Microsoft and Sun Microsystems last week issued a progress report on the technical truce the companies called this year but gave little indication of what specific fixes they would devise to address customers’ problems.
Sun And Microsoft Aim For Single Sign-On
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
Didn’t they try this 3 years ago with .Net Passport, and everybody scoffed at the licensing needed inorder to use a single sign on. These companies are going to have to realize that authentication is not something hard to impliment, and people accept that they need multip logins for the websites they visit.
If they really want this to succeed, then they are going to have to offer it for free. Which I know they won’t.
But the big guns didn’t want/support it because it was 3rd party vendors providing the solution. I recall a small co demo’ing SSO actoss a half dozen platforms at Net+Interop in something like 1997. Pretty sad..
Its not hard to do with LDAP, and it would have been easier if Microsoft had not been such weenies and do non-standard stuff with their LDAP implementation. (don’t they always).
Besides I bet you $1,000,000 its a one way street with Microsoft.. that they are only willing to let Sun authenticate TO MICROSOFT servers and NOT for the other way around. I would bet the farm on it, because thats the way Microsoft does “interoperability”.. you work with THEM, they dont work with you. And that is what Microsoft calls “interoperable”.
It’s all just PR to get SUNW to go up.
Where does this leave the Liberty project that Sun was backing?
Maybe I misunderstand what they are doing here. But my Firefox browser keeps track of the diffirent logins I use when I enter a site so the fact that they are not all the same has not been a problem for me.
Additionally by wiping the cookies off the system from time to time I break up the ability (not stop it) to track me. It seems that a single login everywhere makes it a lot easyier to build a database about my reading and buying habits. Why would I want to make that any easyier for the marketers out there?
Basically FireFox keeps track of your passwords, but that’s about it…it just memorizes what you put in there. What SSO does is basically link the same account across different companies that partner up.
Consider .NET for an example:
In order to get most information from Microsoft now (take the new VS2005 demo), you need to give them a Passport login. This login could get you into MSDN, Hotmail, etc…one username, one password…
Yes your firefox could remember that password if you want it to, but the fact is you don’t have 20-30 different usernames (at worse) to remember and use on a daily, weekly, monthly basis. Yes you could register the same username across the board, but when you want to change your password you have to do that 20-30 times as opposed to once…
SSO is a nice idea. I’ve been looking at doing this for my network of sites…thinking about LDAP and how to do it correctly.
”
SSO is a nice idea. I’ve been looking at doing this for my network of sites…thinking about LDAP and how to do it correctly.
”
what about security. one password is enough to crack them all. what about privacy?
I guess you’re right: it will soon be a sunset, then. -:)
Their Krb5 implementation is freely available and interoperates with MS-KDC – http://www.pdc.kth.se/heimdal/
Also, the pam_krb5 and pam_winbind modules can autenticate to MS-KDC. but authorization from MS-LDAP might be a pain (dunno).
Anonymous wrote:
> what about security.
Should you be using Kerberos v5 – to authenticate *everything* against. It might be very secure. Provided the KDC (key distribution center) machine(s) aren’t providing any other services which may be used to compromise them, ie: running serial-console for (remote) administration etc.
> one password is enough to crack them all.
Well, the point ofcource is: a password shouldn’t be easy to guess. With just one per-user it’s probably doable to setup cracklib and an ageing scheme. Whereas with multiple passwords (say one per service) it’s unlikely to be. Also users generally use the same password many places anyway.
One would want to make sure that one password isn’t very easy to obtain, by mandating SSL/TLS for any FTP, HTTP, POP3, or whatever. From outsite the realm.
(With a centrally stored one it _is_ however much easier to reset/lock, should the need arise – ie: if some client machine is found to be compromised, someone leaves the company, etc.)
er… I don’t think this is centered around your everyday user’s various web accounts… I’m pretty sure they were mostly talking about corporate, internal sign-ons… server authentication…. rights administration to clients, etc…
I don’t see much of a connection to .NET passport, etc.
you still havent addressed privacy concerns. why should i trust a company with every login account of mine. no way. this is just plain stupid and will never work
Sun and Microsoft are epitome of greed-driven capitalists that want to take away all freedoms from the worker. This greed agenda is driven forward under the false flag of “convenience”.
Unforunately many less aware workers will be misled by this scam that Microsoft and Sun are running.
Freedom is when you own your own keys. Not when giant capitalist enterprise controls them. Very simple point.