Online business Toolkit

Microsoft to open Passport to competition

Michael Kanellos and Wylie Wong, CNET News.com CNet

Published: 20 Sep 2001 13:10 BST

Microsoft will extend its Passport authentication service to the broader corporate market, a major element in a wider effort to build acceptance for its software-through-subscription strategy.

In addition, Microsoft is renaming its HailStorm Web services initiative as .Net My Services.

HailStorm is central to Microsoft's overarching .Net software strategy to move computing to the Web. The company next year plans to offer content, shopping, banking, entertainment and other services through a variety of devices--including cell phones, PCs and handhelds--linked to HailStorm, which relies on Microsoft's Passport to authenticate users.

The Redmond, Washington-based company on Thursday will announce a plan to promote Passport--a two-year-old service used by consumers to log in to secure Web sites--as a universal log-in mechanism to conduct business e-commerce transactions between Web sites. It will be used in a manner similar to how Cirrus and other banking networks globally link automatic teller machines worldwide.

In Microsoft's plan, businesses--including Microsoft rivals--will adopt Passport as their log-in system for business-to-consumer and business to-business transactions. Microsoft also will allow third parties, such as telecommunications service providers, to register Passport members or create trusted links between proprietary networks and a Passport-centric marketplace. In the end, a large federation of Passport-powered sites will form a huge marketplace, Microsoft hopes.

"Almost every Web site that wants to do robust personalisation or secure access to data has its own authentication system, but a lot of Web sites don't have to be in the authentication business," said Brian Arbogast, vice president of .Net core services at Microsoft. "Our goal is to lay the foundation that will allow mass adoption of Web services."

Microsoft executives say the software giant is in discussions with many companies over plans to adopt Passport for business e-commerce use. Microsoft uses the Passport technology for some of its MSN Web properties, its messaging service, e-book purchases and new features found in Windows XP. Microsoft partners, such as McAfee.com and Starbucks, use Passport to authenticate some of the services and goods they offer over the Web. Right now, there are 75 partners accepting Passport as an authentication service for consumer transactions.

Microsoft claims there are 165 million registered Passport users. The service will be a key part of Windows XP, Microsoft's new operating system release due to be unveiled on 25 October.

Privacy organisations and consumer advocates have complained that Passport does not adequately protect consumer information, a charge Microsoft vigorously denies.

Some analysts say Microsoft's plan to market its Passport service to the corporate market is the company's first step toward offering Web-based software and services to businesses.

"HailStorm has a large piece that is consumer-oriented," Microsoft Chairman Bill Gates said in a recent interview with CNET News.com. "But this idea of state management and communications profiles--that is interesting to people inside corporations, too."

Hurwitz Group analyst Evan Quinn said Microsoft's effort to offer Passport and Web services to businesses makes sense and will provide a secure way to authenticate people who conduct online transactions with customers, partners and suppliers.

"Consumer services don't carry much risk. Here's a way to access an address book or music; those have entertainment value," Quinn said. "But when you start offering services to businesses in a business-to-business environment, you have a whole set of performance, reliability and security requirements."

With the terrorist attacks 11 September, he added, "the demand for security services is going to increase. This is Microsoft waking up to the requirements".

Executives say Passport will hook into Microsoft's Active Directory directory-server software, technology that businesses use as a central information database--or a Yellow Pages--detailing users, systems and software, or, in this case, Web services.

Research firm Gartner believes the nascent Web services market is the future for software and will take hold by 2004. To date, corporations have been reluctant to sign on to Microsoft's plan to sell software through monthly subscription plans rather than traditional licenses. No less an authority than Michael Dell has said chief information officers are resisting the idea.

But if Microsoft can smooth the waters with Passport, acquiescence may follow, analysts say. "I see (the Passport network) as a way to hook the enterprise into the equation," said Gartner analyst David Smith.

So-called e-wallet software such as Passport stores commonly requested, vital information such as a login name, shipping address and credit card number. Such services are becoming key leverage points for controlling how consumers and businesses use the Internet.

Microsoft rival AOL Time Warner has a similar service called Screen Name Service as well as a Quick Checkout shopping tool that was first unveiled in November 1998. In July, AOL made a $100m (£70m) investment in online retailer Amazon.com, which was largely seen as a competitive move aimed at Microsoft and intended to boost AOL's e-wallet service.

Microsoft isn't just planning to offer subscription-based Web services to consumers and businesses. Like rivals IBM, Sun Microsystems and Oracle, the company is also selling a family of e-business software that serves as the underlying plumbing that will allow businesses to run and create their own Web services.

Sun executives said healthy competition is needed in the authentication market, or Microsoft could develop a stranglehold in the market. To counteract Microsoft, Sun plans to announce partners, such as banks and insurance companies, that will offer their own authentication services. Sun declined to state which companies are potential partners, but AOL Time Warner is said to be working on developing its own Web services for consumers.

"We have a strong belief that many companies in the world should be authenticators, not just individual companies," said Marge Breya, vice president of Sun's Sun One Web services initiative. "There has to be open competition for consumers and businesses."

Passport will perform a function in the corporate world similar to the one it does in the consumer world, Microsoft executives say. With Passport, corporate buying departments will establish a common identity that they can use at any Passport-conversant site. Right now, corporate buyers have to establish a different identity and password with each individual site or customer.

Simplifying authentication will also help developers, Microsoft's Arbogast added, because they won't have to develop independent ID mechanisms.

To help ensure the proliferation of Passport, Microsoft is loosening the reins of control. In the future, third parties will be able manage Passport credentials, Arbogast said. Microsoft will still host the actual authentication process.

"We don't believe that Microsoft or any one company will be the only authorisation provider on the Internet," he said. "We will allow Passport to accept credentials from other services and allow other services to give Passport identities."

By 2002, non-Passport users will be able to link into the Passport "federation", Microsoft executives said. The company will seek to establish trusted relationships with independent networks, so ID credentials from one service will be accepted within the Passport borders and vice versa. Ideally, this will allow virtually everyone to maintain a single identity anywhere on the Web.

The main criteria are that these independent services adhere to the Kerberos v5 security standard and enter into mutually binding operating agreements, according to Microsoft. Kerberos is a security standard supported by Microsoft in Windows. It was developed by the Massachusetts Institute of Technology.

The effort will begin in earnest in November at the Trusted Computing Conference. Microsoft representatives will also speak to government agencies about the plan. Though the company does not believe government regulation will be required to preserve security or identities, the subject is open for debate.

See the E-commerce News Section for the latest headlines.

See the Internet News Section for full coverage.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Telecoms forum.

Let the editors know what you think in the Mailroom. And read other letters.