Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Loses Passport

michael posted more than 9 years ago | from the apply-at-consulate-for-new-one dept.

Microsoft 271

nikkoslack copies and pastes: "Microsoft is abandoning one of its most controversial attempts to dominate the Internet after rival companies banded together to oppose it and consumers failed to embrace it. The Redmond software company said Wednesday it would stop trying to persuade Web sites to use its Passport service, which stores consumers' credit-card and other information as Internet users surf from place to place."

cancel ×

271 comments

Git (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11227840)

Pirst Flost

no trust... no passport (4, Insightful)

AlexTheBeast (809587) | more than 9 years ago | (#11227841)

Nobody believes that Microsoft focuses on security. Nobody.

That is the reason that the passport system failed. The general computer using public is not
really tech-knowledgable... however, they do know that credit card numbers are to be protected.

(Of course, they don't realize that all of this spyware s!ht they have installed could
grab their numbers just as easily.)

Hopefully, Microsoft will turn off [tech-recipes.com]
that damn reminder balloon now.

uncle sam is uncle scrooge (-1)

Anonymous Coward | more than 9 years ago | (#11227855)

shame on you.

Re:no trust... no passport (5, Insightful)

turnstyle (588788) | more than 9 years ago | (#11227898)

"Nobody believes that Microsoft focuses on security. Nobody. That is the reason that the passport system failed. The general computer using public is not really tech-knowledgable."

Your logic kind of cancels itself out. You are correct that the bulk of the public isn't tech-knowledgable -- and so I'd say that it's safe to say that they didn't avoid Microsoft's Passport for security reasons.

(after all, do they avoid Microsoft's OSes for security reasons?)

Passport mostly failed because those masses didn't "get it" and didn't care to.

Re:no trust... no passport (4, Insightful)

Foofoobar (318279) | more than 9 years ago | (#11228165)

Actually there are multiple reasons why the public didn't get it and it boils down to the public and the industry avoiding it because of the following:

1. monopoly - nobody wants to give all their id's to one company to control

2. lack of understanding - why do I need one company to have my login and password to use on all these sites when I, Joe Average, already use the same login and password on all these sites?

3. security - Seriously, would you trust them with your login, pass, personal info and credit card information when they have had such a flawless run on security?

Because of one of those three things (or a combination thereof), it failed. These are (oddly enough) the same stumbling blocks that continue to stump them with all product releases. In some ways, it would have been in Microsoft's best interest's to split the company either via the courts or themselves; in that sense, the baggage of the company would not follow every product. By splitting the company, the could effectively put a new face behind each branch and each child company would have a chance to remarket themselves and their products.

On a negative, this would make it so that they would then have to compete more fairly in an open market and thus would cost them a share. It's give and take and right now no matter how you cut it microsoft loses.

Re:no trust... no passport (2, Insightful)

liquidpele (663430) | more than 9 years ago | (#11228193)

nobody "got it" because they were trying to replace a service that worked just fine with another system that was more complicated. It was more complicated because you have to deal with a totally different website just to log into the website you want, and that's frustrating for people.

Cannot trust Microsoft (4, Interesting)

totallygeek (263191) | more than 9 years ago | (#11227900)

Nobody believes that Microsoft focuses on security. Nobody.


They do, and they market that very well. I recently saw an eighteen-wheeler pull through major cities showcasing Microsoft security products. Every business owner I spoke with that has had considerable expenses due to Microsoft's insecurities was amazed at their products. What I find most interesting is when a peer of mine went to a Microsoft propaganda seminar, they suggested the purchase of a Linksys router/firewall to place before their high-dollar security system. When asked what OS this equipment used, the speaker proudly mentioned Linux.


The problem is age-old though. Viruses and Trojans [totallygeek.com] would seemingly not exist without Microsoft. Certainly, there would not be a need for anti-virus products because the numbers would be manageable enough via infrequent patching. Therefore, Microsoft is the problem.

Re:Cannot trust Microsoft (1)

peragrin (659227) | more than 9 years ago | (#11228136)

Viruses & trojans & root kits would exist without microsoft.

of course you would have more than 48 hours between the time a bug is found, and when the exploit starts working around the Net.

