X-Git-Url: http://wien.tomnetworks.com/gitweb/?a=blobdiff_plain;f=web%2Fpassport;h=fd402772293efa5cac91d88e32af970120eb8e32;hb=7c7faa2e60cf3904da5015b40197b6b0ec6b8545;hp=030878268fa15bbee9c27523031cd863a4fda7c7;hpb=16e3d27af5966e8516080566fcd5a2574b6ecad3;p=mono.git
diff --git a/web/passport b/web/passport
index 030878268fa..fd402772293 100644
--- a/web/passport
+++ b/web/passport
@@ -1,5 +1,33 @@
+* Updates
+
+ Sep 20, 2001: Microsoft has just announced some changes
+ to passport that are rather interesting. This document
+ reflects the Passport system without taking into account the
+ new changes.
+
+ Read about it here.
+
+ For an analysis of security problems with passport, check http://avirubin.com/passport.html.
+ The bottom line is that you should not put any sensitive
+ information on passport.
+
+ I have received many comments from people, and I have updated
+ the page accordingly. From removing incorrect statements, to
+ fixing typos, to include mentions to other software pieces.
+
+ I also corrected my statement about IIS and a trojan horse, I
+ should read a more educated press in the future. My apologies
+ to Microsoft and its employees on this particular topic. IIS
+ did not have a trojan horse built in.
+
* Microsoft Hailstorm and Passport
+ Microsoft Passport is a centralized database hosted by
+ Microsoft that enhances the consumer experience with the Web
+ by providing a single logon system that they can use across a
+ number of participant web sites.
+
As you might know by now from our extensive FAQ, the Mono project has nothing to do
with Microsoft Hailstorm or Hotmail
+ to get customized support for the MSN portal, Microsoft Developers
+ Network and according to the original announcement from
+ Microsoft American
+ Express and EBay will be
+ adopting it.
+
+ There is already a Large
+ list of participating sites.
+
+ There are many current users of it and Microsoft will be
+ driving more users towards Passport as it integrates
+ it in their upcoming release of Windows.
+
+ Microsoft has also developed
+ a toolkit to enable current web merchants to integrate
+ their services with passport.
+
+ To the end user, there is a clear benefit: they only have to
+ log into a single network and not remember multiple passwords
+ across sites on the internet. Companies that adopt passport
+ will have a competition advantage over those that dont.
+ Microsoft lists a list of benefits
+ to companies.
+
+
+** The problems of Passport
+
+ There are a number of concerns that different groups have over
+ Passport. Sometimes I have some, sometimes I do not. But
+ overall, consumers and businesses can have better solutions.
+
+
+ * Single Point of Failure: As more services and
+ components depend on remote servers, functionality can
+ grind to a halt if there is a failure on the
+ centralized Passport system.
+
+ Such a failure was predicted, and we recently witnessed
+ got a lot of people worried.
+
+ The outgage lasted for seven days. Think what this
+ could do to your business.
+
+ * Trust: Not everyone trusts Microsoft to keep
+ their information confidential. Concerns are not only
+ at the corporate level policy, but also the fact that
+ the source code for Microsoft products is not
+ available, means that trojans or worms could be built
+ into the products by malicious engineers.
+
+ * Security: With a centralized system like
+ Passport, imagine the repercussions of a malicious
+ hacker gaining access to the Passport database.
+ Personal information and credit card information about
+ almost everyone using a computer could be stored there.
+
+ Hackers have already broken
+ into Microsoft in the past. And the company was
+ unable to figure out for how long their systems had
+ been hacked.
+
+ Security holes have been found in IIS
+ in the past. If all the world's data is stored on
+ a central location, when a single security hole is
+ detected, it would allow an intruder to install a
+ backdoor within seconds into the corporate network
+ without people ever noticing.
+
+ Microsoft itself has been recently hit by worms,
+ imagine if all your business depended on a single
+ provider for providing all or your authentication
+ needs
+
+
+ Microsoft might or might not realize this. The idea behind
+ Passport is indeed a good one (I can start to get rid of my
+ file that keeps track of the 30 logins and passwords or so
+ that I use across the various services on the net myself).
+
** Alternatives to Microsoft Passport
- Microsoft Passport is a centralized database hosted by
- Microsoft that
+ An alternative to Microsoft Passport needs to take the above
+ problems into consideration. Any solution of the form `We
+ will just have a competing offering' will not work.
