September 20, 2001, 9:23 AM — Bending under the weight of mounting legal and industry criticism, Microsoft Corp. said it will alter its Passport authentication system to interoperate with similar services from competing companies. The company also announced plans to consider handing over management of the system to a "federated" group made up of rivals and corporate partners, as well as Microsoft.
"Enabling multiple service providers to be able to interoperate, we think, is a tremendous opportunity for the industry." said Brian Arbogast, vice president of .Net services at Microsoft. The addition of interoperability to Passport will happen next year, he said.
Passport is Microsoft's single sign-on services that enable users to visit other Web sites and access password-protected services, such as instant messaging and online banking, with having to sign in at those sites. Some Web sites that currently use Passport include Starbucks.com and Microsoft's own MSN Internet sites.
Microsoft also said it will work with corporations to enable their internal authentication system to work with Passport. For instance, employees could sign on to internal Web sites such as those that manage employee benefits.
"It's a way for enterprises to authenticate their users and then have those users trusted beyond the scope of just their business," Arbogast said. "We never thought of outsourcing Passport, previously, but there is tremendous market opportunity."
To allow the single sign-on service to work with competing services from rivals such as AOL Time Warner Inc. and proprietary systems used by corporations, Microsoft confirmed it will include support for a technology called Kerberos in Passport. Kerberos is an open standard for securing digital transactions developed by researchers at Massachusetts Institute of Technology. Adding Kerberos support to Passport would allow it to interoperate with any other authentication service that also uses Kerberos.
But will any of Microsoft's competitors sign on to the idea? Microsoft says yes, noting that Kerberos is an open standard. "This gives us a model where we can interoperate without anyone doing a complete overhaul of their system," Arbogast said.
This interoperability will first be tested when Microsoft releases its Windows .Net Server, due out in early 2002, he said. Kerberos support will be built into the version of Active Directory within the server software, a service that allows users of Microsoft's database software to store identities of business partners and customers. This will allow those users signed on via Active Directory to visit Passport-protected Web sites.