March 23, 2004 4:00 AM PST

Passport to nowhere?

Remember when Microsoft was going to be your trusted, omnipresent guide through the world of online commerce?

News.context

What's new:
Microsoft has backed away from many of the more grandiose uses once envisioned for Passport, its online identification system.

Bottom line:
While the software will still be inserted into Microsoft's Internet infrastructure, broader plans to manage identity information are being deferred to Longhorn, the next version of the Windows operating system.

For more info:
Track the players

That was the plan a few years ago, when the software giant began pitching its Passport online authentication service as a cure-all for what was ailing online shopping. The company expected to sell Passport services to thousands of online vendors, making your Microsoft-stored password and the extensive personal and financial information behind it all you needed to do business on the Internet.

The reality has turned out to be considerably less expansive. Passport use is limited to Microsoft-owned sites and a handful of close partners, thanks to a combination of customer apathy, high-profile Microsoft glitches and credible competition from the industry-backed Liberty Alliance.

Analysts now say Passport is likely to become little more than part of Microsoft's Internet infrastructure over the next year, with broader plans to manage identity information now deferred to Longhorn, the next version of the Windows operating system.

"There doesn't seem to be a huge role for Passport--certainly not the role that was sketched out for it two or three years ago," said Matt Rosoff, an analyst for research firm Directions on Microsoft. "I expect at some point, Microsoft is going to say Passport is for Microsoft sites and close partners and leave it at that."

"The market largely rejected a proprietary, tied-to-Microsoft approach," Gartner analyst John Pescatore said. "We've actually seen the Liberty Alliance keep moving forward and get some traction in a variety of places, where Passport has pretty much remained a Microsoft, under-the-covers thing."

Microsoft representatives declined repeated requests to comment for this story. "There's nothing new to talk about," one representative said, while insisting that Microsoft remains committed to Passport.

Aside from dealing with occasional outages, Microsoft executives have not spoken about Passport for months.

The software maker acquired the technology for Passport when it bought Firefly Network in April 1998. It relaunched the service a year later as part of a broad e-commerce strategy.

Passport authentication was built into Microsoft Web services such as its Hotmail e-mail service and The Zone gaming site, and the company unveiled plans to resell Passport services to other sites as part of a broad consumer Web services strategy.

A few years later, only a few major sites support Passport sign-in as an option. The only sign of Passport at auction site eBay, touted as an initial backer of the service, is hidden deep within a customer support index.

Slow take-up
The tepid reception for Passport stemmed from a number of causes, analysts said, beginning with a lack of customer interest. The big promise of Passport was that it would simplify shopping by allowing folks to use the same sign-on for multiple shopping sites. But when was the last time you chose an online merchant based on their authentication procedure?

"Microsoft was kind of pushing Passport for a problem that didn't exist," Pescatore said. "There just aren't a lot of natural economies where there are going to be benefits to the consumer to have single sign-on. If I'm on eBay, am I really going to go straight to United (Air Lines) to buy plane tickets? Consumers didn't see the benefit, and businesses aren't going to sink any money into it until they see how it's going to increase revenue."

Any efforts by Microsoft to convince customers that single sign-on was a big deal were undermined by a string of embarrassing glitches. Problems with Passport servers have resulted in long interruptions in Microsoft service. A serious security flaw in Passport put personal data and credit card information for thousands of customers at risk of being hijacked. And Microsoft endured a public spat with the European Union that put significant restrictions on what data Microsoft can collect.

The upshot was that even businesses that were interested in simplifying their sign-on processes didn't get too excited about the idea of putting everything on a Microsoft server.

"It's not isolated to just issues with Passport security but (is related to) Microsoft's record in the large," said Gerry Gebel, an analyst for research firm The Burton Group. "Businesses like to maintain their autonomy, and they became especially concerned about leaving everything to Microsoft."