Also the patches would come out as fast as the exploits are noticed. You also would have responsible programers, and the Apps that breaks are the ones that gets fixed, unlike Windows were if your game doesn't work anymore, MSFT just patches around so that the game works again.

Re:no trust... no passport (2, Interesting)

confusion (14388) | more than 9 years ago | (#11227912)

I have to wonder how concerned people are about losing their credit card info. My numbers have gotten out a few times, and it's little more than an inconvience of sending a letter to the credit card company. Banks these days partly compete on how quickly they'll "make it right" if you are the victim of fraud.

Re:no trust... no passport (1)

PhlegmMaster (596165) | more than 9 years ago | (#11227984)

Who stores their credit-card information on passport? MSN Wallet only allows access to one store now - MSN. And the last time I heard of a security problem relating to MSN's wallet service was a few years ago (and that was basically just a cookie-stealing problem).

MSN no longer pushes it and you'd be stupid to buy into it. I know of a more insecure service that I use to pay my bills.

Re:no trust... no passport (1)

aichpvee (631243) | more than 9 years ago | (#11228114)

You pay your bills on windows, don't you?

Re:no trust... no passport (1)

PhlegmMaster (596165) | more than 9 years ago | (#11228194)

I use a web browser [partylemon.com] .

Re:no trust... no passport (1)

SenatorOrrinHatch (741838) | more than 9 years ago | (#11227916)

Post a reply if one of the first things you learned how to do with windows XP was edit the registry....

Re:no trust... no passport (4, Interesting)

krbvroc1 (725200) | more than 9 years ago | (#11227979)

Nobody believes that Microsoft focuses on security. Nobody.

I don't think it is just security - it is lack of trust on several levels.

Personally,

1) I do not trust Microsoft with my information

2) I do not that Passport really added any value. From a privacy point of view, I could just as easily maintain multiple passwords on multiple sites with a password manager program - I use Roboform under both IE and Firefox.

3) Companies did not want to hand over an important function of their business to a third party with little gain. Little value is added by letting a third party control this, yet it can provide huge leverage for MS in the future. I forget which year it was, but I recall Bill Gates saying that MS wanted to get a slice of every online transaction.

4) I did not trust that the technology between the website and MS was safe. Some pages seemed to be unencrypted, etc. There did not seem to be any security guidelines required of sites that are Passport enableed - maybe there is, but it seemed lacking to me.

5) I do not trust 'Privacy Policies' - companies can change them whenever they want and in certain instances (like TSA / Airlines) claim that the policies aren't binding, just PR. For me the best Privacy Policy is to not give out the data to the middleman in the first place.

Re:no trust... no passport (1)

RupW (515653) | more than 9 years ago | (#11228239)

3) Companies did not want to hand over an important function of their business to a third party with little gain.

Huh? It's just outsourcing your basic account management. Lots of companies outsource stuff for many different reasons. The idea is you also get a ubiquitous UI so it's easy and reassuring for anyone who wants to use it - that has value too.

Re:no trust... no passport (2, Informative)

jcr (53032) | more than 9 years ago | (#11228009)

I'd say that Passport's failure has much more to do with web sites realizing that Passport really didn't offer them much, and cost them quite a bit.

-jcr

Re:no trust... no passport (1)

Jeff DeMaagd (2015) | more than 9 years ago | (#11228110)

I turned it off that baloon by using Spybot Search & Destroy. It has some handy tools in the Advanced mode, so you can disable start-up crap. There's no reason to manually go into the registry to do that anymore.

Re:no trust... no passport (3, Informative)

hugesmile (587771) | more than 9 years ago | (#11228149)

A friend of mine - yeah, that's it.. a friend - runs a website that has a registration process, whereby people create their own accounts and passwords. To my amazement (my friend tells me that...) the vast majority of users sign up and provide an email address and password that is obviously the same password used elsewhere around the internet. With this password, my friend can easily retrieve / delete people's email, access some paypal accounts, and sign into other common services around the net.

Good thing my friend is ethical! I can't emphasize enough - USE A DIFFRENT PASSWORD FOR EACH WEBSITE, such that no DB Admin from one site can guess your other passwords!

fp! (-1, Offtopic)

mrwilly123 (796375) | more than 9 years ago | (#11227842)

fp!

Re:fp! NOT (-1)

yabos (719499) | more than 9 years ago | (#11227861)

NT

Re:fp! NOT (-1, Offtopic)

ScrewMaster (602015) | more than 9 years ago | (#11227870)

As in Microsoft Windows, NT.

second negative post (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#11227844)

fuck microsoft

Re:second negative post (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11228073)

M$, a girl?

happy new year dupe-tacular! (-1)

Anonymous Coward | more than 9 years ago | (#11227847)

nothing to see here; kindly move along.

Re:happy new year ! (-1, Offtopic)

Moulinneuf (844899) | more than 9 years ago | (#11228006)

you too ;-)

Passport's failure (5, Insightful)

turnstyle (588788) | more than 9 years ago | (#11227854)

I think "rival companies banded together to oppose it" was far less relevant than "consumers failed to embrace it"

Re:Passport's failure (1)

spac3manspiff (839454) | more than 9 years ago | (#11227895)

Microsoft was way to presumptuous thinking that consumers would allow theirselves to be stuck with another microsoft product. Sure most people use windows but that's because they're forced to.

Re:Passport's failure (3, Insightful)

Kierthos (225954) | more than 9 years ago | (#11227903)

I would tend to think that "Consumers didn't know it was there" would also be a major part of it. You can't "embrace" what you don't know about.

Kierthos

Re:Passport's failure (0)

Anonymous Coward | more than 9 years ago | (#11228058)

Not exactly. Just two months ago I walked away from a ticket I was trying to reserve (probably on Expedia) because the site was insisting I use a Passport login.

I just clicked over to a competing site and got the same flight, same fare, with none of the hassle.

Re:Passport's failure (1)

Kierthos (225954) | more than 9 years ago | (#11228089)

My point, though, is that it wasn't just that, like you, people didn't want to use it. It was that a lot of people didn't know it was there. They (Microsoft) never got the level of brand awareness or name recognition with Passport then with their other products.

I mean, I have customers who can't put put a floppy disk in the correct drive (they put it in the ZIP drive bay) but they know of MS Word.

It's about getting the depth of name recognition. They just never got it with Passport. And whether that is because not enough websites wanted to use it, or they advertised it poorly, or whatever, it just never got to the same customer base that uses Word or Powerpoint on a daily basis.

Kierthos

Re:Passport's failure (1)

isecore (132059) | more than 9 years ago | (#11228076)

Right.

Of course the bajillions of hotmail-users never noticed that it said "Microsoft .net Passport" about a thousand times when they logged into their mail to get some spam.

Or that it said the same thing on just about any website that was even remotely owned/operated by Microsoft.

Bull fucking shit, is my opinion. People didn't buy into it because they never trusted it.

Re:Passport's failure (2, Insightful)

WidescreenFreak (830043) | more than 9 years ago | (#11227943)

Absolutely. I know a lot of people who told me that they thought it was a cool idea (this was obviously not recent) until I said, "You mean the same Microsoft that announces exploits in their operating systems on a weekly basis? You mean the Microsoft that had its Hotmail servers broken into a few times? Is that the Microsoft that you want to trust with your credit card numbers?"

The most common reply was "Oh. I never thought of that."

I don't know that I necessarily believe that Microsoft has never been concerned about security. I just don't think that they ever gave it a priority until recently.

Personally, I think that the reason why it failed was more that peole just don't trust storing such critical information in a single place. Convenience is fine, but the increase in Internet fraud, phishing, viruses/virii, and the like are increasing andmore importantly are being reported to the public. Let's not forget the frequent reports of how some major network site comewhere was broken into.

I agree that rival companies banding together was not relevant. I think that Passport's demise is due more and more news about the lack of security in Microsoft products and on the web in general. I find it difficult to believe that any kind of Passport-like service would work any time soon.

Re:Passport's failure (1)

Nicholas Evans (731773) | more than 9 years ago | (#11228202)

I don't know that I necessarily believe that Microsoft has never been concerned about security. I just don't think that they ever gave it a priority until recently.

Actually, I don't think they really gave it any priority. They just wanted to ship their next product and have it Just Work(tm) for the end-user. No configuring crap, just do it like the last windows release.

