Re: Passport, Magazines of Failure.

[miah <jjohnson () sunrise-linux com>]

There is also MyUID. www.myuid.com.  Looks like SXIP is much further
ahead though.

-miah

On Fri, Dec 31, 2004 at 05:56:24PM +0100, pete wrote:
> Have you seen SXIP? https://sxip.org/
>
> It seems to be what Passport wanted to and it's open and growing. 
> ISECOM will be implementing it by Q2 2005 to coordinate authentication 
> for all the Hacker Highschool teachers using our test network.  We will 
> also later provide it freely to partners, team members, and contributers 
> to use for most any authentication needs on the web.
>
> I think it's a good idea-- at least it solves our needs.
>
> -pete.
>
>
> Dave Aitel wrote:
> > I think it's interesting to see that Passport failed.
> http://seattletimes.nwsource.com/html/businesstechnology/2002136272_passport31.html 
>
> > It seemed like a good idea at the time, I'm sure. All the VC's I knew
> > were telling me about it's "compelling offering" and extremely excited
> > about it. Yet my sources on internal to Microsoft felt it was a bit
> > kludgy. On the other hand, everyone at MS loves Palladium (NGSCB), and
> > it's possible we'll see a relaunch of "Passport" when we see Longhorn.
> > Because with hardware tokens, we really can authenticate users as
> > individuals, and Gates is already talking about how people should stop
> > using passwords...
> >
> > But I still think Passport was a good idea. Authentication is hard. It's
> > a pain in the ass, and that means it's expensive. In fact, a lot of the
> > gibberish that goes into doing a real portal is hard. I don't want to
> > maintain a huge database just to hold user data. Why can't all the tiny
> > companies like me offload it onto a trusted third party like Microsoft?
> > I guess the small companies don't have 10K to spend on it. And Microsoft
> > doesn't want to do it for free, or for regulatory reasons can't just
> > offer it to every Tom, Dick, and Harry on the interweb.
> >
> > But that doesn't mean the whole idea has to die. The OpenSource
> > community should take it as a mandate to fill the void. We won't though,
> > I'm sure. Much like Bush can't really move a carrier group onto the
> > shores of Indonesia as floating hospitals and aide stations, the OS
> > community can't tackle something this politically complex this quickly.
> >
> > Anyways, I meant to make fun of Chris Wysopal/Weld's netcat overflow,
> > but not in a mean way. So consider that done, please. Weld was head of
> > R&D over at @stake, and I hear he still runs SRA. I think it's extremely
> > funny how much money has gone into SRA, Fortify, and the rest of the
> > source/binary analysis products and how amazingly nothing they all have
> > to show for it. You KNOW that if any of them actually had a product that
> > could produce any kind of results, it would be "Samba bug of the day"
> > month.
> >
> > It's interesting because you can see the VC money pouring into these
> > companies, and you can imagine the meetings they're having a few years
> > later when it turns out they completely misjudged how hard the problem
> > was. I notice Fortify now has a "Attack Simulation" software. Some sort
> > of customized debugger, I have to guess. Maybe eventually they'll build
> > a fuzzer into it. They have 3 more years until the 5-year "VC wants
> > money back" mark comes up and bites them on the ass, so it'll be
> > interesting to see.
> >
> > At least Fortify is still trying though. Check out this sample from
> > Cigital:
> > "Cigital offers enterprise-level software development process
> > improvement programs that leverage SQM while increasing productivity on
> > current and future projects."
> >
> > Someone needs to fire their Marketing VP. Compare and contrast these
> > self-serving "magazines": http://www.sqmmagazine.com/ versus.
> > http://www.sbq.com/. There must have been an article in the Harvard
> > Business Review that mentioned starting your own trade magazine as
> > something for floundering start-ups to do. Then, of course, the
> > inevitable "all-electronic" format failure message looks real good on
> > the website.
> >
> > Anyways, happy new years everyone! May next year's worms be more
> > interesting than last years!
> >
> > -dave
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Dailydave mailing list
> > Dailydave () lists immunitysec com
> > https://lists.immunitysec.com/mailman/listinfo/dailydave
>
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> https://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave