Microsoft pitches Passport code to developers
Microsoft Corp. will share a portion of the source code for its Passport authentication technology, hoping to spur adoption of its single sign-on software among corporate developers, the company said Thursday.
Beginning in November Microsoft will share code to enable organizations and software makers to add support for Passport into their own single sign-on authentication systems, the company said. For example, a corporation could employ the technology so that its employees could sign on to a corporate portal and a Passport-protected Web site without having to type in a user name and password each time.
The code will be free to companies, academics, developers and governments under Microsoft's Shared Source License, which allows developers to view the code for purposes of developing, debugging and supporting both commercial and noncommercial products. Organizations using Passport will still have to sign a contract and pay a fee for access to the service, said Adam Sohn, product manager for Microsoft's .Net platform group.
"For (developers) who want to build applications that plug into the Passport service, it just becomes easier for them to do that" with access to the source code, Sohn said.
Called Passport Manager, the technology resides on the authentication system of a Web site or an application and communicates with Passport servers hosted by Microsoft, where users are authorized and credentials are stored, Sohn said.
"It's really just the communications integration point," he said.
The technology was first alluded to in September 2001 when Microsoft disclosed plans to take a "federated" approach to network identity and to allow Passport users to traverse various password-protected Web sites and services that support a common technology. The company said at the time that it would add support for the industry standard authentication technology Kerberos, in order to create compatibility between various systems.
Microsoft has since pledged to also add support for a standard called SAML (Security Assertion Markup Language), which would also make compatibility more viable, the company said in July.
"Federation is an architectural challenge that we're still working on," Sohn said. He noted that the proposed standard WS-Security will help enable compatibility between various authentication systems and Passport. He also said that Microsoft expects to fully integrate Kerberos into its products sometime in 2003, which will further its efforts.
Microsoft's Chief Technology Officer Craig Mundie announced the addition of Passport Manager to the Shared Source program at the Digital Identity World 2002 Conference in Denver. The announcement bolsters Microsoft's code sharing program, which already includes Windows CE and pieces of its .Net Framework.
Mundie also Thursday offered details about a product Microsoft plans to launch that will allow Passport users to test the security of their passwords. The Passport Password Quality Meter is designed to measure the level of security that a password might offer. Availability of the tool was not disclosed.
The Liberty Alliance Project is similarly aimed at winning over developers to its federated authentication technology instead of Passport. The specification, being developed by the 120-company member group, will enable corporate developers and Web site operators to use their choice of single sign-on authentication technology, but still interoperate with other systems that also support the Liberty specification.
Some identity management software makers are working to add support for Passport as well as the Liberty Alliance specification into their products. OpenNetwork Technologies Inc., in Clearwater, Florida, has released a product that supports Passport, in addition to the standard authentication technologies SAML, which is part of the Liberty specification.
Novell Inc. also this week announced plans to release a suite of products called NSure that could be used to manage user identities. NSure will support a range of authentication services in due time, including the Liberty specification and Passport, said Justin Taylor, chief strategist for directory services at Novell.
"We've been telling people that Passport is another option," said Taylor, who is the company's liaison to the Liberty Alliance Project.
"The centralized concept (of Passport) is appealing to some customers. Novell wants to answer all of our customers' needs," Taylor said. "Regardless of what customers choose we will support it."