Loading ...
Sorry, an error occurred while loading the content.

Good news for decentralization?

Expand Messages
  • Dave Winer
    David Coursey [1]: Microsoft says it wants Passport and Hailstorm, its foundation services for Web-based applications, to play well with others. So in a
    Message 1 of 20 , Sep 20, 2001
    • 0 Attachment
      David Coursey [1]: "Microsoft says it wants Passport and Hailstorm, its
      foundation services for Web-based applications, to play well with others. So
      in a shocking move, the company is announcing today that Passport will be
      changed to use an Internet-standard security model and Hailstorm won't be
      the only place for users to store their personal information."

      NY Times [2]: "Microsoft says its software must operate with other kinds of
      online authentication software if Internet commerce is to develop rapidly.
      Microsoft executives said they wanted to avoid a rerun of the early days of
      automated teller machines, before common standards and a sense of trust,
      when each major bank had its own stand-alone network."

      WSJ [3]: "Microsoft says its software must operate with other kinds of
      online authentication software if Internet commerce is to develop rapidly.
      Microsoft executives said they wanted to avoid a rerun of the early days of
      automated teller machines, before common standards and a sense of trust,
      when each major bank had its own stand-alone network."

      [1] http://www.zdnet.com/anchordesk/stories/story/0,10738,2813501,00.html
      [2] http://www.nytimes.com/2001/09/20/technology/20SOFT.html
      [3] http://www.msnbc.com/news/631517.asp
    • Lucas Gonze
      Questions for Dave Stutz: Dave -- Is this just a formalization of the policy you mentioned way back when, that Kerberos federations were a possibility? How
      Message 2 of 20 , Sep 20, 2001
      • 0 Attachment
        Questions for Dave Stutz:

        Dave --

        Is this just a formalization of the policy you mentioned way back when, that
        Kerberos federations were a possibility?

        How large does a node how to be to be a federation member? Can an ISP join?
        Can paranoid individuals with an always-on home connection join?

        - Lucas

        > From: Dave Winer [mailto:dave@...]
        > NY Times [2]: "Microsoft says its software must operate with other kinds of
        > online authentication software if Internet commerce is to develop rapidly.
        > Microsoft executives said they wanted to avoid a rerun of the early days of
        > automated teller machines, before common standards and a sense of trust,
        > when each major bank had its own stand-alone network."
      • Dave Winer
        BTW, I m doing a conf call with Microsoft people at 11AM. If people have questions, let me know. I want to figure out what this means too. Dave ... From:
        Message 3 of 20 , Sep 20, 2001
        • 0 Attachment
          BTW, I'm doing a conf call with Microsoft people at 11AM. If people have
          questions, let me know. I want to figure out what this means too. Dave


          ----- Original Message -----
          From: "Lucas Gonze" <lucas@...>
          To: <decentralization@yahoogroups.com>
          Sent: Thursday, September 20, 2001 9:22 AM
          Subject: RE: [decentralization] Good news for decentralization?


          > Questions for Dave Stutz:
          >
          > Dave --
          >
          > Is this just a formalization of the policy you mentioned way back when,
          that
          > Kerberos federations were a possibility?
          >
          > How large does a node how to be to be a federation member? Can an ISP
          join?
          > Can paranoid individuals with an always-on home connection join?
          >
          > - Lucas
          >
          > > From: Dave Winer [mailto:dave@...]
          > > NY Times [2]: "Microsoft says its software must operate with other kinds
          of
          > > online authentication software if Internet commerce is to develop
          rapidly.
          > > Microsoft executives said they wanted to avoid a rerun of the early days
          of
          > > automated teller machines, before common standards and a sense of trust,
          > > when each major bank had its own stand-alone network."
          >
          >
          > To unsubscribe from this group, send an email to:
          > decentralization-unsubscribe@egroups.com
          >
          >
          >
          > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
          >
          >
        • Julian Bond
          In article , Dave Winer writes ... Has anything actually changed or is this just PR spin? They
          Message 4 of 20 , Sep 20, 2001
          • 0 Attachment
            In article <0b7f01c141f2$8e990a90$33a1dc40@murphy>, Dave Winer
            <dave@...> writes
            >BTW, I'm doing a conf call with Microsoft people at 11AM. If people have
            >questions, let me know. I want to figure out what this means too. Dave

            Has anything actually changed or is this just PR spin? They always were
            using Kerboros, weren't they? Just Microsoft's version of it with the MS
            only extensions.

