Re: Passport, Magazines of Failure.

[pete <lists () isecom org>]

Have you seen SXIP? https://sxip.org/

It seems to be what Passport wanted to and it's open and growing. 
ISECOM will be implementing it by Q2 2005 to coordinate authentication 
for all the Hacker Highschool teachers using our test network.  We will 
also later provide it freely to partners, team members, and contributers 
to use for most any authentication needs on the web.

I think it's a good idea-- at least it solves our needs.

-pete.


Dave Aitel wrote:
> I think it's interesting to see that Passport failed.
> 
http://seattletimes.nwsource.com/html/businesstechnology/2002136272_passport31.html 

>
>
> It seemed like a good idea at the time, I'm sure. All the VC's I knew
> were telling me about it's "compelling offering" and extremely excited
> about it. Yet my sources on internal to Microsoft felt it was a bit
> kludgy. On the other hand, everyone at MS loves Palladium (NGSCB), and
> it's possible we'll see a relaunch of "Passport" when we see Longhorn.
> Because with hardware tokens, we really can authenticate users as
> individuals, and Gates is already talking about how people should stop
> using passwords...
>
> But I still think Passport was a good idea. Authentication is hard. It's
> a pain in the ass, and that means it's expensive. In fact, a lot of the
> gibberish that goes into doing a real portal is hard. I don't want to
> maintain a huge database just to hold user data. Why can't all the tiny
> companies like me offload it onto a trusted third party like Microsoft?
> I guess the small companies don't have 10K to spend on it. And Microsoft
> doesn't want to do it for free, or for regulatory reasons can't just
> offer it to every Tom, Dick, and Harry on the interweb.
>
> But that doesn't mean the whole idea has to die. The OpenSource
> community should take it as a mandate to fill the void. We won't though,
> I'm sure. Much like Bush can't really move a carrier group onto the
> shores of Indonesia as floating hospitals and aide stations, the OS
> community can't tackle something this politically complex this quickly.
>
> Anyways, I meant to make fun of Chris Wysopal/Weld's netcat overflow,
> but not in a mean way. So consider that done, please. Weld was head of
> R&D over at @stake, and I hear he still runs SRA. I think it's extremely
> funny how much money has gone into SRA, Fortify, and the rest of the
> source/binary analysis products and how amazingly nothing they all have
> to show for it. You KNOW that if any of them actually had a product that
> could produce any kind of results, it would be "Samba bug of the day"
> month.
>
> It's interesting because you can see the VC money pouring into these
> companies, and you can imagine the meetings they're having a few years
> later when it turns out they completely misjudged how hard the problem
> was. I notice Fortify now has a "Attack Simulation" software. Some sort
> of customized debugger, I have to guess. Maybe eventually they'll build
> a fuzzer into it. They have 3 more years until the 5-year "VC wants
> money back" mark comes up and bites them on the ass, so it'll be
> interesting to see.
>
> At least Fortify is still trying though. Check out this sample from
> Cigital:
> "Cigital offers enterprise-level software development process
> improvement programs that leverage SQM while increasing productivity on
> current and future projects."
>
> Someone needs to fire their Marketing VP. Compare and contrast these
> self-serving "magazines": http://www.sqmmagazine.com/ versus.
> http://www.sbq.com/. There must have been an article in the Harvard
> Business Review that mentioned starting your own trade magazine as
> something for floundering start-ups to do. Then, of course, the
> inevitable "all-electronic" format failure message looks real good on
> the website.
>
> Anyways, happy new years everyone! May next year's worms be more
> interesting than last years!
>
> -dave
>
>
>
>
>
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> https://lists.immunitysec.com/mailman/listinfo/dailydave
>
>
>



_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave