• PC World
• » Web

Microsoft is preparing to open its Passport. Bending under the weight of mounting legal and industry criticism, the software giant said on Wednesday it will alter the authentication system to interoperate with similar services from the its rivals.

The company also announced plans to consider handing over management of the system to a "federated" group made up of rivals and corporate partners, as well as Microsoft.

"Enabling multiple service providers to be able to interoperate, we think, is a tremendous opportunity for the industry," says Brian Arbogast, vice president of .Net services at Microsoft. The addition of interoperability to Passport will happen next year, he says.

Passport is Microsoft's single sign-on service that enables users to visit other Web sites and access password-protected services, such as instant messaging and online banking, without having to sign in at those sites. Some Web sites that currently use Passport include Starbucks.com and Microsoft's own MSN Internet sites.

Getting to Work

Microsoft also says it will work with corporations to enable their internal authentication system to work with Passport. For instance, employees could sign on to internal Web sites such as those that manage employee benefits.

"It's a way for enterprises to authenticate their users and then have those users trusted beyond the scope of just their business," Arbogast says. "We never thought of outsourcing Passport, previously, but there is tremendous market opportunity."

To allow the single sign-on service to work with competing services from rivals such as AOL Time Warner and proprietary systems used by corporations, Microsoft confirms it will include support for a technology called Kerberos in Passport.

Kerberos is an open standard for securing digital transactions developed by researchers at Massachusetts Institute of Technology. Adding Kerberos support to Passport would allow it to interoperate with any other authentication service that also uses Kerberos.

Calling on the Competition

But will any of Microsoft's competitors sign on to the idea? Microsoft says yes, noting that Kerberos is an open standard. "This gives us a model where we can interoperate without anyone doing a complete overhaul of their system," Arbogast says.

This interoperability will first be tested when Microsoft releases its Windows .Net Server, due out in early 2002, he says.

One analyst says winning the support of Microsoft's biggest rivals, such as AOL Time Warner, may be a stretch.

"I really think that AOL is going to have to be pushed real hard to sign on to this," says Chris Le Tocq, an analyst with Guernsey Research who has followed the development of Passport closely.

AOL has said it is working on its own single sign-on service based on technology used in the authentication system for its AOL Internet service.

The company is also a strong opponent of Microsoft and has a history of being slow to open up its systems to competitors, such as its instant messaging services. AOL is currently under order by federal regulators to make its instant messaging systems work with rival services.

In addition to AOL, the open source community is working on developing a single sign-on authentication system, and Sun Microsystems has said that it too could build a sign-on service that would compete with Passport.

Open Standards

For its part, Microsoft says opening up Passport through the use of open standards would give rivals and corporate partners control over many aspects of their own authentication systems. In addition, the company says it will consider allowing a neutral third party group, or a federation of companies that includes itself and industry rivals, to oversee Passport.

"What the federation approach does is provide the capability, through Passport, to make a single administration point for internal and external sites," Le Tocq says.

Microsoft will not commit to the idea of allowing a neutral group to oversee Passport, saying it is looking at other options as well. One such option would see competing authentication systems work like a peer-to-peer network, with each system storing its own users' personal information.

But with an independent authority managing the millions of user profiles, Microsoft could encourage customers to adopt Passport and relieve fears that Microsoft might control the personal information stored on central servers or charge for every transaction that passes through its system.

The move could also relieve privacy advocates' fears that Microsoft would use user information to build customer profiles for marketing purposes.

Legal Woes

Besides opening up an opportunity to enlist more subscribers for the Passport service, the announcement signals that the software maker is giving into legal pressure from its antitrust case, which continues this month in a U.S. District Court, Le Tocq says.

The U.S. Department of Justice, which is a plaintiff in the case along with 18 U.S. state attorneys general, has said in court papers that it will ask the judge to consider issues pertaining to Windows XP when crafting a remedy to impose on Microsoft.

Microsoft has also been under increasing pressure from consumer and privacy groups to ensure that Passport doesn't limit consumer privacy. A collection of advocacy groups filed a complaint with the U.S. Federal Trade Commission in July alleging that Microsoft was using unfair and deceptive trade practices to influence customer to sign up for a Passport and divulge personal information. The Center for Democracy and Technology has also been in ongoing discussions with Microsoft on the issue.

However, Microsoft says legal and industry pressure had not affected the development of Passport. "That's not any guiding force here," Arbogast says.

Microsoft also announced Wednesday a new moniker for its set of Web services, previously code-named HailStorm, which rely on Passport as a central authentication system. Now called .Net My Service, the set of services allows users to store information centrally on the Web and access that information from a variety of computing devices, including PCs and handheld devices.

• See more like this:
• Microsoft,
• Passport,
• authentication,
• AOL Time Warner,
• instant message,
• open,
• interoperate