[mono.git] / web / passport

* Microsoft Hailstorm and Passport

        Microsoft Passport is a centralized database hosted by
        Microsoft that enhances the consumer experience with the Web
        by providing a single logon system that they can use across a
        number of participant web sites.

        As you might know by now from our extensive <a
        href="faq.html">FAQ</a>, the Mono project has nothing to do
        with Microsoft Hailstorm or <a
        href="http://www.passport.com">Microsoft Passport.</a>

        Still a lot of people have asked us our opinion on them.

** Passport

        Passport is important not because of it being breaktrough
        technologically speaking, but because the company is in a
        position to drive most people toward being suscribers of it.

        At the time of this writing passport is required to use the
        free mail service <a href="http://www.hotmail.com">Hotmail</a>
        to get customized support for the <a
        href="http://www.msn.com">MSN portal</a>, <a
        href="http://msdn.microsoft.com">Microsoft Developers
        Network</a> and according to the original announcement from
        Microsoft <a href="http://www.americanexpress.com">American
        Express</a> and <a href="http://www.ebay.com">EBay</a> will be
        adopting it. 

        There is already a <a
        href="http://www.passport.com/Directory/Default.asp?PPDir=C&lc=1033">Large
        list</a> of participating sites.

        There are many current users of it and Microsoft will be
        driving more users towards Passport as it <a
        href="http://news.cnet.com/news/0-1003-200-6343275.html">integrates
        it</a> in their upcoming release of Windows.  

        Microsoft has also <a
        href="http://www.passport.com/Business/JoinPassportNetwork.asp?lc=1033">developed
        a toolkit</a> to enable current web merchants to integrate
        their services with passport.

        To the end user, there is a clear benefit: they only have to
        log into a single network and not remember multiple passwords
        across sites on the internet.  Companies that adopt passport
        will have a competition advantage over those that dont.
        Microsoft lists a list of <a
        href="http://www.passport.com/Business/Default.asp?lc=1033">benefits</a>
        to companies. 


** The problems of Passport

        There are a number of concerns that different groups have over
        Passport.  Sometimes I have some, sometimes I do not.  But
        overall, consumers and businesses can have better solutions.

        <ul>
                * <b>Single Point of Failure:</b> As more services and
                components depend on remote servers, functionality can
                grind to a halt if there is a failure on the
                centralized Passport system.  

                Such a failure was predicted, and we recently <a
                href="http://news.cnet.com/news/0-1005-200-6473003.html">witnessed</a> 
                got a lot of people worried.  

                The outgage lasted for seven days.  Think what this
                could do to your business.

                * <b>Trust:</b> Not everyone trusts Microsoft to keep
                their information confidential.  Concerns are not only
                at the corporate level policy, but also the fact that
                the source code for Microsoft products is not
                available, means that trojans or worms could be built
                into the products by malicious engineers.  This is not
                unheard of, as the <a
                href="http://slashdot.org/articles/00/04/14/0619206.shtml">Microsoft
                Internet Server</a> had a trojan horse built into that
                allowed anyone that knew about this to control any
                server running IIS.

                * <b>Security:</b> With a centralized system like
                Passport, imagine the repercussions of a malicious
                hacker gaining access to the Passport database.
                Personal information and credit card information about
                almost everyone using a computer could be stored there.

                Hackers have already <a
                href="http://slashdot.org/articles/00/10/27/1147248.shtml">broken
                into Microsoft</a> in the past.  And the company was
                unable to figure out for how long their systems had been hacked. 
        </ul>

        Microsoft might or might not realize this.  The idea behind
        Passport is indeed a good one (I can start to get rid of my
        file that keeps track of the 30 logins and passwords or so
        that I use across the various services on the net myself).

** Alternatives to Microsoft Passport

        An alternative to Microsoft Passport needs to take the above
        problems into consideration.  Any solution of the form `We
        will just have a competing offering' will not work.

        The system thus has to be:

        <ul>
                * <b>Distributed:</b>  The entire authentication
                system should not create an internet `blackout' in the
                case of failure.

                * <b>Allow for multiple registrars:</b> Users should
                be able to choose a registrar (their banks, local
                phone company, service provider, Swizz bank, or any
                other entity they trust.

                * <b>Mandate good security measures:</b> As a
                principle, only Open Source software should be used
                for servers in the registrar, and they should conform
                to a standard set of tools and software that can be
                examined by third parties.
        </ul>

        An implementation of this protocol could use the DNS or a
        DNS-like setup to distribute the information of users with the
        possibility of replicating and caching public information
        about the user.  

        For instant messaging (another pieces of the Hailstorm bit),
        you want to use a non-centralized system like Sun's <a
        href="http://www.jxta.org">JXTA</a>.  Some people mailed me to
        mention Jabber as a messaging platform.  Jabber suffers from
        the same problems that a centralized Passport has.  If you
        want to do things right, you want to start with a fully
        distributed system. 

        It could also just use the user e-mail address as the `key' to
        choose the registrar (msn.com, hotmail.com -> passport.com;
        aol.com -> aol.passport.com; you get the idea).

        The <a
        href="http://www.soapware.org/xmlStorageSystem">xmlStorage</a>
        idea from <a href="http://www.scripting.com">Dave Winer</a>
        could be used to store the information.

        A toolkit for various popular web servers could be provided,
        authenticated and should be open sourced (for those of you who
        think that a binary program would give more security and would
        prevent people from tampering: you are wrong.  You can always
        use a proxy system that "behaves" like the binary, and passes
        information back and forth from the real program, and snoops
        in-transit information).

        Good cryptographers need to be involved in this problem to
        figure out the details and the possible insecure pieces of a
        proposal like this.

** Deploying it

        The implementation of such a system should be a pretty
        straightforward tasks once security cryptographers have
        designed such a beast.  

        The major problems are:

        <ul>
                * <b>People might just not care:</b> In a poll to US
                citizens a couple of decades ago, it was found that
                most people did not care about the rights they were
                given by the Bill of Rights, which lead to a number of
                laws to be passed in the US that eliminated most of
                the rights people had.  

                * <b>The industry will move way to slow:</b>
                Microsoft's implementation is out in the open now: it
                is being deployed, and soon it will be insinuated to
                many, many users.  The industry needs to get together
                soon if they care about this issue.

                By the time the industry reacts, it might be too
                late. 
        </ul>

** Passport and Mono

        The .NET class libraries includes a Passport class that
        applications might use to authenticate with Passport.  Since
        we do not have information at this point on the exact protocol
        of Passport, it is not even feasible to implement it.

        If at some point the information is disclosed, it could be
        implemented.  

        If a competing system to Passport existed, we could probably
        hide all the authentication information to use a number of
        different passport-like systems.

        If a user does not want to use Passport at all, he could
        always turn it off (or completely remove the class from the
        library).  After all, this is free software.

        Currently, we are too far from the point where this is a real
        issue. 

** Disclaimer

        This is just a group of personal thoughts of mine that I have
        placed here because I get asked this question a lot lately.
        The views of this page are not a statement from my employer
        (Ximian, Inc).

        Nat Friedman (Ximian's co-founder) has his own ideas on how a
        competing system to Passport could be designed, but I will let
        <a href="http://www.nat.org">him</a> post his own story.

Send comments to me: Miguel de Icaza (<a href="mailto:miguel@ximian.com">miguel@ximian.com</a>)