1 * Microsoft Hailstorm and Passport
3 Microsoft Passport is a centralized database hosted by
4 Microsoft that enhances the consumer experience with the Web
5 by providing a single logon system that they can use across a
6 number of participant web sites.
8 As you might know by now from our extensive <a
9 href="faq.html">FAQ</a>, the Mono project has nothing to do
10 with Microsoft Hailstorm or <a
11 href="http://www.passport.com">Microsoft Passport.</a>
13 Still a lot of people have asked us our opinion on them.
17 Passport is important not because of it being breaktrough
18 technologically speaking, but because the company is in a
19 position to drive most people toward being suscribers of it.
21 At the time of this writing passport is required to use the
22 free mail service <a href="http://www.hotmail.com">Hotmail</a>
23 to get customized support for the <a
24 href="http://www.msn.com">MSN portal</a>, <a
25 href="http://msdn.microsoft.com">Microsoft Developers
26 Network</a> and according to the original announcement from
27 Microsoft <a href="http://www.americanexpress.com">American
28 Express</a> and <a href="http://www.ebay.com">EBay</a> will be
32 href="http://www.passport.com/Directory/Default.asp?PPDir=C&lc=1033">Large
33 list</a> of participating sites.
35 There are many current users of it and Microsoft will be
36 driving more users towards Passport as it <a
37 href="http://news.cnet.com/news/0-1003-200-6343275.html">integrates
38 it</a> in their upcoming release of Windows.
41 href="http://www.passport.com/Business/JoinPassportNetwork.asp?lc=1033">developed
42 a toolkit</a> to enable current web merchants to integrate
43 their services with passport.
45 To the end user, there is a clear benefit: they only have to
46 log into a single network and not remember multiple passwords
47 across sites on the internet. Companies that adopt passport
48 will have a competition advantage over those that dont.
49 Microsoft lists a list of <a
50 href="http://www.passport.com/Business/Default.asp?lc=1033">benefits</a>
54 ** The problems of Passport
56 There are a number of concerns that different groups have over
57 Passport. Sometimes I have some, sometimes I do not. But
58 overall, consumers and businesses can have better solutions.
61 * <b>Single Point of Failure:</b> As more services and
62 components depend on remote servers, functionality can
63 grind to a halt if there is a failure on the
64 centralized Passport system.
66 Such a failure was predicted, and we recently <a
67 href="http://news.cnet.com/news/0-1005-200-6473003.html">witnessed</a>
68 got a lot of people worried.
70 The outgage lasted for seven days. Think what this
71 could do to your business.
73 * <b>Trust:</b> Not everyone trusts Microsoft to keep
74 their information confidential. Concerns are not only
75 at the corporate level policy, but also the fact that
76 the source code for Microsoft products is not
77 available, means that trojans or worms could be built
78 into the products by malicious engineers. This is not
80 href="http://slashdot.org/articles/00/04/14/0619206.shtml">Microsoft
81 Internet Server</a> had a trojan horse built into that
82 allowed anyone that knew about this to control any
85 * <b>Security:</b> With a centralized system like
86 Passport, imagine the repercussions of a malicious
87 hacker gaining access to the Passport database.
88 Personal information and credit card information about
89 almost everyone using a computer could be stored there.
91 Hackers have already <a
92 href="http://slashdot.org/articles/00/10/27/1147248.shtml">broken
93 into Microsoft</a> in the past. And the company was
94 unable to figure out for how long their systems had been hacked.
97 Microsoft might or might not realize this. The idea behind
98 Passport is indeed a good one (I can start to get rid of my
99 file that keeps track of the 30 logins and passwords or so
100 that I use across the various services on the net myself).
102 ** Alternatives to Microsoft Passport
104 An alternative to Microsoft Passport needs to take the above
105 problems into consideration. Any solution of the form `We
106 will just have a competing offering' will not work.
108 The system thus has to be:
111 * <b>Distributed:</b> The entire authentication
112 system should not create an internet `blackout' in the
115 * <b>Allow for multiple registrars:</b> Users should
116 be able to choose a registrar (their banks, local
117 phone company, service provider, Swiss bank, or any
118 other entity they trust.
120 * <b>Mandate good security measures:</b> As a
121 principle, only Open Source software should be used
122 for servers in the registrar, and they should conform
123 to a standard set of tools and software that can be
124 examined by third parties.
127 An implementation of this protocol could use the DNS or a
128 DNS-like setup to distribute the information of users with the
129 possibility of replicating and caching public information
132 For instant messaging (another pieces of the Hailstorm bit),
133 you want to use a non-centralized system like Sun's <a
134 href="http://www.jxta.org">JXTA</a>. Some people mailed me to
135 mention Jabber as a messaging platform.
137 It could also just use the user e-mail address as the `key' to
138 choose the registrar (msn.com, hotmail.com -> passport.com;
139 aol.com -> aol.passport.com; you get the idea).
142 href="http://www.soapware.org/xmlStorageSystem">xmlStorage</a>
143 idea from <a href="http://www.scripting.com">Dave Winer</a>
144 could be used to store the information.
146 A toolkit for various popular web servers could be provided,
147 authenticated and should be open sourced (for those of you who
148 think that a binary program would give more security and would
149 prevent people from tampering: you are wrong. You can always
150 use a proxy system that "behaves" like the binary, and passes
151 information back and forth from the real program, and snoops
152 in-transit information).
154 Good cryptographers need to be involved in this problem to
155 figure out the details and the possible insecure pieces of a
158 ** Implementation: In short
160 To keep it short: <b>DNS, JXTA, xmlStorage.</b>
165 The implementation of such a system should be a pretty
166 straightforward tasks once security cryptographers have
167 designed such a beast.
169 The major problems are:
172 * <b>People might just not care:</b> In a poll to US
173 citizens a couple of decades ago, it was found that
174 most people did not care about the rights they were
175 given by the Bill of Rights, which lead to a number of
176 laws to be passed in the US that eliminated most of
177 the rights people had.
179 * <b>The industry will move way too slow:</b>
180 Microsoft's implementation is out in the open now: it
181 is being deployed, and soon it will be insinuated to
182 many, many users. The industry needs to get together
183 soon if they care about this issue.
185 By the time the industry reacts, it might be too
191 The .NET class libraries includes a Passport class that
192 applications might use to authenticate with Passport. Since
193 we do not have information at this point on the exact protocol
194 of Passport, it is not even feasible to implement it.
196 If at some point the information is disclosed, it could be
199 If a competing system to Passport existed, we could probably
200 hide all the authentication information to use a number of
201 different passport-like systems.
203 If a user does not want to use Passport at all, he could
204 always turn it off (or completely remove the class from the
205 library). After all, this is free software.
207 Currently, we are too far from the point where this is a real
212 This is just a group of personal thoughts of mine that I have
213 placed here because I get asked this question a lot lately.
214 The views of this page are not a statement from my employer
217 This is not part of Mono. We are not trying to deal with this
220 Nat Friedman (Ximian's co-founder) has his own ideas on how a
221 competing system to Passport could be designed, but I will let
222 <a href="http://www.nat.org/gym">him</a> post his own story.
224 ** Other Alternatives
226 Some people have pointed out <a
227 href="http://www.xns.org">XNS</a>
229 Send comments to me: Miguel de Icaza (<a
230 href="mailto:miguel@ximian.com">miguel@ximian.com</a>)