="http://slashdot.org/articles/00/04/14/0619206.shtml">Microsoft
	 	Internet Server</a> had a trojan horse built into that
	 	allowed anyone that knew about this to control any
	 	server running IIS.

		* <b>Security:</b> With a centralized system like
	 	Passport, imagine the repercussions of a malicious
	 	hacker gaining access to the Passport database.
	 	Personal information and credit card information about
	 	almost everyone using a computer could be stored there.

		Hackers have already <a
	 	href="http://slashdot.org/articles/00/10/27/1147248.shtml">broken
	 	into Microsoft</a> in the past.  And the company was
	 	unable to figure out for how long their systems had been hacked. 
	</ul>

	Microsoft might or might not realize this.  The idea behind
	Passport is indeed a good one (I can start to get rid of my
	file that keeps track of the 30 logins and passwords or so
	that I use across the various services on the net myself).

** Alternatives to Microsoft Passport

	An alternative to Microsoft Passport needs to take the above
	problems into consideration.  Any solution of the form `We
	will just have a competing offering' will not work.

	The system thus has to be:

	<ul>
		* <b>Distributed:</b>  The entire authentication
		system should not create an internet `blackout' in the
		case of failure.

		* <b>Allow for multiple registrars:</b> Users should
		be able to choose a registrar (their banks, local
		phone company, service provider, Swiss bank, or any
		other entity they trust.

		* <b>Mandate good security measures:</b> As a
		principle, only Open Source software should be used
		for servers in the registrar, and they should conform
		to a standard set of tools and software that can be
		examined by third parties.
	</ul>

	An implementation of this protocol could use the DNS or a
	DNS-like setup to distribute the information of users with the
	possibility of replicating and caching public information
	about the user.  

	For instant messaging (another pieces of the Hailstorm bit),
	you want to use a non-centralized system like Sun's <a
	href="http://www.jxta.org">JXTA</a>.  Some people mailed me to
	mention Jabber as a messaging platform.  

	It could also just use the user e-mail address as the `key' to
	choose the registrar (msn.com, hotmail.com -> passport.com;
	aol.com -> aol.passport.com; you get the idea).

	The <a
	href="http://www.soapware.org/xmlStorageSystem">xmlStorage</a>
	idea from <a href="http://www.scripting.com">Dave Winer</a>
	could be used to store the information.

	A toolkit for various popular web servers could be provided,
	authenticated and should be open sourced (for those of you who
	think that a binary program would give more security and would
	prevent people from tampering: you are wrong.  You can always
	use a proxy system that "behaves" like the binary, and passes
	information back and forth from the real program, and snoops
	in-transit information).

	Good cryptographers need to be involved in this problem to
	figure out the details and the possible insecure pieces of a
	proposal like this.

** Implementation: In short

	To keep it short: <b>DNS, JXTA, xmlStorage.</b>


** Deploying it

	The implementation of such a system should be a pretty
	straightforward tasks once security cryptographers have
	designed such a beast.  

	The major problems are:

	<ul>
		* <b>People might just not care:</b> In a poll to US
		citizens a couple of decades ago, it was found that
		most people did not care about the rights they were
		given by the Bill of Rights, which lead to a number of
		laws to be passed in the US that eliminated most of
		the rights people had.  

		* <b>The industry will move way too slow:</b>
		Microsoft's implementation is out in the open now: it
		is being deployed, and soon it will be insinuated to
		many, many users.  The industry needs to get together
		soon if they care about this issue.

		By the time the industry reacts, it might be too
		late. 
	</ul>

** Passport and Mono

	The .NET class libraries includes a Passport class that
	applications might use to authenticate with Passport.  Since
	we do not have information at this point on the exact protocol
	of Passport, it is not even feasible to implement it.

	If at some point the information is disclosed, it could be
	implemented.  

	If a competing system to Passport existed, we could probably
	hide all the authentication information to use a number of
	different passport-like systems.

	If a user does not want to use Passport at all, he could
	always turn it off (or completely remove the class from the
	library).  After all, this is free software.

	Currently, we are too far from the point where this is a real
	issue. 

** Disclaimer

	This is just a group of personal thoughts of mine that I have
	placed here because I get asked this question a lot lately.
	The views of this page are not a statement from my employer
	(Ximian, Inc).

	This is not part of Mono.  We are not trying to deal with this
	problem. 

	Nat Friedman (Ximian's co-founder) has his own ideas on how a
	competing system to Passport could be designed, but I will let
	<a href="http://www.nat.org/gym">him</a> post his own story.

** Other Alternatives

	Some people have pointed out <a
	href="http://www.xns.org">XNS</a>

Send comments to me: Miguel de Icaza (<a
	href="mailto:miguel@ximian.com">miguel@ximian.com</a>)