Subject: Re: Q: Can you build an authentication system on OS?
From: Brian Behlendorf <>
Date: Thu, 28 Jun 2001 21:35:29 -0700 (PDT)

On Thu, 28 Jun 2001, Zimran Ahmed wrote:
> My question is this: does an open-sourced, or even a GPL'd infrastructure
> do anything to prevent Microsoft building and owning the authentication
> infrastructure of the Internet and extracting commissions from every
> transaction?

The proprietary collection and management of large amounts of data is
fundamentally different than the proprietary collection and management of
software code - so I don't really know what a "GPL'd infrastructure" would
look like.  The main point of Hailstorm is centralization - Microsoft is
banking that individuals, and corporations running websites, would gladly
trade their privacy and control over their data and their customer's data,
for convenience.  It's a safe bet to make, considering how often that
binary choice is made elsewhere.

Unfortunately, the open source concept really has nothing to say here -
this is not data that should be widely available, since (in theory at
least) people give up their data thinking it's being secured somewhere and
given out only under certain (explicit or implicit) terms.  If everyone
ran their own authentication servers, then there's no added convenience.

> Does Microsoft care if the protocols and code are liscensed
> under GPL so long as Microsoft databases contains the personal
> information for every individual and therefore need to be called to
> enable any networked transaction to process? (with Microsoft's payment
> infrastructure automatically extracting payment).

There would actually be an advantage to Microsoft, as the copyright holder
on code, to publish code under the GPL - it would prevent any potential
competitor from getting a leg-up by making and distributing proprietary
modifications.  But that's aside the point... the protocols and code are
not where the value is being created by and for Microsoft, it's in the
collection of data.  Microsoft could very well have used LDAP for
Haoilstorm, as far as I can tell.  Making it a separate protocol was only
useful for the purposes of differentiating themselves and making it hard
for others to compete against them.

> ESR wrote:
> from Microsoft's point of view, the BSD crowd are a bunch of suckers
> begging to be exploited again and again. I'm certain Microsoft would love
> for the entire open-source world to turn into an acquiescent source of
> free R&D for its monopoly.

Which is why, as a BSD bigot, I've railed against MS about this as
passionately as any GPL advocate - it besmirches us and our ways of
thinking as much as it does the GPL's.  Anyways...

> I would appreciate people's thoughts on this. If it controls the
> authentication infrastructure, Microsoft can cut itself out of the
> operating system/server/application game and still extract monopoly
> rents. I also do not see how you can have a competitive market for
> authentication services.

A large part of the game in authentication services is, who's more
trustworthy, and who can get that trustworthiness on a mass scale -
Microsoft, or AOL?  That's the next battlefield.