Microsoft Loses Passport 271
nikkoslack copies and pastes: "Microsoft is abandoning one of its most controversial attempts to dominate the Internet after rival companies banded together to oppose it and consumers failed to embrace it. The Redmond software company said Wednesday it would stop trying to persuade Web sites to use its Passport service, which stores consumers' credit-card and other information as Internet users surf from place to place."
Ebay (Score:5, Interesting)
Cannot trust Microsoft (Score:5, Interesting)
They do, and they market that very well. I recently saw an eighteen-wheeler pull through major cities showcasing Microsoft security products. Every business owner I spoke with that has had considerable expenses due to Microsoft's insecurities was amazed at their products. What I find most interesting is when a peer of mine went to a Microsoft propaganda seminar, they suggested the purchase of a Linksys router/firewall to place before their high-dollar security system. When asked what OS this equipment used, the speaker proudly mentioned Linux.
The problem is age-old though. Viruses and Trojans [totallygeek.com] would seemingly not exist without Microsoft. Certainly, there would not be a need for anti-virus products because the numbers would be manageable enough via infrequent patching. Therefore, Microsoft is the problem.
Re:no trust... no passport (Score:3, Interesting)
what about liberty alliance? (Score:5, Interesting)
There were a lot of rumors about this "passport killer" but now it seems to be faded into silence.
Not surprising (Score:5, Interesting)
Besides, there's no push for businesses to either adopt single-sign-on services, or for customers to want it.
Businesses require flexibility when it comes to user authorisation and profiles that 3rd-party services cannot offer.
Most people either use the same user-name and password combination for all of their services, and there aren't many browsers that won't auto-complete u/p forms.
At least with this announcement, Microsoft might be able to push some of it's resources from trying to push this serviced to 3rd parties to fixing the services internally (ever tried to log-out?)
So whats next? (Score:2, Interesting)
ms money (Score:2, Interesting)
Re:no trust... no passport (Score:5, Interesting)
I don't think it is just security - it is lack of trust on several levels.
Personally,
1) I do not trust Microsoft with my information
2) I do not that Passport really added any value. From a privacy point of view, I could just as easily maintain multiple passwords on multiple sites with a password manager program - I use Roboform under both IE and Firefox.
3) Companies did not want to hand over an important function of their business to a third party with little gain. Little value is added by letting a third party control this, yet it can provide huge leverage for MS in the future. I forget which year it was, but I recall Bill Gates saying that MS wanted to get a slice of every online transaction.
4) I did not trust that the technology between the website and MS was safe. Some pages seemed to be unencrypted, etc. There did not seem to be any security guidelines required of sites that are Passport enableed - maybe there is, but it seemed lacking to me.
5) I do not trust 'Privacy Policies' - companies can change them whenever they want and in certain instances (like TSA / Airlines) claim that the policies aren't binding, just PR. For me the best Privacy Policy is to not give out the data to the middleman in the first place.
Passport was a bad name (Score:5, Interesting)
Maybe if they would have called WebId or something more descriptive it might have caught on.
Re:Not surprising (Score:4, Interesting)
Re:Ebay (Score:4, Interesting)
Re:what about liberty alliance? (Score:2, Interesting)
Oh, right, we were talking about Passport! Ummm, L/A isn't the answer to widespread SSO by consumers any more than Passport was.
As we recall from the anti-trust court transcripts (Score:3, Interesting)
Perhaps if they did this mafia style with a hammer and some other blunt objects they would have better sucess
You mean like they did when they threatened some of their largest customers with much higher licensing costs when they were considering deploying Netscape instead of Internet Exploder (as detailed in the anti-trust court records)?
It's Federation, not passports that matter (Score:3, Interesting)
The real action is in federation and the ability of identity management systems to share trusts. Sure, it would be convenient if we didn't have to worry about the dozens of passwords we require for web sites we visit, including Slashdot. But that's a mere inconvenience compared to the issues faced by large organizations attempting to communicate together at an application level of trust.
There are many instances where two or more organizations would like to allow individual humans ,software programs, and devices to communicate once they've been properly identified as 'authenticated' on each other's systems, but the costs of determining which of these entities have that appropriate authorization is too high for the recipient organizations. It's difficult enough to ensure that one's own people/programs have appropriate authorizations and privledges.
Sharing information on each of the potentially millions of instances requiring authentication becomes prohibitively complex and costly. Just managing a directory system that contained 1/4 million employees and a million other internal objects is a huge undertaking. Adding even a fraction of that number of directory objects from dozens of other entities is a burden unlikely to be acceptable.
Enter Federation. My organization trusts these individuals with the set of priviledges that our two organizations have agreed upon as apporpriate for our digital communications and my organization accepts the responsibility to maintain the integrity of our side of the connection. Our identity management system connects to yours and through the use of appropriate handshaking protocols (the federation part - over simplified, I know) demonstrates that trust exists and the communication can occur.
Now instead of maintaining a directory of millions of outside entities etc., we need only maintain a directory record for each approved communcations process.
These issues cross so many disciplines and technologies from e-mail and IM, to SOA and more, that federated trusts becomes necesary if the process is to work at all. Further discussion of this topic belongs, and probably already exists, in a another thread.
