Microsoft opens up Passport service

The Redmond, Wash.-based company on Thursday announced a plan to revamp its 2-year-old Passport service, which lets consumers log in to Web sites. Microsoft plans to make the service more appealing as a way to conduct business e-commerce transactions between Web sites. It will be used in a manner similar to how Cirrus and other banking networks globally link automatic teller machines worldwide.

To allay mounting privacy concerns, Microsoft said it plans to allow organizations to retain control over user identities, profiles and other business data held by Passport.

Privacy organizations and consumer advocates have complained that Passport does not adequately protect consumer information, a charge Microsoft vigorously denies.

Microsoft says there are 165 million registered Passport users. The service will be a key part of Windows XP, Microsoft's new operating system release due to be unveiled Oct. 25.

Microsoft will also revamp Passport to use Kerberos, a standard for network security, to provide a single sign-on authentication service that can be used on multiple Web sites. Kerberos is already supported by Microsoft in its Windows operating system. The software was developed by the Massachusetts Institute of Technology.

In addition, Microsoft is renaming its HailStorm Web services initiative .Net My Services.

HailStorm is central to Microsoft's overarching .Net software strategy to move computing to the Web. The company next year plans to offer content, shopping, banking, entertainment and other services through a variety of devices--including cell phones, PCs and handhelds--linked to HailStorm, which relies on Microsoft's Passport to authenticate users.

Rivals welcome?
In Microsoft's plan, businesses--which potentially include Microsoft rivals--will adopt Passport as their log-in system for business-to-consumer and business to-business transactions. Microsoft also will allow third parties, such as telecommunications service providers, to register Passport members or create trusted links between proprietary networks and a Passport-centric marketplace. In the end, a large federation of Passport-powered sites will form a huge marketplace, Microsoft hopes.

"Almost every Web site that wants to do robust personalization or secure access to data has its own authentication system, but a lot of Web sites don't have to be in the authentication business," said Brian Arbogast, vice president of .Net core services at Microsoft. "Our goal is to lay the foundation that will allow mass adoption of Web services."

To help ensure the proliferation of Passport, Microsoft is loosening the reins of control. In the future, third parties will be able to manage Passport credentials, Arbogast said. Microsoft will still host the actual authentication process.

"We don't believe that Microsoft or any one company will be the only authorization provider on the Internet," he said. "We will allow Passport to accept credentials from other services and allow other services to give Passport identities."

AOL Time Warner's America Online unit and Sun Microsystems have alternative authentication systems either in place or in development. AOL Time Warner spokesman John Buckley said the company would not comment on the announcement until "we understand it thoroughly, which may not be today."

Marge Breya, vice president of Sun's Sun One Web services initiative, said: "We have a strong belief that many companies in the world should be authenticators, not just individual companies. There has to be open competition for consumers and businesses."

By 2002, non-Passport users will be able to link into the Passport "federation," Microsoft executives said. The company will seek to establish trusted relationships with independent networks, so ID credentials from one service will be accepted within the Passport borders and vice versa. Ideally, this will allow virtually everyone to maintain a single identity anywhere on the Web.

The main criteria are that these independent services adhere to the Kerberos v5 security standard and enter into mutually binding operating agreements, according to Microsoft.

Microsoft executives say the software giant is in discussions with many companies over plans to adopt Passport for business e-commerce use. Microsoft uses the Passport technology for some of its MSN Web properties, its messaging service, e-book purchases and new features found in Windows XP. Microsoft partners, such as McAfee.com and Starbucks, use Passport to authenticate some of the services and goods they offer over the Web. Right now, there are 75 partners accepting Passport as an authentication service for consumer transactions.

Corporate appeal
Some analysts say Microsoft's plan to market its Passport service to the corporate market is the company's first step toward offering Web-based software and services to businesses.

"HailStorm has a large piece that is consumer-oriented," Microsoft Chairman Bill Gates said in a recent interview with CNET News.com. "But this idea of state management and communications profiles--that is interesting to people inside corporations, too."

Hurwitz Group analyst Evan Quinn said Microsoft's effort to offer Passport and Web services to businesses makes sense and will provide a secure way to authenticate people who conduct online transactions with customers, partners and suppliers.

"Consumer services don't carry much risk. Here's a way to access an address book or music; those have entertainment value," Quinn said. "But when you start offering services to businesses in a business-to-business environment, you have a whole set of performance, reliability and security requirements."

With the terrorist attacks Sept. 11, he added, "the demand for security services is going to increase. This is Microsoft waking up to the requirements."

Executives say Passport will hook into Microsoft's Active Directory directory-server software, technology that businesses use as a central information database--or a Yellow Pages--detailing users, systems and software, or, in this case, Web services.

Research firm Gartner believes the nascent Web services market is the future for software and will take hold by 2004. To date, corporations have been reluctant to sign on to Microsoft's plan to sell software through monthly subscription plans rather than traditional licenses. No less an authority than Michael Dell has said chief information officers are resisting the idea.

But if Microsoft can smooth the waters with Passport, acquiescence may follow, analysts say.

"I see (the Passport network) as a way to hook the enterprise into the equation," said Gartner analyst David Smith.

Directing commerce
So-called e-wallet software such as Passport stores commonly requested, vital information such as a login name, shipping address and credit card number. Such services are becoming key leverage points for controlling how consumers and businesses use the Internet.

AOL Time Warner has a similar service called Screen Name Service as well as a Quick Checkout shopping tool that was first unveiled in November 1998. In July, AOL made a $100 million investment in online retailer Amazon.com, which was largely seen as a competitive move aimed at Microsoft and intended to boost AOL's e-wallet service.

Microsoft isn't just planning to offer subscription-based Web services to consumers and businesses. Like rivals IBM, Sun Microsystems and Oracle, the company is also selling a family of e-business software that serves as the underlying plumbing that will allow businesses to run and create their own Web services.

Sun executives said healthy competition is needed in the authentication market, or Microsoft could develop a stranglehold in the market. To counteract Microsoft, Sun plans to announce partners, such as banks and insurance companies, that will offer their own authentication services. Sun declined to state which companies are potential partners, but AOL Time Warner is said to be working on developing its own Web services for consumers.

Passport will perform a function in the corporate world similar to the one it does in the consumer world, Microsoft executives say. With Passport, corporate buying departments will establish a common identity that they can use at any Passport-conversant site. Right now, corporate buyers have to establish a different identity and password with each individual site or customer.

Simplifying authentication will also help developers, Microsoft's Arbogast added, because they won't have to develop independent ID mechanisms.

The effort will begin in earnest in November. Microsoft representatives will also speak to government agencies about the plan. Though the company does not believe government regulation will be required to preserve security or identities, the subject is open for debate.