Subject: Re: authentication systems (.NET, .GNU): Its the desktop, dummy.
From: Tom Lord <lord@regexps.com>
Date: Thu, 13 Sep 2001 05:48:18 -0700 (PDT)


If open source advocates win the distributed/centralized auth service
battle, they will still have lost the war by wasting effort
legitimizing web standards that are being created simply to advance
MS's proprietary software business models.

Passport is being promoted to fill a much larger role than "web
wallet".  If I understand correctly, Passport is also intended to act
as a sort of key manager to enforce per-user licensing of MS software.

I was correct when I said that FSBs and open source projects should be
ignoring .NET (except for advocating against it) and concentrating on
breaking up the MS desktop monopoly.  I was correct when I said that
emulating the army-of-programmers architecture of MS desktop software
is not a good approach to building open source desktop software.

My specific response to Passport technology, however, completely
missed the mark:

Ian wrote:
	I believe it would be clearly beneficial to have a single
        secure authentication system, one which permitted a single
        password for a limited number of roles, one in which each site
        which used the authentication system clearly stated in a
        verifiable manner which items of information that site would
	use, and one which permitted easy use of stored credit card
        information without having the credit card information stored
        in many locations around the net.
 
        [....] I think that Passport has a clear role in the
        marketplace.


I wrote:
	[A not very good implementation suggestion for accomplishing
	 those goals without an auth. service.]
	

Ian wrote:
       I think that once you get to on-line data storage, what you have
       described is more work than an authentication service.

For that, and other reasons, you're right.  My specific suggestion
missed the mark.  That's ok, though -- we have proof by existence that
authentication systems that fit your requirements can be built using
existing web standards (various on-line "wallets", for example).

My larger point was that there is no good reason for open source
projects to be chasing .NET standards, and indeed, good reasons for
them not to.  The fact that we already have all the technology we need
for on-line wallets is evidence in favor of that -- the role you cited
for Passport has already been filled.

-t