Microsoft Opens Passport, Renames Hailstorm

Microsoft Corp. on Thursday said it will build Kerberos support into Passport in 2002 in order to make the single sign-in authentication service interoperable with offerings from other vendors and to allow enterprises more granular control over how much employee data can be accessed outside the company.

The company also changed the name of its consumer-oriented Hailstorm, the superset of Web services built on Passport, to the less militant sounding .NET My Services.

Much of the industry has pushed back against Microsoft on Passport and Hailstorm. Passport has come under fire for popping up frequently in Windows XP, while Hailstorm has been viewed by some as an attempt by Microsoft to collect and store data on everyone.

With the announcement, Microsoft says it is trying to move the industry to a federated approach similar to the network banks use with ATMs.

"The challenge of providing universal single sign-in is larger than any one company," Bob Muglia, Microsoft group vice president of .NET Services, said in a statement. "We invite the industry to participate in this federated model that bridges today's islands of authentication into a trusted network."

According to Microsoft, potential participants in the federated model include users, Web sites, enterprises, competing service operators, wireline and wireless carriers. Passport, which has been around since 1999 and has 165 million accounts, will be upgraded to support what Microsoft calls universal single sign-in next year. The main change will be to add support for the Kerberos standard. Passport will use the same implementation, version 5.0, that Microsoft supports in Active Directory.

Microsoft says Windows .NET Server, scheduled for release in the first half of 2002, will be designed to make it easier for organizations to extend universal single sign-in from inside the organization to the Internet.

"By associating a Passport identity with a Windows .NET Server identity, Microsoft has begun to tear down the wall that has forced customers to separate their internal network and extranet systems from each other," Microsoft said in a statement.

Christopher Payne, Microsoft vice president of the .NET Core Services Platform, provided one example in a Q&A about the announcement on Microsoft's Web site.

"An employee [can] have just one password and ID that they can use securely when visiting their company's HR benefits page, then leave the internal site to visit their company's travel-services site -- even though that site is run by an external vendor," Payne said.

Muglia says Microsoft will further the dialogue at the Trusted Computing Conference in Mountain View, Calif., in November.

The Hailstorm services, now called .NET My Services, include:
myAddress -- electronic and geographic address for an identity
myProfile -- name, nickname, special dates, picture
myContacts -- electronic relationships/address book
myLocation -- electronic and geographical location and rendezvous
myNotifications -- notification subscription, management and routing
myInbox -- inbox items like e-mail and voice mail, including existing mail systems
myCalendar -- time and task management
myDocuments -- raw document storage
myApplicationSettings -- application settings
myFavoriteWebSites -- favorite URLs and other Web identifiers
myWallet -- receipts, payment instruments, coupons and other transaction records
myDevices -- device settings, capabilities
myServices -- services provided for an identity
myUsage -- usage report for above services

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


comments powered by Disqus

Subscribe on YouTube