Subject: Re: Q: Can you build an authentication system on OS?
From: Bernard Lang <>
Date: Sat, 30 Jun 2001 14:10:36 +0200

  I am probably thick but I do not understand how or why people should
centralize their authentication, unless some services are available
only when the authentication comes from a given place.
  In which case we are back to software or protocol control.

  Another point is that the Internet was crafted to keep the
intelligence at the edges.  Changing that, by whatever means, defeats
the functionality, and must have a high price.
   Furthermore, my experience is that the internet resists attempts to
centralization.  Often, centralized solutions are simply not viable.
Two example that come to mind:
  - the weak point of Napster was its central repository
  - many attempts to create URN, via a central repository of document
identities, have failed. Decentralized approximate solutions, using
search engines and keywords (I simplify), work well without much effort.

   So, why is it precisely that the new MS offensive to control
economic activity on the net should work.


On Wed, Aug 05, 2037 at 08:51:19AM -0400, Zimran Ahmed wrote:
> Shiraz wrote:
> >So as a mental exercise - I'd like to see if we as a
> >group can come up with a license that controls how a
> >public database can be forced to allow free access to
> >its data in perpetuity. Lets call this the GFD license
> >(for GFD frees data - a suitably recursive name)
> Alessandro wrote:
> >Your message is very sound in outlining the problem, but it shows (at
> >least to me) how talking of "open source" may be misleading; some
> >attacks cannot be faced with source code.
> Responses to my previous post generally concur -- open source (under any 
> liscense) will not hinder MSFT's .NET strategy. But I respectfully 
> disagree with Shiraz, it is not a liscensing issue, it is an architecture 
> issue.
> GPL and OS essentially tackle the software question: "who controls the 
> code?" .NET tackles the authentication question: "who controls the 
> network" Currently, all user information sits at the edges of the network 
> (on PCs). .NET's servers moves this to the centre, essentially placing 
> network access under MSFTs control, so the liscense the client and 
> infrastructure software is under does not matter. A response to .NET must 
> be based on keeping authentication information distributed at the edges 
> of the network, not concentrated in the center.
> It may come down to which provides the better customer experience. I 
> think people will be leery of giving personal info to Microsoft, and 
> authentication to date has been an unpleasant experience that's driven 
> users to sites/services that do not require it. Let's face it: 
> authentication serves corporate needs, not customer needs. 
> To induce customers to take up .NET, Microsoft has to assure them that 
> their data will be safe, and show them how it will make their life a 
> little easier by automatically filling in checkout forms in e-commerce 
> sites etc. The irony is that that functionality can live in a simple 
> client-side text expander program, but I don't see that being built into 
> OS desktops. .NET can only be countered by making it a better experience 
> to keep authentication information at the edges of the network, and 
> provide good services that do not require authentication. 
> Clay Shirky writes more about Microsoft's centralization strategy here:
> MSFT is OK with open source in the long run because under .NET they care 
> about controlling the network, not the code.
> zimran

         Non aux Brevets Logiciels  -  No to Software Patents
           SIGNEZ    SIGN             ,_  /\o    \o/    Tel  +33 1 3963 5644  ^^^^^^^^^^^^^^^^^  Fax  +33 1 3963 5469
            INRIA / B.P. 105 / 78153 Le Chesnay CEDEX / France
         Je n'exprime que mon opinion - I express only my opinion