3 I have received many comments from people, and I have updated
4 the page accordingly. From removing incorrect statements, to
5 fixing typos, to include mentions to other software pieces.
7 I also corrected my statement about IIS and a trojan horse, I
8 should read a more educated press in the future. My apologies
9 to Microsoft and its employees on this particular topic. IIS
10 did not have a trojan horse built in.
12 * Microsoft Hailstorm and Passport
14 Microsoft Passport is a centralized database hosted by
15 Microsoft that enhances the consumer experience with the Web
16 by providing a single logon system that they can use across a
17 number of participant web sites.
19 As you might know by now from our extensive <a
20 href="faq.html">FAQ</a>, the Mono project has nothing to do
21 with Microsoft Hailstorm or <a
22 href="http://www.passport.com">Microsoft Passport.</a>
24 Still a lot of people have asked us our opinion on them.
28 Passport is important not because of it being a breakthrough
29 technologically speaking, but because the company is in a
30 position to drive most people toward being suscribers of it.
32 At the time of this writing passport is required to use the
33 free mail service <a href="http://www.hotmail.com">Hotmail</a>
34 to get customized support for the <a
35 href="http://www.msn.com">MSN portal</a>, <a
36 href="http://msdn.microsoft.com">Microsoft Developers
37 Network</a> and according to the original announcement from
38 Microsoft <a href="http://www.americanexpress.com">American
39 Express</a> and <a href="http://www.ebay.com">EBay</a> will be
43 href="http://www.passport.com/Directory/Default.asp?PPDir=C&lc=1033">Large
44 list</a> of participating sites.
46 There are many current users of it and Microsoft will be
47 driving more users towards Passport as it <a
48 href="http://news.cnet.com/news/0-1003-200-6343275.html">integrates
49 it</a> in their upcoming release of Windows.
52 href="http://www.passport.com/Business/JoinPassportNetwork.asp?lc=1033">developed
53 a toolkit</a> to enable current web merchants to integrate
54 their services with passport.
56 To the end user, there is a clear benefit: they only have to
57 log into a single network and not remember multiple passwords
58 across sites on the internet. Companies that adopt passport
59 will have a competition advantage over those that dont.
60 Microsoft lists a list of <a
61 href="http://www.passport.com/Business/Default.asp?lc=1033">benefits</a>
65 ** The problems of Passport
67 There are a number of concerns that different groups have over
68 Passport. Sometimes I have some, sometimes I do not. But
69 overall, consumers and businesses can have better solutions.
72 * <b>Single Point of Failure:</b> As more services and
73 components depend on remote servers, functionality can
74 grind to a halt if there is a failure on the
75 centralized Passport system.
77 Such a failure was predicted, and we recently <a
78 href="http://news.cnet.com/news/0-1005-200-6473003.html">witnessed</a>
79 got a lot of people worried.
81 The outgage lasted for seven days. Think what this
82 could do to your business.
84 * <b>Trust:</b> Not everyone trusts Microsoft to keep
85 their information confidential. Concerns are not only
86 at the corporate level policy, but also the fact that
87 the source code for Microsoft products is not
88 available, means that trojans or worms could be built
89 into the products by malicious engineers.
91 * <b>Security:</b> With a centralized system like
92 Passport, imagine the repercussions of a malicious
93 hacker gaining access to the Passport database.
94 Personal information and credit card information about
95 almost everyone using a computer could be stored there.
97 Hackers have already <a
98 href="http://slashdot.org/articles/00/10/27/1147248.shtml">broken
99 into Microsoft</a> in the past. And the company was
100 unable to figure out for how long their systems had
103 Security holes have been found in <a
104 href="http://slashdot.org/articles/00/04/14/0619206.shtml">IIS
105 in the past.</a> If all the world's data is stored on
106 a central location, when a single security hole is
107 detected, it would allow an intruder to install a
108 backdoor within seconds into the corporate network
109 without people ever noticing.
111 Microsoft itself has been recently hit by worms,
112 imagine if all your business depended on a single
113 provider for providing all or your authentication
117 Microsoft might or might not realize this. The idea behind
118 Passport is indeed a good one (I can start to get rid of my
119 file that keeps track of the 30 logins and passwords or so
120 that I use across the various services on the net myself).
122 ** Alternatives to Microsoft Passport
124 An alternative to Microsoft Passport needs to take the above
125 problems into consideration. Any solution of the form `We
126 will just have a competing offering' will not work.
