Microsoft Passport Still Faces Concerns

Microsoft is still a long way from resolving concerns about interoperability and control of enterprise information in its Passport authentication services, despite a recent announcement that it will make the service interoperate with similar technology from other vendors. Microsoft plans to incorporate the Kerberos standard for authentication into its Passport service, enabling it to interoperate with other authentication services, including possibly the Magic Carpet service being developed by AOL Time Warner. Under this scenario, consumers entering an e-commerce site won't need to register for that site independently to be authenticated, as long as the consumer is registered at Passport or one of the competing but interoperable authentication services. But authentication--knowing who the user is--is only one of the identification problems that needs to be solved. Enterprises also need to provide access control, to determine what data a user should have access to. Moreover, Microsoft also plans to provide .NET My Services (formerly known as Hailstorm) to compile information about consumers, such as address, credit card numbers and even appointment calendar information. Merchants are likely to resist giving up control of customer data in that fashion, although Microsoft says .NET My Services will make it easier for consumers to shop online with multiple merchants without having to register and type in personal information multiple times. Passport is the authentication service used in Microsoft's MSN Messenger instant messaging and Hotmail e-mail services; it's also used by consumers and small businesses to activate Windows XP, as well as by third-party e-commerce sites