            --
            Julian Bond email: julian_bond@...
            CV/Resume: http://www.voidstar.com/cv/
            WebLog: http://www.voidstar.com/
            HomeURL: http://www.shockwav.demon.co.uk/
            M: +44 (0)77 5907 2173 T: +44 (0)192 0412 433
            ICQ:33679568 tag:So many words, so little time
          • Dave Winer
            I ve listed my questions on Scripting News: http://scriptingnews.userland.com/backissues/2001/09/20 My key question will be user choice and developer lock-in.
            Message 5 of 20 , Sep 20, 2001
            • 0 Attachment
              I've listed my questions on Scripting News:

              http://scriptingnews.userland.com/backissues/2001/09/20

              "My key question will be user choice and developer lock-in. Will I be able
              to connect to Microsoft's users without running any Microsoft software on my
              end. Will users have choice? Will they be able to completely replace
              Microsoft's server with mine? Does my system have to support UDDI and WSDL,
              or is SOAP enough? Does Microsoft have any patents in this area which might
              limit competition? In general, how much opportunity is there for
              competition, and what assurances do we have that Microsoft won't change the
              basic behavior later, as they did with Smart Tags?"

              Dave


              ----- Original Message -----
              From: "Dave Winer" <dave@...>
              To: <decentralization@yahoogroups.com>
              Sent: Thursday, September 20, 2001 9:37 AM
              Subject: Re: [decentralization] Good news for decentralization?


              > BTW, I'm doing a conf call with Microsoft people at 11AM. If people have
              > questions, let me know. I want to figure out what this means too. Dave
              >
              >
              > ----- Original Message -----
              > From: "Lucas Gonze" <lucas@...>
              > To: <decentralization@yahoogroups.com>
              > Sent: Thursday, September 20, 2001 9:22 AM
              > Subject: RE: [decentralization] Good news for decentralization?
              >
              >
              > > Questions for Dave Stutz:
              > >
              > > Dave --
              > >
              > > Is this just a formalization of the policy you mentioned way back when,
              > that
              > > Kerberos federations were a possibility?
              > >
              > > How large does a node how to be to be a federation member? Can an ISP
              > join?
              > > Can paranoid individuals with an always-on home connection join?
              > >
              > > - Lucas
              > >
              > > > From: Dave Winer [mailto:dave@...]
              > > > NY Times [2]: "Microsoft says its software must operate with other
              kinds
              > of
              > > > online authentication software if Internet commerce is to develop
              > rapidly.
              > > > Microsoft executives said they wanted to avoid a rerun of the early
              days
              > of
              > > > automated teller machines, before common standards and a sense of
              trust,
              > > > when each major bank had its own stand-alone network."
              > >
              > >
              > > To unsubscribe from this group, send an email to:
              > > decentralization-unsubscribe@egroups.com
              > >
              > >
              > >
              > > Your use of Yahoo! Groups is subject to
              http://docs.yahoo.com/info/terms/
              > >
              > >
              >
              >
              > To unsubscribe from this group, send an email to:
              > decentralization-unsubscribe@egroups.com
              >
              >
              >
              > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
              >
              >
            • Michael Herman (Parallelspace)
              Previously, I ve mentioned a couple solutions for decentralizing the Decentralization e-mail list (in the context of the Decentralized Decentralization
              Message 6 of 20 , Sep 20, 2001
              • 0 Attachment
                Previously, I've mentioned a couple solutions for decentralizing the
                Decentralization e-mail list (in the context of the Decentralized
                Decentralization Discussion Groove share space).

                A couple more scenarios have surfaced (Groove-based) and I've
                highlighted these in a new technical note. Valuable if you're
                interested in getting a better understanding of Groove from an
                architectural perspective.

                Checkout http://www.parallelspace.net/ddd/default.htm

                Cheers,
                Michael Herman
                CTO, Parallelspace Corporation
                http://www.parallelspace.net/
              • Todd Boyle
                The Seattle Times report this morning was PRIVACY CONCERNS TRIGGER CHANGES IN MICROSOFTS PASSPORT SERVICE Microsoft is broadening its Passport
                Message 7 of 20 , Sep 20, 2001
                • 0 Attachment
                  The Seattle Times report this morning was

                  PRIVACY CONCERNS TRIGGER CHANGES IN MICROSOFTS PASSPORT SERVICE

                  Microsoft is broadening its Passport Internet-identificaiton service to
                  give coproations more control over hteir user acounts, a move the largest
                  software maker hopes will ease concerns about privacy.

                  Microsoft has come under fire for Pasport, a program that lets users store
                  personal data and avoid rekeying it on partner websites. Some privacy
                  advocates have balked at the idea of Microsoft becomeing a central
                  repository of information such as credit card numbers, ages, and addresses.

                  Microsoft now wants to create an "Internet Trust Network" in whihc
                  corporatinos and online srvcs providers will be able tous hteir own login
                  systems to allow pwople access to passport services, said M$ VP Brian
                  Arbogast. The companies may then use the system to share data. The moves
                  are designed to give businesese more control over security, said Ken
                  Smiley, a senior industry analyst at giga information group.

                  Some (corporate) customers said 'We don't want to put all our trust in
                  Microsoft to do this securely" Smiley said. 'Their record on security
                  certainly isnt stellar'

                  Earlier this year hackers managed to shut down some Microsoft servers by
                  flooding them with messages, leading to outages in services such as MSN
                  instant messaging. Hackers also broke into Microsoft's internal network
                  for almost two weeks last October.


                  Sory for the Typose
                  TOdd


                  At 10:24 AM 9/20/01, you wrote:
                  >I've listed my questions on Scripting News:
                  >
                  >http://scriptingnews.userland.com/backissues/2001/09/20
                  >
                  >"My key question will be user choice and developer lock-in. Will I be able
                  >to connect to Microsoft's users without running any Microsoft software on my
                  >end. Will users have choice? Will they be able to completely replace
                  >Microsoft's server with mine? Does my system have to support UDDI and WSDL,
                  >or is SOAP enough? Does Microsoft have any patents in this area which might
                  >limit competition? In general, how much opportunity is there for
                  >competition, and what assurances do we have that Microsoft won't change the
                  >basic behavior later, as they did with Smart Tags?"
                  >
                  >Dave
                  >
                  >
                  >----- Original Message -----
                  >From: "Dave Winer" <dave@...>
                  >To: <decentralization@yahoogroups.com>
                  >Sent: Thursday, September 20, 2001 9:37 AM
                  >Subject: Re: [decentralization] Good news for decentralization?
                  >
                  >
                  > > BTW, I'm doing a conf call with Microsoft people at 11AM. If people have
                  > > questions, let me know. I want to figure out what this means too. Dave
                  > >
                  > >
                  > > ----- Original Message -----
                  > > From: "Lucas Gonze" <lucas@...>
                  > > To: <decentralization@yahoogroups.com>
                  > > Sent: Thursday, September 20, 2001 9:22 AM
                  > > Subject: RE: [decentralization] Good news for decentralization?
                  > >
                  > >
                  > > > Questions for Dave Stutz:
                  > > >
                  > > > Dave --
                  > > >
                  > > > Is this just a formalization of the policy you mentioned way back when,
                  > > that
                  > > > Kerberos federations were a possibility?
                  > > >
                  > > > How large does a node how to be to be a federation member? Can an ISP
                  > > join?
                  > > > Can paranoid individuals with an always-on home connection join?
                  > > >
                  > > > - Lucas
                  > > >
                  > > > > From: Dave Winer [mailto:dave@...]
                  > > > > NY Times [2]: "Microsoft says its software must operate with other
                  >kinds
                  > > of
                  > > > > online authentication software if Internet commerce is to develop
                  > > rapidly.
                  > > > > Microsoft executives said they wanted to avoid a rerun of the early
                  >days
                  > > of
                  > > > > automated teller machines, before common standards and a sense of
                  >trust,
                  > > > > when each major bank had its own stand-alone network."
                  > > >
                  > > >
                  > > > To unsubscribe from this group, send an email to:
                  > > > decentralization-unsubscribe@egroups.com
                  > > >
                  > > >
                  > > >
                  > > > Your use of Yahoo! Groups is subject to
                  >http://docs.yahoo.com/info/terms/
                  > > >
                  > > >
                  > >
                  > >
                  > > To unsubscribe from this group, send an email to:
                  > > decentralization-unsubscribe@egroups.com
                  > >
                  > >
                  > >
                  > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
                  > >
                  > >
                  >
                  >
                  >To unsubscribe from this group, send an email to:
                  >decentralization-unsubscribe@egroups.com
                  >
                  >
                  >
                  >Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
                • rahul@reno.cis.upenn.edu
                  Here s my guess, without knowing anything. (a) Federation was always built into the system. The idea was to sell Exchange servers with federation capability.
                  Message 8 of 20 , Sep 20, 2001
                  • 0 Attachment
                    Here's my guess, without knowing anything.