+
+ The system thus has to be:
+
+
+ * Distributed: The entire authentication
+ system should not create an internet `blackout' in the
+ case of failure.
+
+ A distributed system using different software
+ platforms and different vendors would be more
+ resistent to an attack, as holes in a particular
+ implementation of the server software would not affect
+ every person at the same time.
+
+ A security hole attack might not even be relevant to
+ other software vendors software.
+
+ * Allow for multiple registrars: Users should
+ be able to choose a registrar (their banks, local
+ phone company, service provider, Swiss bank, or any
+ other entity they trust.
+
+ * Mandate good security measures: As a
+ principle, only Open Source software should be used
+ for servers in the registrar, and they should conform
+ to a standard set of tools and software that can be
+ examined by third parties.
+
+
+ An implementation of this protocol could use the DNS or a
+ DNS-like setup to distribute the information of users with the
+ possibility of replicating and caching public information
+ about the user.
+
+ For instant messaging (another piece of the Hailstorm bit),
+ you want to use a non-centralized system like Sun's JXTA. Some people mailed me to
+ mention Jabber as a messaging platform and other people
+ pointed out to the Java Message
+ Service. The JMS does support a number of very
+ interesting features that are worth researching.
+
+ It could also just use the user e-mail address as the `key' to
+ choose the registrar (msn.com, hotmail.com -> passport.com;
+ aol.com -> aol.passport.com; you get the idea).
+
+ The xmlStorage
+ idea from Dave Winer
+ could be used to store the information.
+
+ A toolkit for various popular web servers could be provided,
+ authenticated and should be open sourced (for those of you who
+ think that a binary program would give more security and would
+ prevent people from tampering: you are wrong. You can always
+ use a proxy system that "behaves" like the binary, and passes
+ information back and forth from the real program, and snoops
+ in-transit information).
+
+ Good cryptographers need to be involved in this problem to
+ figure out the details and the possible insecure pieces of a
+ proposal like this.
+
+** Implementation: In short
+
+ To keep it short: DNS, JXTA, xmlStorage.
+
+
+** Deploying it
+
+ The implementation of such a system should be a pretty
+ straightforward task once security cryptographers have
+ designed such a beast.
+
+ The major problems are:
+
+
+ * People might just not care: In a poll to US
+ citizens a couple of decades ago, it was found that
+ most people did not care about the rights they were
+ given by the Bill of Rights, which lead to a number of
+ laws to be passed in the US that eliminated most of
+ the rights people had.
+
+ * The industry will move way too slow:
+ Microsoft's implementation is out in the open now: it
+ is being deployed, and soon it will be insinuated to
+ many, many users. The industry needs to get together
+ soon if they care about this issue.
+
+ By the time the industry reacts, it might be too
+ late.
+
+
+** Passport and Mono
+
+ The .NET class libraries include a Passport class that
+ applications might use to authenticate with Passport. Since
+ we do not have information at this point on the exact protocol
+ of Passport, it is not even feasible to implement it.
+
+ If at some point the information is disclosed, it could be
+ implemented.
+
+ If a competing system to Passport existed, we could probably
+ hide all the authentication information to use a number of
+ different passport-like systems.
+
+ If a user does not want to use Passport at all, he could
+ always turn it off (or completely remove the class from the
+ library). After all, this is free software.
+
+ Currently, we are too far from the point where this is a real
+ issue.
+
+** Passport and endangering Open Source.
+
+ A few people have said: `Mono will allow Passport to be
+ available for Linux and that is bad'. This is plain
+ misinformation.
+
+ Currently, you can obtain Passport for Linux from Microsoft
+ itself and deploy it today on your Web server. Mono does not
+ even enter the picture here. Go to passport.com and download
+ the toolkit and you will see with your own eyes that passport
+ is already available for Linux.
+
+** Disclaimer
+
+ This is just a group of personal thoughts of mine that I have
+ placed here because I get asked this question a lot lately.
+ The views of this page are not a statement from my employer
+ (Ximian, Inc).
+
+ This is not part of Mono. We are not trying to deal with this
+ problem.
+
+ Nat Friedman (Ximian's co-founder) has his own ideas on how a
+ competing system to Passport could be designed, but I will let
+ him post his own story.
+
+** Other Passport Comments
+
+ An interesting study on the security of passport is available at: http://avirubin.com/passport.html
+
+** Other Alternatives
+
+ Some people have pointed out XNS
+
+Send comments to me: Miguel de Icaza (miguel@ximian.com)
+