Submitted by Microsoft is launching a slew of initiatives to help Web sites identify visitors. First, the company is kicking off four open-source projects to support the development of ID cards for online users. Microsoft is also releasing one of its identity management specs, Identity Selector Interoperability Profile, under its OSP, meaning the specification is clear of licensing fees or patent worries.
Why not supporting OpenID? Why do we need so many different ID systems? If Microsoft chooses an open system, then OpenID could be an alternative.
Greetings
Mike
Microsoft announced that they will also support OpenID. Google finds a few articles about it from the last couple of months.
I find it interesting that they announced they would support OpenID months back, yet haven’t produced anything so far but PR.
… and as time goes on, still nothing.
I’m to understand they might be adding support to .Net, but you’d know all about that, wouldn’t you Miguel ?
It’d help if they officially joined the OpenID mailing lists and contributed, but they wont.
It’s called choice.
It’s really an unexpected move from Microsoft.
However what puzzles me most is the software is in Java and Ruby supporting Active Directory and OpenLDAP.
What I would’ve expected would be C# and Python (for which they already have a complete version in .Net) supporting FedoraDS and ApacheDS (which have much better structured core / plugin functionality).
Anyways it’s unexpected but a good move, and cheers to Microsoft for BSD license instead of shared source (GPL would be fine too). I hope they continue supporting open standards.
Edited 2007-05-26 21:07
Am I missing something here?
IIRC Both FedoraDS and ApacheDS are LDAP compliant, so as slong as jyo suport LDAP and can parse the results there realy should be no need to support the individual serbers, right?
Disclaimer: I´m not a software developer so please correct me if I´m wrong
In theory you are correct, but vendors usually add tweaks/platform specific additions/changes though I don’t know if FDS/ADS do.
.Net already has support for LDAP, and there are quite a few 3rd party libraries that add support for their versions of an LDAP provider.
LDAP is kind of ODBC…all the major DB vendors support ODBC, but you don’t get the true performance/benefits unless you use the native provider (such as SQL OLEDB for MSSQL).
This projects reminds me existing ID-Card technology prooved itself in Estonia for couple of years already. http://www.id.ee/?lang=en
might come to know the virtues of open source software development by the end of these projects.
http://osgeek.blogspot.com
I have to hand it to them, they don’t give up and change their tac. After the failures of Hailstorm and Passport over the years, they keep on trying.
Open-sourcing the method that our privacy is assured is somewhat like posting the security layout of a bank on the front door in order to see how to make it more impervious to thieves.
This may be lauded by some, but for myself, I won’t be using any site that uses that technology.
I wonder how far they plan on taking this new ‘customer-centric interoperability across platform’ system?
Oh, so now because everyone can help find design flaws, its insecure?
newsflash: because everyone can know how it works, doesent make it insecure.
Or do you volunteer to crack any of my communication done securely using GnuPG? you may have the gnupg source!
-noc noc
-who’s there?
– it’s mister SECURITY THROUGH OBSCURITY DOESN’T WORK!
http://en.wikipedia.org/wiki/Security_through_obscurity
lol,
I’ve got a security system for you to buy.
It’s the best security in the world.
I can’t tell you how it works, or what it actually does because that would make it less secure.
Since I’m the only one that knows how it works, you’ll be secure from everyone except me.
But don’t worry I’m pretty trustworthy.
What amazes me is that he is getting modded down (-3 atm).
Allow me to list the valid reasons for modding somebody down;
“Yes, this comment includes personal attacks/offensive language
Yes, this comment is off-topic
Yes, this comment is spam or includes advertisements”
No matches there.
Now, please stop modding down just becuse you dont agree with their opinion.
Edited 2007-05-27 13:53
OT:
Maybe there should be two scores. One for quality and one for support. That way you could vote -1 for support without affecting the quality rating.
“This may be lauded by some, but for myself, I won’t be using any site that uses that technology. ”
You better not be using any secure sites then since SSL/TLS is an open standard and that must mean it can’t be secure.
There are some excellent books – The Code Book by Simon Singh for one – which explains how public key security works. It’s a bit of a technical subject but basically security has nothing to do with keeping the technology hidden – just your private key.
Is this truly open source or their bastardized version called managed source?
What’s next?????
Isn’t this just another attempt to check your OS for a valid registration key? And to scan your system for DRM violations?
If this is another attempt to jamb something down my throat, I don’t want it, I don’t play that game……
I do accept necessary legitimate cookies from shopping sites and financial sites to facilitate transactions.
Assuming this is voluntary, and that this is a legitimate attempt at security, to positively identify a user, like coders/academics logging on to sites for computer activities or typical users doing financial transactions, why can’t a special type of SUPER COOKIE be developed that contains the computers MAC address, the machine CPU ID, and a users private PHP encription key be enough to uniquely and sufficiently identify an individual on a particular machine?
What’s next ……. Finger print scanners, retina scanners, DNA checkers????
Better read this fast folks, I always get modded down??
JLT