                    (a) Federation was always built into the system. The idea was to sell
                    Exchange servers with federation capability. In other words, companies
                    can also do Hailstorm, but they must use our servers..
                    (b) Now they are opening that up further, to allow, say, a pure java
                    implementation of a hailstorm server to interop with an exchange server.
                    Perhaps they feel they will be able to sell enough exchange servers anyway.
                    I think they will retain control of the schema through trademarks and
                    patents though, so that ther can remain the setter of the standards ( a key
                    strategic advantage that billg understands, according to David Banks book
                    anyway..its interesting how I am filtering quite a few of my thoughts on
                    what MS is upto through this bk..)
                    Rahul
                    >
                    > Questions for Dave Stutz:
                    >
                    > Dave --
                    >
                    > Is this just a formalization of the policy you mentioned way back when, that
                    > Kerberos federations were a possibility?
                    >
                    > How large does a node how to be to be a federation member? Can an ISP join?
                    > Can paranoid individuals with an always-on home connection join?
                    >
                    > - Lucas
                    >
                    > > From: Dave Winer [mailto:dave@...]
                    > > NY Times [2]: "Microsoft says its software must operate with other kinds of
                    > > online authentication software if Internet commerce is to develop rapidly.
                    > > Microsoft executives said they wanted to avoid a rerun of the early days of
                    > > automated teller machines, before common standards and a sense of trust,
                    > > when each major bank had its own stand-alone network."
                    >
                    >
                    > To unsubscribe from this group, send an email to:
                    > decentralization-unsubscribe@egroups.com
                    >
                    >
                    >
                    > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
                    >
                    >
                  • Patrick Phalen
                    ... what book?
                    Message 9 of 20 , Sep 20, 2001
                    • 0 Attachment
                      On Thursday 20 September 2001 11:27, you wrote:

                      > strategic advantage that billg understands, according to David Banks book
                      > anyway..its interesting how I am filtering quite a few of my thoughts on
                      > what MS is upto through this bk..)

                      what book?
                    • Brian Behlendorf
                      Don t forget to ask about people running *other* profile servers, again without Microsoft software. It s not just about the profile-based service providers,
                      Message 10 of 20 , Sep 20, 2001
                      • 0 Attachment
                        Don't forget to ask about people running *other* profile servers, again
                        without Microsoft software. It's not just about the profile-based service
                        providers, but about independent user databases as well.

                        Ask about what barriers will exist to implementing any required
                        client-side in Mozilla.

                        Brian

                        On Thu, 20 Sep 2001, Dave Winer wrote:
                        > I've listed my questions on Scripting News:
                        >
                        > http://scriptingnews.userland.com/backissues/2001/09/20
                        >
                        > "My key question will be user choice and developer lock-in. Will I be able
                        > to connect to Microsoft's users without running any Microsoft software on my
                        > end. Will users have choice? Will they be able to completely replace
                        > Microsoft's server with mine? Does my system have to support UDDI and WSDL,
                        > or is SOAP enough? Does Microsoft have any patents in this area which might
                        > limit competition? In general, how much opportunity is there for
                        > competition, and what assurances do we have that Microsoft won't change the
                        > basic behavior later, as they did with Smart Tags?"
                        >
                        > Dave
                        >
                        >
                        > ----- Original Message -----
                        > From: "Dave Winer" <dave@...>
                        > To: <decentralization@yahoogroups.com>
                        > Sent: Thursday, September 20, 2001 9:37 AM
                        > Subject: Re: [decentralization] Good news for decentralization?
                        >
                        >
                        > > BTW, I'm doing a conf call with Microsoft people at 11AM. If people have
                        > > questions, let me know. I want to figure out what this means too. Dave
                        > >
                        > >
                        > > ----- Original Message -----
                        > > From: "Lucas Gonze" <lucas@...>
                        > > To: <decentralization@yahoogroups.com>
                        > > Sent: Thursday, September 20, 2001 9:22 AM
                        > > Subject: RE: [decentralization] Good news for decentralization?
                        > >
                        > >
                        > > > Questions for Dave Stutz:
                        > > >
                        > > > Dave --
                        > > >
                        > > > Is this just a formalization of the policy you mentioned way back when,
                        > > that
                        > > > Kerberos federations were a possibility?
                        > > >
                        > > > How large does a node how to be to be a federation member? Can an ISP
                        > > join?
                        > > > Can paranoid individuals with an always-on home connection join?
                        > > >
                        > > > - Lucas
                        > > >
                        > > > > From: Dave Winer [mailto:dave@...]
                        > > > > NY Times [2]: "Microsoft says its software must operate with other
                        > kinds
                        > > of
                        > > > > online authentication software if Internet commerce is to develop
                        > > rapidly.
                        > > > > Microsoft executives said they wanted to avoid a rerun of the early
                        > days
                        > > of
                        > > > > automated teller machines, before common standards and a sense of
                        > trust,
                        > > > > when each major bank had its own stand-alone network."
                        > > >
                        > > >
                        > > > To unsubscribe from this group, send an email to:
                        > > > decentralization-unsubscribe@egroups.com
                        > > >
                        > > >
                        > > >
                        > > > Your use of Yahoo! Groups is subject to
                        > http://docs.yahoo.com/info/terms/
                        > > >
                        > > >
                        > >
                        > >
                        > > To unsubscribe from this group, send an email to:
                        > > decentralization-unsubscribe@egroups.com
                        > >
                        > >
                        > >
                        > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
                        > >
                        > >
                        >
                        >
                        > To unsubscribe from this group, send an email to:
                        > decentralization-unsubscribe@egroups.com
                        >
                        >
                        >
                        > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
                        >
                        >

