Comments on: Microsoft's InfoCard draws open-source response

IBM, Novell to join "Higgins Project" efforts to provide alternative to managing Internet logins and passwords.

[Earl Benser]

Higgins is no better than Passport.

Both want me to trust that some external operation can be trusted
with my passwords and my financial data. This is little more that
blessed spyware. Sorry guys. I can't trust Microsoft. And I'm not
about to trust anyone else. It's my job to keep my computer
operations secure, and I don't accept anyone's ideas of 'making it
easier' as an excuse for a bad idea.

I think it's decentralized...

I'm still trying to figure all these systems out, but I think the idea with both InfoCard and Higgins is that it's a framework and there can be lots of different servers, unlike Passport which had only Microsoft's.

[Zymurgist]

Slight misunderstanding...

Both Higgins and InfoCard are different from
passport in that rather than having a
third-party store and validate the identity
tokens, the interaction is direct with the
authenticating party.

The credit card analogy is pretty apt. In that
the holder has three tokens - the encoded data
on the card, the data checksum digits, and a pin
code - which they can present to a third party
to perform a transaction. The third party
presents the tokens to the issuer in exchange
for a guarantee of payment which is granted or
denied.

Same thing here. Basically, you'd have your
issuer-created credentials along with the issuer
info (namespace), and your own personal code,
etc. The principle differences here would be
that the codes can be of arbitrary length, PINs
can be replaced with large cryptographic keys
(public/private), etc. and it would be
integrated with whatever software would want to
make use of it.

It's a glorified cross-between kwalletmanager
and GPG -- nothing at all like Passport.

The thing I'd like to see is to see it
standardize storing the cryptographic "wallet"
on a thumbdrive by default, and to have a
protocol for using your credentials to obtain
transient single-transaction credentials.

[nbdr]

There must be one standard otherwise the web is doomed

If Microsoft wins this, it?s the worst nightmare for the future of the web. Identity management is so important that it?s essential that there will be one standard supported by all players. Otherewise the web will be divided and walled.

Users will go only to website supported by their identity management standard.

IBM seemes more flexible, they say Higgins will support Microsoft and any other standard and make them compatible.

Linkadelic Magazine
http://www.comagaz.com/webmagazine/

[nbdr]

There must be one standard otherwise the web is doomed

If Microsoft wins this, it?s the worst nightmare for the future of the web. Identity management is so important that it?s essential that there will be one standard supported by all players. Otherewise the web will be divided and walled.

Users will go only to website supported by their identity management standard.

IBM seemes more flexible, they say Higgins will support Microsoft and any other standard and make them compatible.

Linkadelic Magazine
http://www.comagaz.com/webmagazine/