No authentication system valid (Score:3, Interesting)
Would you go for a universal authentication system if it was run by Apple? How about if open source folks developed a system aside from Sun's and tried to market that? I wouldn't.
There's nothing inherently more secure about having my passwords stored on a single server out there than the current system, and, quite frankly, there's not much more convience in it.
The only "true" solution I could see for universal passwords is something akin to Keychain on Apple, or, to a lesser extent, saved passwords in Windows. Something that would store all passwords locally, encrypted, and would allow the user to use one login. Match that up with, say, a biometric recognition scheme, and I'd be all for it.
Re:no trust... no passport (Score:2, Interesting)
Re:Cannot trust Microsoft (Score:2, Interesting)
Either way, viruses would still exist without Microsoft. The only reason that there are so many for Windows is because of its widespread use.
Re:A few years down the line ... (Score:1, Interesting)
Passport, shmashport (Score:2, Interesting)
No Successful MS Innovations... (Score:3, Interesting)
They then embraced and extend the technology they purchased.
Of course one of the worst purchases was PassPort.
ugh!!! Good riddance......
Re:Passport was a bad name (Score:4, Interesting)
I wouldn't laugh at her at all. Instead, laugh at the arrogant marketers at Microsoft that think they can take a noun with a very specific meaning and repurpose it (and probably trademark it too). Micorosoft products like "Word" "Windows" etc. are pretty poorly named IMHO, because Microsoft wants to avoid the expense of coming up with a real name.
Content Is The Key To Internent Dominance (Score:3, Interesting)
While I don't that that Microsoft or any other business would dearly love to dominate the Internet, I never got the impression that Passport was anything more than a thinly veiled branding effort intende to drive traffic to sites that had done deals with MS. The whole thing was premised on the now-understood-to-be-wrong assumption that logging on to different sites was going to present an insurmountable hurdle for people. (It hasn't; everyone just uses the same damn ID and password for everything.)
Remember, the Internet is just a network. What counts is the content. If you wanna dominate the Internet. dominate its content.
Here's what I'd like to see instead (Score:3, Interesting)
The benefits are:
a. You only enter your password once. After this _browser_ asks you if you want the site to log you in automatically.
b. This won't cost the web site using the service a dime to implement (if it's GPL/open source).
c. This will decentralize password storage.
d. This will force web sites to use encryption when doing authentication.
e. This will prevent spoofing.
f. This will probably be a lot more effective at killing Passport than posting on Slashdot.
So there you have it, crypto gurus. Now go write a server piece and a toolbar/firefox plugin for it.
Re:no trust... no passport (Score:2, Interesting)
First,
The masses surely care... as much as they can. Many good reasons why it really failed is explained in other commentaries.Second, and that is what I want to underline, is your analogy with MS OSes / Passport and it's acceptance from public.
Many reasons can be given to explain why MS took such a big part of the desktop. Mostly by opportunity, good business, powerful marketing, anti-competitive tactics, etc.The customer, the one with no computer knowlegde, faced a monopoly, he had no choice. And he would probably have followed the same path if he was presented alternatives. (Unix never focused on jo six-pack ; Mac did well but was more expensive). Until now, MS was the only choice for Mr. Customer.
But the real difference, is that computer user never thought security was an issue. Computers are presented like a calculator, a typewriter, a gaming station, an Internet access point. Do you care about security for your calculator, your old typewriter, your gamecube or public Internet access points? Absolutly not! Computers are not advertised for what they really are. They are many orders more complex than every other accessory a customer faced before. Never before, he had to care of security, performance, backups, compatibility, stability, interoperability, license issues, etc.
If there is a thing all customers know is that money, credit card for instance, as well as personal information were always something to be careful of. That has be thougth for many years.
Moreover, it is not because customers use a monopoly's product that they are satisfied with this product and this monopoly. Some will get a far as they can from MS.
So you can not pretend that customers are facing the same choice. In fact the parallele cannot be done bitween the two because one choice (passport) is made knowing the other's conseqences (MS OSes).
Multiple ids a bigger issue for me (Score:2, Interesting)
That problem is that passport assumes that I only have one identity. I have multiple, legitimate identities when I operate on the web - Especially when I operate on Microsoft's own sites.
I work for a consulting firm which is a Microsoft partner. When I am using the web I may be using it as myself (individually); as an employee of the firm; or as a representative of one of our customers. If I need to register a support issue, download something from MSDN Downloads, or interact with Microsoft in any other way, I always have to be extra careful which passport I am currently using or logged into. If I am not careful I may incorrectly "charge" a download to the wrong party.
The passport interface tries to keep your login "sticky" and does not readily indicate who you are logged in as. It is inconvenient to switch identities and you are never alerted when you bring up a web page that your Passport was just transmitted.
If the Passport client would have popped up a dialog (or asked you in the interface) every time your identity was about to be sent something like "A web site is requesting your identity and information, which identity do you wish to send?", the whole thing would have been a lot more usable for me.
Re:no trust... no passport (Score:3, Interesting)