                        --
                        -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
                        CollabNet | open source | do what's right
                      • rahul@reno.cis.upenn.edu
                        Breaking Windows: How Bill Gates Fumbled the Future of Microsoft by David Bank Free Press; ISBN: 0743203151 I messed up his last name, its Bank, not Banks..
                        Message 11 of 20 , Sep 20, 2001
                        • 0 Attachment
                          Breaking Windows: How Bill Gates Fumbled the Future of Microsoft
                          by David Bank
                          Free Press; ISBN: 0743203151

                          I messed up his last name, its Bank, not Banks..
                          Rahul
                          >
                          > On Thursday 20 September 2001 11:27, you wrote:
                          >
                          > > strategic advantage that billg understands, according to David Banks book
                          > > anyway..its interesting how I am filtering quite a few of my thoughts on
                          > > what MS is upto through this bk..)
                          >
                          > what book?
                          >
                          > To unsubscribe from this group, send an email to:
                          > decentralization-unsubscribe@egroups.com
                          >
                          >
                          >
                          > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
                          >
                          >
                        • Dave Winer
                          I just got off the phone with Chris Payne and Hal Howard from Microsoft, and think I can clarify. Today s announcement is about Kerberos only. They said that
                          Message 12 of 20 , Sep 20, 2001
                          • 0 Attachment
                            I just got off the phone with Chris Payne and Hal Howard from Microsoft, and
                            think I can clarify.

                            Today's announcement is about Kerberos only. They said that at this level
                            their system is open, meaning that users can choose a different server from
                            Microsoft's to manage their identity.

                            Higher level issues, schema for user data, and protocols for connecting
                            desktop apps to clouds are not being discussed now; however they said that
                            they would be released with a similar philosophy.

                            They may have patents, and if they have them they will use them.

                            WSDL, UDDI and SOAP are the underpinnings of the next level(s) up.

                            We had a long wide-ranging discussion of what open means, and what level of
                            choice will be necessary for independent developers to be willing to invest
                            in Microsoft's new platform.

                            Happy to answer questions if I have the info.

                            Dave
                          • Dave Winer
                            Sorry I didn t get this until after the call. To your first question, it appears that s not a problem because they re using Kerberos, which is (they say)
                            Message 13 of 20 , Sep 20, 2001
                            • 0 Attachment
                              Sorry I didn't get this until after the call.

                              To your first question, it appears that's not a problem because they're
                              using Kerberos, which is (they say) interoperable and available in lots of
                              server environments.

                              To the latter question, they would probably ask if Mozilla supports
                              Kerberos.

                              Dave


                              ----- Original Message -----
                              From: "Brian Behlendorf" <brian@...>
                              To: <decentralization@yahoogroups.com>
                              Sent: Thursday, September 20, 2001 11:49 AM
                              Subject: Re: [decentralization] Good news for decentralization?


