How Apache & Plan 9 will defeat Microsoft's Passport

What happens when journalists find themselves reporting the legal and personal risks associated with Microsoft's Passport can be easily avoided by adopting better technology from the open-source world? The normal legal standard for judging the adequacy of professional services -- such as those involved in setting up an e-commerce site -- is consistency with the "best" or industry-wide practices. What does the mainstream press do when that standard is largely set by the 66 percent of Web administrators who use Apache and open source? I don't know, but I think we're about to find out courtesy of Plan 9's pending victory over the X-files in the matter of single sign-ons and network authentication.

These keys are related via a hypothetical mathematical construct known as a one-way function. In these, the computational cost of creating two keys is trivial but the computational cost of finding the second key from knowledge of the first is thought to be very high. Thus a PKI user can publish one key while keeping the other secret, thereby creating a situation in which the ability to decrypt something with the public key asserts that it was encrypted with the private key and, by extension, can only be the work of the only holder of that private key. This therefore ensures that the sender cannot repudiate the encrypted data and so amounts to a digital signature.

One of the most interesting things about this specification is its use of SAML (Security Assertion Markup language) to define and control the messaging structures used in an actual implementation of the specification. Full details, including protocols and the SAML schemas needed, are available at https://www.projectliberty.org/ but, basically, the liberty specification handles authorization in a three-stage process with all communications structured via SAML and flowing through the user's browser or other software agent.

The link for this article located at LinuxWorld is no longer available.