Subject: Re: Q: authentication system on OS? (with tangent)
From: Glen Starchman <>
Date: Sun, 1 Jul 2001 08:52:41 -0700

On Thu, 06 Aug 2037, Zimran Ahmed wrote:
> >In my opinion, the authentication and software subscription parts
> >are kind of ho-hum... but I think the CLR and IL kick ass. It would
> maybe from a technological perspective, but not from a customer 
> perspective.

I will give you that. The average customer is becoming more and
more concerned with issues such as privacy. 

> >The thought of a .GNU is almost ludicrous to me. For one, the
> >components o .NET that the .GNU people on FreeDevelopers have
> >choosen to concentrate on is essentially a Hailstorm clone.
> >Hailstorm is not in itself innovative, aping it is even less
> >innovative.
> Hailstorm raises three business concerns:
> 1) Privacy -- will Microsoft abuse my personal data in some way? (they 
> have been abusive in the past)
> 2) Security -- will Microsoft be able to keep my data secure? (their 
> security has been substandard in the past)
> 3) Competition -- will market forces be able to drive down the price and 
> increase the service?

I agree that MS is probably (definitely) not the best "keeper of
the information"; however, I do not believe that MS will use that
information in a way any more detrimental than any other net firm. 

I have not seen any pricing information for either Hailstorm or
Passport so I can't really comment on the price issue... it has
been my understanding that both services would be "value-added" and
be used as more of an MS promotional effort. 

> .GNU directly effects 3), and maybe 1) and 2). Ideally, the data would be 
> kept in one central place (of some sort), and different vendors would 
> have to compete with each other to provide the service to customers. 
> Competition will improve the service and lower the price. In Microsoft's 
> architecture, no competing vendors are allowed to provide the 
> infrastructure services, and the commission MSFT decides to charge for 
> its authentication services (say) is therefore under no price pressure. 

Once again, I can't really comment since the internals of Hailstorm
are not sufficiently documented. I did ask a friend on the inside
(working in the UDDI group at MS) about Hailstorm and he wasn't
able to say much more than "it has the potential to be very
invasive" (paraphrased). Scary? Indeed. However, as with all things,
this is a consumer-driven problem. Consumers are by no means forced
to use MS products, services, and web sites. When they choose to do
so, they implicitly agree to play by MS's rules.

Who do we really blame for Hailstorm? In my opinion, we have to
blame the plethora of sites that demand authentication credentials
when there is absolutely no need. For example, Amtrak requires a
userid and password just to search schedules... that is utterly
ludicrous. MS is stepping in and saying to the consumer: "Okay, we
can help you remember all of that information, and, hey, we
promise to keep it secure." Granted, I am sure they are not being
altruistic, but they are indeed offering a much needed service.
Why someone else, either proprietary or FS, hasn't already done
this is beyond me. 

Theoretically, MS will (or have they already?) publish the .NET
specifications to the general public. When/if that happens, a new
world could feasibly open up. Let's pretend for a moment that MS
decides to play nice with the OS/FS/*nix world... would the
OS/FS/*nix world accept that? That's one of the real issues to
me... who, if either camp, will be willing to mea culpa?

I think that what we have right now is something akin to the Cold
War between the US and the Soviet Union. The concept of the "war"
spurs innovation on both sides, and keeps the propaganda machines
churning. just like the Cold War I can see no clear cut winner in
the "war". In fact, my guess is that both camps will end up living
together in relative peace (much like the former SU and the US) in
the future. The main problem with this approach is the casualties
that result from the propaganda machines, namely the time and
effort each camp puts into trying to make the other guy look evil
is time that could be spent trying to reach goals.