                              >
                              > Don't forget to ask about people running *other* profile servers, again
                              > without Microsoft software. It's not just about the profile-based service
                              > providers, but about independent user databases as well.
                              >
                              > Ask about what barriers will exist to implementing any required
                              > client-side in Mozilla.
                              >
                              > Brian
                              >
                              > On Thu, 20 Sep 2001, Dave Winer wrote:
                              > > I've listed my questions on Scripting News:
                              > >
                              > > http://scriptingnews.userland.com/backissues/2001/09/20
                              > >
                              > > "My key question will be user choice and developer lock-in. Will I be
                              able
                              > > to connect to Microsoft's users without running any Microsoft software
                              on my
                              > > end. Will users have choice? Will they be able to completely replace
                              > > Microsoft's server with mine? Does my system have to support UDDI and
                              WSDL,
                              > > or is SOAP enough? Does Microsoft have any patents in this area which
                              might
                              > > limit competition? In general, how much opportunity is there for
                              > > competition, and what assurances do we have that Microsoft won't change
                              the
                              > > basic behavior later, as they did with Smart Tags?"
                              > >
                              > > Dave
                              > >
                              > >
                              > > ----- Original Message -----
                              > > From: "Dave Winer" <dave@...>
                              > > To: <decentralization@yahoogroups.com>
                              > > Sent: Thursday, September 20, 2001 9:37 AM
                              > > Subject: Re: [decentralization] Good news for decentralization?
                              > >
                              > >
                              > > > BTW, I'm doing a conf call with Microsoft people at 11AM. If people
                              have
                              > > > questions, let me know. I want to figure out what this means too. Dave
                              > > >
                              > > >
                              > > > ----- Original Message -----
                              > > > From: "Lucas Gonze" <lucas@...>
                              > > > To: <decentralization@yahoogroups.com>
                              > > > Sent: Thursday, September 20, 2001 9:22 AM
                              > > > Subject: RE: [decentralization] Good news for decentralization?
                              > > >
                              > > >
                              > > > > Questions for Dave Stutz:
                              > > > >
                              > > > > Dave --
                              > > > >
                              > > > > Is this just a formalization of the policy you mentioned way back
                              when,
                              > > > that
                              > > > > Kerberos federations were a possibility?
                              > > > >
                              > > > > How large does a node how to be to be a federation member? Can an
                              ISP
                              > > > join?
                              > > > > Can paranoid individuals with an always-on home connection join?
                              > > > >
                              > > > > - Lucas
                              > > > >
                              > > > > > From: Dave Winer [mailto:dave@...]
                              > > > > > NY Times [2]: "Microsoft says its software must operate with other
                              > > kinds
                              > > > of
                              > > > > > online authentication software if Internet commerce is to develop
                              > > > rapidly.
                              > > > > > Microsoft executives said they wanted to avoid a rerun of the
                              early
                              > > days
                              > > > of
                              > > > > > automated teller machines, before common standards and a sense of
                              > > trust,
                              > > > > > when each major bank had its own stand-alone network."
                              > > > >
                              > > > >
                              > > > > To unsubscribe from this group, send an email to:
                              > > > > decentralization-unsubscribe@egroups.com
                              > > > >
                              > > > >
                              > > > >
                              > > > > Your use of Yahoo! Groups is subject to
                              > > http://docs.yahoo.com/info/terms/
                              > > > >
                              > > > >
                              > > >
                              > > >
                              > > > To unsubscribe from this group, send an email to:
                              > > > decentralization-unsubscribe@egroups.com
                              > > >
                              > > >
                              > > >
                              > > > Your use of Yahoo! Groups is subject to
                              http://docs.yahoo.com/info/terms/
                              > > >
                              > > >
                              > >
                              > >
                              > > To unsubscribe from this group, send an email to:
                              > > decentralization-unsubscribe@egroups.com
                              > >
                              > >
                              > >
                              > > Your use of Yahoo! Groups is subject to
                              http://docs.yahoo.com/info/terms/
                              > >
                              > >
                              >
                              > --
                              > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
                              > CollabNet | open source | do what's right
                              >
                              >
                              >
                              > To unsubscribe from this group, send an email to:
                              > decentralization-unsubscribe@egroups.com
                              >
                              >
                              >
                              > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
                              >
                              >
                            • rahul@reno.cis.upenn.edu
                              ... This may or may not be then useful depending on how they are planning to support GSS-API Tokens (see ftp://ftp.isi.edu/in-notes/rfc1964.txt) over http,
                              Message 14 of 20 , Sep 20, 2001
                              • 0 Attachment
                                >
                                > I just got off the phone with Chris Payne and Hal Howard from Microsoft, and
                                > think I can clarify.
                                >
                                > Today's announcement is about Kerberos only. They said that at this level
                                > their system is open, meaning that users can choose a different server from
                                > Microsoft's to manage their identity.
                                >
                                > Higher level issues, schema for user data, and protocols for connecting
                                > desktop apps to clouds are not being discussed now; however they said that
                                > they would be released with a similar philosophy.
                                >
                                This may or may not be then useful depending on how they are planning to
                                support GSS-API Tokens
                                (see ftp://ftp.isi.edu/in-notes/rfc1964.txt)

                                over http, these tokens being byte size based. The way I understood it was that
                                there would be an XML or http header representation for the GSS-API or direct
                                kerberos constructs, but these are under their control. Presumably the
                                microsoft servers will support GSS over TCP, but thats completely useless
                                to a web developer who wants a HTTP header or XML-SOAP access API.