128 The system thus has to be:
131 * <b>Distributed:</b> The entire authentication
132 system should not create an internet `blackout' in the
135 A distributed system using different software
136 platforms and different vendors would be more
137 resistent to an attack, as holes in a particular
138 implementation of the server software would not affect
139 every person at the same time.
141 A security hole attack might not even be relevant to
142 other software vendors software.
144 * <b>Allow for multiple registrars:</b> Users should
145 be able to choose a registrar (their banks, local
146 phone company, service provider, Swiss bank, or any
147 other entity they trust.
149 * <b>Mandate good security measures:</b> As a
150 principle, only Open Source software should be used
151 for servers in the registrar, and they should conform
152 to a standard set of tools and software that can be
153 examined by third parties.
156 An implementation of this protocol could use the DNS or a
157 DNS-like setup to distribute the information of users with the
158 possibility of replicating and caching public information
161 For instant messaging (another piece of the Hailstorm bit),
162 you want to use a non-centralized system like Sun's <a
163 href="http://www.jxta.org">JXTA</a>. Some people mailed me to
164 mention Jabber as a messaging platform and other people
165 pointed out to the <a
166 href="http://java.sun.com/products/jms/">Java Message
167 Service</a>. The JMS does support a number of very
168 interesting features that are worth researching.
170 It could also just use the user e-mail address as the `key' to
171 choose the registrar (msn.com, hotmail.com -> passport.com;
172 aol.com -> aol.passport.com; you get the idea).
175 href="http://www.soapware.org/xmlStorageSystem">xmlStorage</a>
176 idea from <a href="http://www.scripting.com">Dave Winer</a>
177 could be used to store the information.
179 A toolkit for various popular web servers could be provided,
180 authenticated and should be open sourced (for those of you who
181 think that a binary program would give more security and would
182 prevent people from tampering: you are wrong. You can always
183 use a proxy system that "behaves" like the binary, and passes
184 information back and forth from the real program, and snoops
185 in-transit information).
187 Good cryptographers need to be involved in this problem to
188 figure out the details and the possible insecure pieces of a
191 ** Implementation: In short
193 To keep it short: <b>DNS, JXTA, xmlStorage.</b>
198 The implementation of such a system should be a pretty
199 straightforward task once security cryptographers have
200 designed such a beast.
202 The major problems are:
205 * <b>People might just not care:</b> In a poll to US
206 citizens a couple of decades ago, it was found that
207 most people did not care about the rights they were
208 given by the Bill of Rights, which lead to a number of
209 laws to be passed in the US that eliminated most of
210 the rights people had.
212 * <b>The industry will move way too slow:</b>
213 Microsoft's implementation is out in the open now: it
214 is being deployed, and soon it will be insinuated to
215 many, many users. The industry needs to get together
216 soon if they care about this issue.
218 By the time the industry reacts, it might be too
224 The .NET class libraries include a Passport class that
225 applications might use to authenticate with Passport. Since
226 we do not have information at this point on the exact protocol
227 of Passport, it is not even feasible to implement it.
229 If at some point the information is disclosed, it could be
232 If a competing system to Passport existed, we could probably
233 hide all the authentication information to use a number of
234 different passport-like systems.
236 If a user does not want to use Passport at all, he could
237 always turn it off (or completely remove the class from the
238 library). After all, this is free software.
240 Currently, we are too far from the point where this is a real
243 ** Passport and endangering Open Source.
245 A few people have said: `Mono will allow Passport to be
246 available for Linux and that is bad'. This is plain
249 Currently, you can obtain Passport for Linux from Microsoft
250 itself and deploy it today on your Web server. Mono does not
251 even enter the picture here. Go to passport.com and download
252 the toolkit and you will see with your own eyes that passport
253 is <B>already</b> available for Linux.
257 This is just a group of personal thoughts of mine that I have
258 placed here because I get asked this question a lot lately.
259 The views of this page are not a statement from my employer
262 This is not part of Mono. We are not trying to deal with this
265 Nat Friedman (Ximian's co-founder) has his own ideas on how a
266 competing system to Passport could be designed, but I will let
267 <a href="http://www.nat.org/gym">him</a> post his own story.
269 ** Other Alternatives
271 Some people have pointed out <a
272 href="http://www.xns.org">XNS</a>
274 Send comments to me: Miguel de Icaza (<a
275 href="mailto:miguel@ximian.com">miguel@ximian.com</a>)