ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > News > Security

Security threats Toolkit

Microsoft revisits Passport with InfoCard

Joris Evers CNET News.com

Published: 18 May 2005 15:50 BST

Microsoft is getting ready to provide an early peek at new Windows software that aims to help consumers deal with the plethora of Internet logins.

The software leviathan plans to release a technical preview of the software, code-named InfoCard, by the end of May, Microsoft said. It will also include other technologies designed to make using digital identities easier and safer, Microsoft's senior executive in charge of security, Mike Nash, said on Tuesday.

The release is for software developers, who will be asked to give Microsoft feedback on the technology, Nash said during his monthly security Webcast. In addition to InfoCard, Microsoft is also planning preview releases of technologies that it is pitching to enable the various identity systems used on the Internet to work together, he said.

"One of the big challenges that people face today is that there are many different kinds of identity systems," said John Shewchuk, an architect in Microsoft's distributed systems group, who was also on the Webcast.

In a similar vein, Microsoft and Sun last week demonstrated "single sign-on" software under development that's designed to let someone log in once to use network services that previously required separate authentications.

InfoCard will be the most visible of Microsoft's efforts to PC users. It is designed to provide secure storage for identity information that will be shared with online services such as Web shops.

The plans are reminiscent of Microsoft's largely failed efforts with Passport, a single sign-on service it unveiled in 1999. InfoCard is a new attempt, one that could address the complaint many critics had with Passport, which was that people's information was managed by Microsoft instead of by the users themselves and the businesses they dealt with.

The developer preview is important as Microsoft moves from just talk to actually sharing some of the work in progress.

InfoCard holds payment authorisation and details in the same way that a wallet holds credit cards, according to the software maker. "It makes it supereasy [sic] for the end user to pick among their different kinds of credentials," Shewchuk said.

With InfoCard, the online buying experience would change. When a user buys a book online, for example, the Web store would ping the user's InfoCard application on the user's PC for payment. The user then authorises payment, which is routed to the applicable financial institution. The bookstore does not need to know the user's credit card number or financial data.

For InfoCard to work well, commerce Web sites will need to adopt the technology, as will other businesses, such as credit card companies and banks, Microsoft said.