                                So I remain sceptical about thre being any content at all in today's
                                announcement.
                                Rahul
                              • Wesley Felter
                                ... In other words, if you aren t willing to reuse code, you won t be able to support Kerb5 within the next few years, because it s not nearly as simple as
                                Message 15 of 20 , Sep 20, 2001
                                • 0 Attachment
                                  On Thu, 20 Sep 2001 rahul@... wrote:

                                  > > Today's announcement is about Kerberos only. They said that at this level
                                  > > their system is open, meaning that users can choose a different server from
                                  > > Microsoft's to manage their identity.
                                  >
                                  > This may or may not be then useful depending on how they are planning to
                                  > support GSS-API Tokens
                                  > (see ftp://ftp.isi.edu/in-notes/rfc1964.txt)
                                  >
                                  > over http, these tokens being byte size based. The way I understood it was that
                                  > there would be an XML or http header representation for the GSS-API or direct
                                  > kerberos constructs, but these are under their control. Presumably the
                                  > microsoft servers will support GSS over TCP, but thats completely useless
                                  > to a web developer who wants a HTTP header or XML-SOAP access API.

                                  In other words, if you aren't willing to reuse code, you won't be able to
                                  support Kerb5 within the next few years, because it's not nearly as simple
                                  as HTTP.

                                  Wesley Felter - wesley@... - http://felter.org/wesley/
                                • rahul@reno.cis.upenn.edu
                                  ... Wes, Could you elaborate? One would think that any API supportable over TCP could be supported over HTTP, albeit in a hackneyed way (for example, add a
                                  Message 16 of 20 , Sep 20, 2001
                                  • 0 Attachment
                                    > >
                                    > > This may or may not be then useful depending on how they are planning to
                                    > > support GSS-API Tokens
                                    > > (see ftp://ftp.isi.edu/in-notes/rfc1964.txt)
                                    > >
                                    > > over http, these tokens being byte size based. The way I understood it was that
                                    > > there would be an XML or http header representation for the GSS-API or direct
                                    > > kerberos constructs, but these are under their control. Presumably the
                                    > > microsoft servers will support GSS over TCP, but thats completely useless
                                    > > to a web developer who wants a HTTP header or XML-SOAP access API.
                                    >
                                    > In other words, if you aren't willing to reuse code, you won't be able to
                                    > support Kerb5 within the next few years, because it's not nearly as simple
                                    > as HTTP.
                                    >
                                    > Wesley Felter - wesley@... - http://felter.org/wesley/

                                    Wes,
                                    Could you elaborate? One would think that any API supportable over
                                    TCP could be supported over HTTP, albeit in a hackneyed way (for example,
                                    add a header to identify a structure and 3 headers for each member,
                                    one for encoding/type, one for length, and one for a possibly base64'ed
                                    string representation. Horrible but doable.

                                    On the other hand, kerberos is conceptually very simple..and the basic
                                    aspects could be implemented in cookie like headers and simple SOAP calls.
                                    It wouldnt be kerberos, but something similar. Leaving out the bootstrap
                                    to the initial shared keys (or asymmetric keys if thats how you like it),
                                    you'd need a combined authentication and ticket granting server with
                                    roughly(conceptually) the following API:
                                    authenticate(username, encrypted_authenticator_token(eat))

                                    (eat here encrypted with asymm key, or preagreed symm)
                                    and then

                                    authenticateTo(username, another eat, ticket_granting,ticket,service)

                                    (eat here encrypted with session key to auth server)

                                    The first would return a ticket granting ticket and a session key for the
                                    authserver, locked
                                    by the users permanent key, and
                                    and the second a ticket to the service lokled by the service's key and including a session key for the service, and the seesion key)

                                    And then each service would need to support a getAuth method:

                                    getAuth(username, another eat, service_ticket)

                                    (eat encypted by service specific session key, included in the service ticket)

                                    The implementation needs lot of care, ofcourse, but the idea is simple..
                                    Rahul
                                  • Brian Behlendorf
                                    ... What a bunch of hooey. Do *they* support Kerberos? The answer is no - they support an incompatible technology which happens to share some lineage with
                                    Message 17 of 20 , Sep 20, 2001
                                    • 0 Attachment
                                      On Thu, 20 Sep 2001, Dave Winer wrote:
                                      > To your first question, it appears that's not a problem because they're
                                      > using Kerberos, which is (they say) interoperable and available in lots of
                                      > server environments.
                                      >
                                      > To the latter question, they would probably ask if Mozilla supports
                                      > Kerberos.