"It proved to be far more complicated than Microsoft imagined," Rosoff noted. "Passport became this poisoned service under a lot of scrutiny from regulators." All the restrictions, combined with lack of interest from third-party vendors, suggest that, within the next year or so, "they're going to scale it way back," he said. "I can't imagine a Web site today being willing to pay $10,000 a year and go through the whole process necessary to implement Passport."

Challenge from Liberty
Doubts about Microsoft's ability to run a centralized authentication system made it all the more appealing when a viable alternative emerged. The Liberty Alliance, a trade group formed by Sun Microsystems and backed by a number of major players, including Intel, was formed to create standards for a "federated" identity service, in which data could be securely shared among e-commerce sites without the need for a central broker.

The group recently released a major revision of its specifications and now has 31 companies shipping or working on products that support the standards, said Simon Nicholson, the chair of the business and marketing expert group at the Liberty Alliance.

"Certainly the market has spoken very clearly to say the technology we deploy must be based on open standards...and there will be no central repository of identity data; it will be a federated model," he said.

The primary selling points of the Liberty Alliance model, Nicholson said, have been that it works with a shopping site's existing technology and that it doesn't insert an outside company into the transaction process.

"Businesses have these relationships that have taken a while to mature, and they don't want to see another brand trying to insert themselves between them and their customers," he said.

Analyst Pescatore said Microsoft had erred by making its initial Passport plans too intrusive and far-reaching. "Their original architecture was pretty much that Microsoft was always in the loop; they weren't just selling you a piece of software," he said. "Then they talked about this more federated architecture, where you could put up your own Passport server, but by then it was too late."

Credit card companies and other infrastructure players were satisfied to wait for Liberty Alliance plans to coalesce. "The fact that Liberty Alliance was moving a little slow wasn't a problem, because banking and finance had no plans to use a federated identity service anytime soon," Pescatore said. "Liberty was going to base their architecture on a standard that was already in the marketplace, and that sounded good to them."

Problems with Passport coincided with waning interest at Microsoft in becoming a services company. The past few years have seen the company ditch most of the grander plans lumped under the .Net banner, which originally stood for turning software into a Web-delivered service. Instead, Microsoft is increasingly relying on third-party partners to address the services market.

"I really think they're just not interested anymore in running hosted services, except in situations where they think it's going to help them sell software," Rosoff said. "They've already suffered the PR fallout from the whole .Net My Services thing, and (Passport) is really the last shoe to drop."

However, Passport will continue to run on Microsoft sites, Rosoff said, and parts of the service will likely show up in future technologies.

"I think Microsoft will be evolving the technology, and maybe we'll see it in future releases," Gebel said. "If you look at Longhorn and (its Web services technology) Indigo in particular...they are certainly baking more of the Web services framework into the platform. You'll see different forms of federation there."

Pescatore said Passport especially makes sense for Microsoft's Smartphone platform for mobile phones, where the convenience of a single sign-on would be valuable. Just don't expect a repeat of the hoopla that accompanied Passport's arrival.

"Passport is not dead or dormant," he said. "It is just at a stage of, 'Let's get it out there first and then start preaching the value of it.'"

See more CNET content tagged:
Liberty Alliance, passport, Microsoft Longhorn, Microsoft Corp., Microsoft Windows

3 comments

Join the conversation!
Add your comment
Passport is useless
this is b.s. i am sick and tired of microsoft making me have to use an unsecure program. i would never use .net just because you have to use their passport. i should have a choice of whether to use it or not.
Posted by ltd777 (1 comment )
Reply Link Flag
Not BS...but Ahead Of Its Time
The biggest problem with Passport was that it addreessed a problem that *still* isn't being taken seriously...identity theft online. The Liberty Alliance (and primarily Sun Microsystems) have Big Investments in Big Iron (and Sun's systems are used heavily in banks and credit unions) so it behooved Sun to respond to Passport. The major credit card companies are beholden to the banks and credit unions that are their largest card-account distributors (and therefore to Sun), so they know where their bread is buttered.

Has *any* product from the Liberty Alliance come out in the consumer space?
Posted by PGHammer (6 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.