Monday, April 2, 2012

Logging in with username@google.com to Unix

As part of an April Fools Day prank, Alan Coopersmith wrote about some ideas that were proposed for Solaris 12 but rejected. Amongst those was one where you could use a PAM plugin to login using your Google/facebook account. Whilst at first it seems silly, is it really as silly as it sounds?

Modern, smart, mobile phones are usually running a small operating system not that unlike what you use on your computer. There is a variation of Windows 7 that runs on mobile phones. Android is another example. Apple uses its own proprietary operating system. All of these mean that behind the glassy screen on your phone is a complex set of software that responds to your taps and touchs in a way that allows you to use the device like a phone. A large number of these devices are now able to connect to the Internet via 3G/4G technology.

So how does the Google/facebook account factor into this?

To use our mobile phones, we typically enter in a PIN for either the phone or SIM card and sometimes both. What this amounts to is determining whether or not the person holding the phone is actually authorised to use it. Once we've entered the PIN, all of the phone's capabilities unlocks. Phones are typically used by 1 person, so any customisation is saved locally, along with our contacts, SMS history, etc.

Given that the phone has Internet connectivity via 3G/4G, what if instead of unlocking the SIM card at power on, you logged into your Google account and instead of your contacts being stored locally, on the phone, they're stored on the Google cloud. Now if you lose your phone, you don't lose your contacts list or your SMS history. Similarly, if you needed to call someone, you could use someone else's phone and login as yourself through the very same portal.

For people that use their mobile phone as an Internet access device, logging in using your facebook account and having the phone then dedicate itself to you using facebook could also work.

To protect the privacy of users, the details of every session that get stored locally would need to be encrypted with a session key that is generated anew for each login. This would mean that the phone would have to pull all of my contacts and other bits down every time it was turned on, but the alternative is that guests using the phone would have no privacy from the owner of the phone.

Each session for a given user would run as a distinct user, inside its own virtual screen.

This idea completely shifts the way in which we use a phone from it being the centre piece to being just the access node and the phone itself has little value. To expand this further, you could create a public phone variation of this where anyone can come up to the phone and login using their Google/facebook credentials and have immediate access to all of their contacts.

So to summarise, maybe a PAM plugin to allow a login to be authenticated with a Google/facebook account is really not that silly as it sounds - just different.

No comments: