Subject: Re: Q: Can you build an authentication system on OS?
From: "Tim O'Reilly" <>
Date: Sun, 08 Jul 2001 21:32:42 -0700

I'm realy glad to see this discussion here.  I agree completely that we
need a decentralized authentication system if we want to head off
Microsoft's next planned choke point.

Zimran Ahmed wrote:

> Microsoft can only control the network if it
> centralizes authentication infrastructure because in .NET *it matters
> where the authentication comes from.* The reason this is an architectural
> issue is that if authentication data resides at the edges of the network,
> then it does not need to come from one source, so one source (.NET)
> cannot control the authentication infrastructure. While it may be
> possible that .NET could still control the authentication infrastructure
> and keep data at the edges of the network, i cannot see how this could
> happen.

> Because of .NET's authentication infrastructure is centralized, MSFT can
> "control the data" as you say, on top of code that's been liscencsed in
> any way. Open source, closed source, GPL, LGPL, X, BSD, artistic liscense
> etc. etc, if the authentication must come from redmond servers, it does
> not matter how the code is liscensed, nor will that impact how microsoft
> can use that data. Running its .NET authentication servers on Apache does
> not impact the rates MSFT charges merchants for credit card verification,
> nor its policy selling personal data to third parties.
> zimran

Tim O'Reilly @ O'Reilly & Associates, Inc.
101 Morris Street, Sebastopol, CA 95472
+1 707-829-0515, FAX +1 707-829-0104,