                                      What a bunch of hooey. Do *they* support Kerberos? The answer is no -
                                      they support an incompatible technology which happens to share some
                                      lineage with Kerberos, and because no one trademarked the term Kerberos to
                                      protect the standard, they're allowed to abuse the name to give themselves
                                      credit where none is due. The changes they did make are documented, but
                                      in order to get them you have to click-agree to a rather obscene license.
                                      I can't even see the license because the "document" is a .exe.

                                      Unless the discussion today was about releasing those modifications and
                                      allowing for independent implementation?

                                      Brian
                                    • Dave Winer
                                      ... Brian, that kind of stuff happens all the time. It s hard to keep a standard from being attacked and undermined that way. We ve had to fight that in
                                      Message 18 of 20 , Sep 20, 2001
                                      • 0 Attachment
                                        > What a bunch of hooey. Do *they* support Kerberos? The answer is no -
                                        > they support an incompatible technology which happens to share some
                                        > lineage with Kerberos, and because no one trademarked the term Kerberos to
                                        > protect the standard, they're allowed to abuse the name to give themselves
                                        > credit where none is due. The changes they did make are documented, but
                                        > in order to get them you have to click-agree to a rather obscene license.
                                        > I can't even see the license because the "document" is a .exe.

                                        Brian, that kind of stuff happens all the time. It's hard to keep a standard
                                        from being attacked and undermined that way.

                                        We've had to fight that in XML-RPC, twice, and we lost that kind of a fight
                                        in RSS.

                                        I'm in total agreement that better trademarks are essential, and so is basic
                                        respect for other people's work.

                                        I wonder when our industry is going to get a sense of perspective and do
                                        some meaningful cooperative work.

                                        Dave
                                      • Michael Herman (Parallelspace)
                                        Here s a pointer to the Kerberos FAQ for Windows 2000: http://support.microsoft.com/support/kb/articles/Q266/0/80.ASP The article covers interop, interop
                                        Message 19 of 20 , Sep 20, 2001
                                        • 0 Attachment
                                          Here's a pointer to the Kerberos FAQ for Windows 2000:
                                          http://support.microsoft.com/support/kb/articles/Q266/0/80.ASP

                                          The article covers interop, interop testing, additional support, etc.

                                          Michael.

                                          -----Original Message-----
                                          From: Brian Behlendorf [mailto:brian@...]
                                          Sent: Thursday, September 20, 2001 7:34 PM
                                          To: decentralization@yahoogroups.com
                                          Subject: Re: [decentralization] Good news for decentralization?


                                          On Thu, 20 Sep 2001, Dave Winer wrote:
                                          > To your first question, it appears that's not a problem because
                                          > they're using Kerberos, which is (they say) interoperable and
                                          > available in lots of server environments.
                                          >
                                          > To the latter question, they would probably ask if Mozilla supports
                                          > Kerberos.

                                          What a bunch of hooey. Do *they* support Kerberos? The answer is no -
                                          they support an incompatible technology which happens to share some
                                          lineage with Kerberos, and because no one trademarked the term Kerberos
                                          to protect the standard, they're allowed to abuse the name to give
                                          themselves credit where none is due. The changes they did make are
                                          documented, but in order to get them you have to click-agree to a rather
                                          obscene license. I can't even see the license because the "document" is
                                          a .exe.

                                          Unless the discussion today was about releasing those modifications and
                                          allowing for independent implementation?

                                          Brian


                                          To unsubscribe from this group, send an email to:
                                          decentralization-unsubscribe@egroups.com



                                          Your use of Yahoo! Groups is subject to
                                          http://docs.yahoo.com/info/terms/
                                        • Julian Bond
                                          Re Kerberos vs MS Kerberos and implications for Maelstrom Openness. http://www.theregister.co.uk/content/4/21792.html In short, it s hard to do authorization
                                          Message 20 of 20 , Sep 21, 2001
                                          • 0 Attachment
                                            Re Kerberos vs MS Kerberos and implications for Maelstrom Openness.
                                            http://www.theregister.co.uk/content/4/21792.html

                                            "In short, it's hard to do authorization between a Windows server and a
                                            non-Windows server, and that seems to be the way Redmond likes it.
                                            Nothing in today's announcements changes this in any way, in fact it
                                            confirms the Redmond-centric way of doing business on .NET. "

                                            --
                                            Julian Bond email: julian_bond@...
                                            CV/Resume: http://www.voidstar.com/cv/
                                            WebLog: http://www.voidstar.com/
                                            HomeURL: http://www.shockwav.demon.co.uk/
                                            M: +44 (0)77 5907 2173 T: +44 (0)192 0412 433
                                            ICQ:33679568 tag:So many words, so little time
                                          Your message has been successfully submitted and would be delivered to recipients shortly.