Microsoft to elaborate on Passport upgrade

InfoWorld (U.S. online)

Microsoft Corp. this summer plans to reveal further details about the next version of its Passport e-business authentication service, although the company is not yet committing to a release date.

One improvement planned for Passport is fitting it with Web services protocols such as WS-Security as a mechanism for federating with other authentication service providers, said Microsoft’s Adam Sohn, product manager in the platform strategy group at the company, in Redmond, Wash. The next version will use Web services protocols for automation instead of the current use of cookies, HTTP Redirect, and JavaScript. Other protocols to be used include SOAP and WSDL, he said.

“We’ve been talking about the general road map for Passport for a while and that the way you’ll interoperate with the system will be based on WS-Security and the associated protocols that we’ve been working (on) with IBM,” Sohn said.

Standard protocols are needed to federate with other providers, enabling identities not generated by Passport to be accepted within Passport-compliant systems.

Passport, formally called .Net Passport, is a service in which authentication information, such as user names and passwords, are maintained at Microsoft data centres. Microsoft’s maintenance of this information has drawn criticism from vendors supporting the rival Liberty Alliance specification, but Sohn insisted the amount of information maintained by Microsoft about each user is minimal. There are in excess of 200 million Passport accounts and approximately 300 Web sites that use it, including Microsoft’s own sites, Sohn said.

Sohn added that Web services technology in general is being added throughout Microsoft’s entire software platform.