Subject: Re: Q: Can you build an authentication system on OS?
From: Shiraz Kanga <>
Date: Mon, 9 Jul 2001 13:55:05 -0700 (PDT)

--- Zimran Ahmed <> wrote:
> >So your main concern is a users authentication
> >information. I would generalize that to include any
> >data. Now if MS controls this data it does not
> matter
> >whether it is stored in one central location or on
> the
> >client PC's in some form of a distributed database.
> agreed. I think we are saying the same thing though.
> Microsoft is moving 
> from a liscensing model that controls software
> products, to an 
> authentication model that controls software services
> (this is what I 
> refer to as "controlling the network", and I believe
> you call 
> "controlling the data.") 

I'm not sure of it but if we are saying the same thing

then do you agree that how such data can be used
be regulated by a public license?

>Microsoft can only control
> the network if it 
> centralizes authentication infrastructure because in
> .NET *it matters 
> where the authentication comes from.* The reason
> this is an architectural 
> issue is that if authentication data resides at the
> edges of the network, 
> then it does not need to come from one source, so
> one source (.NET) 
> cannot control the authentication infrastructure.
> While it may be 
> possible that .NET could still control the
> authentication infrastructure 
> and keep data at the edges of the network, i cannot
> see how this could 
> happen.

Here's how. There are probably many ways here is one 
example. In a traditional database data is still in
files on the file system. Imagine that each of these
data files resides on a client PC instead of the
central server. Now whenever the central database is
queried it looks up the appropriate "file" on a remote
PC and gets what it needs.

And yet another way to do it. Think Freenet. Say I 
decided to use it as an authentication database. The
data would definitely reside at the edge of the 
network. Still the data comes from one source i.e. the
freenet system but it is a distributed database. 

Also look at Novell's NDS. It does EXACTLY this. There

is no central NDS server. It is indeed a distributed
db for authentication information.

So there are MANY architectures. But I dont care about

them. I only care how the data is used. Not where it
is stored or which pipes it travels through, etc.

> >Sorry to sound like a broken record but I'd say
> that
> >MS cares about controlling the data - not the code!
> i say "controlling the network" (by controlling
> access to the data 
> through authorization infrastructure), you say
> "controlling the data. I 
> think we mean the same thing.

I'm not sure we are talking about the same thing.
Think about oil pipes. You are saying that if someone
(Eg: MS) owns designs and develops the pipes and
therefore they get to choose how the oil flowing
through them gets used. 

What I'm saying is that it's not their oil and so they

should not get to decide how if is used. 

And if we we do not like the MS pipes (i.e. they leak)

or if their usage fees are too high then we can build 
our own piping infrastructure to carry that oil. The 
architectural issues deal with where the oil is stored

and how the pipes are used. I do not care about that. 
All I care about is how the oil gets used.

> Because of .NET's authentication infrastructure is
> centralized, MSFT can 
> "control the data" as you say, on top of code that's
> been liscencsed in 
> any way. Open source, closed source, GPL, LGPL, X,
> BSD, artistic liscense 
> etc. etc, if the authentication must come from
> redmond servers, it does 
> not matter how the code is liscensed, nor will that
> impact how microsoft 
> can use that data. Running its .NET authentication
> servers on Apache does 
> not impact the rates MSFT charges merchants for
> credit card verification, 
> nor its policy selling personal data to third
> parties.
Agreed. But thats exactly the problem. MSFT can do 
whatever they want with public data because the public

isnt given any choice. We need to say to the public 
that if they use this other system their data will be 
free to them in perpetuity.

This is the exact problem a "free data" license would 
attempt to address.

Thanks for the spirited debate.


Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail