Plan 9 + Apache = Maybe
Slashdot has a story up about an article at LinuxWorld about single sign-on services. The author contends (I think) that neither Microsoft’s passport (which he contends is to insecure) and the Liberty Alliance will succeed, but will rather be beaten to the punch by a technology taken from Plan 9. It seems the newest version of Plan 9 incorporates a new security model that incorporates and improves upon elements of Kerberos, SSH, and PAM. In essence, a service called Factotum provides a single sign-on service for all parts of the Plan 9 OS. A user logs into the machine, at which point the Factotum is started, afterwards, systems requiring user authentication can query Factotum to verify the user’s identity. In essence, Factotum acts as a keeper of the keys, maintaining your passwords and such in a secure location on the local computer. You prove your identity to Factotum by successfully logging-on to the system. If you encounter a system for which Factotum does not have a key, you will be prompted to provide one.
While Factotum does indeed sound like a very nice system, I’m not entirely sure I see how it would work as a single sign-on system across the network. I imagine what would happen is that a system requiring authentication would query the user’s local Factotum for identity verification. However, this lacks the “access anywhere, anytime” abilities of other systems. I also think that my understanding of this issue is far from complete at this point.
I see this as a very important issue though… I would very much like a system that allows me to access sites using only a single sign-in. I have too many passwords and such already. From a security stand-point consider which is less secure: A user who must maintain 20 username/password pairs, and does so by reusing those pairs, or a system in which they only have a single username/password pair?