Microsoft didn't become all that concerned about the security of their products until Windows security became a major selling point for Linux/BSD. We all know that *nix is spanking them in the server market, and Billy doesn't like that.

Re:Passport's failure (1)

PhlegmMaster (596165) | more than 9 years ago | (#11227965)

Why do consumers need to embrace a service they do not know of (or care about) the internal workings of? Especially when they have no alternative.

Most consumers don't care about how they login to a service, it's just a form for them to fill in. If the form changes because that site switched to using another form of authentication, they have no choice but to switch with it.

Passport was a bad name (5, Interesting)

DoctorHibbert (610548) | more than 9 years ago | (#11228036)

My wife was buying airline tickets on Expedia when it asked her to log in, the first log in choice was to use her Passport id. So she dutifully goes and retrieves her US passport. Yes, I laughed at her too, but still the confusion was understandable, she was buying airline tickets after all.

Maybe if they would have called WebId or something more descriptive it might have caught on.

Re:Passport was a bad name (1)

PhlegmMaster (596165) | more than 9 years ago | (#11228068)

Maybe if they would have called WebId or something more descriptive it might have caught on.

Because that would have made it seem even less secure [theregister.co.uk] .

Not really either (0)

Anonymous Coward | more than 9 years ago | (#11228046)

The real problem was the design and implementation. Is was designed for MS to take control of the internet which is what they are focused on. But in typical MS fashion, it has no real security and MS corp. does not know security.

It's often implemented without https (5, Informative)

HawkinsD (267367) | more than 9 years ago | (#11227863)

Thank God.

I realize that it's probably the fault of the implementer, and not the technology, but I can't tell you how many times I've supplied my password to a page that was rendered without https.

So I had to get two Passport accounts: one for secure things, like my MSDN account, and one for things that I didn't care who stole my password for.

Re:It's often implemented without https (5, Informative)

Dr. Evil (3501) | more than 9 years ago | (#11227908)

Often the page is sent in the clear, but the submit action is an https link.

Not that I think that such behaviour is good practice... just that it might very well have been encrypted.

Re:It's often implemented without https (1)

RupW (515653) | more than 9 years ago | (#11228084)

I realize that it's probably the fault of the implementer, and not the technology, but I can't tell you how many times I've supplied my password to a page that was rendered without https.

Huh? All logins are processed, AFAIK, are processed through passport.net on a secure page. The site you want to login to redirects you to a secure page on passport.net - with some branding from the original site - which redirects you back once you've logged it.

It's gotta be the name (-1, Flamebait)

rtstyk (545241) | more than 9 years ago | (#11227865)

I think the name 'Passport' was to foreign and people got scared that they will be shipped somewhere where they don't spink Engrish so noone applied. d.

Re:It's gotta be the name (1)

rtstyk (545241) | more than 9 years ago | (#11227973)

Get a sense of humor dear mod.

The post was meant to agree with other poster about how this has mostly to do with people not even embracing but not even touching this with a 10 foot pole rather than corporations not implementing it. They would do so in a heartbeat if it was something people wanted.

Re:It's gotta be the name (0)

Anonymous Coward | more than 9 years ago | (#11228038)

Obviously you did an awful job at conveying that.

A few years down the line ... (5, Insightful)

Anonymous Coward | more than 9 years ago | (#11227881)

/tinfoil hat on

Microsoft will embrace the Libery Alliance's Passport service. Windows users will embrace it too because it will be ported into the kernel.

Few years later, Microsoft will modify the protocol to extend it, adding their own proprietary features. Windows users have no choice but to embrace it.

Microsoft will then lock out competitors from using their new version of Passport. They might even patent parts of it. In the end they will end up dominating the Passport buisness anyways.

/tinfoil hat off

Re:A few years down the line ... (5, Funny)

savagedome (742194) | more than 9 years ago | (#11227947)

I agree. However I have one question. Why did you take the tinfoil hat off?

Re:A few years down the line ... (1)

ahsile (187881) | more than 9 years ago | (#11228050)

An interesting vision into the future. Definately a possibility from the way microsoft has acted in the past. (For example the "caller id" technology)

Re:A few years down the line ... (1)

blowdart (31458) | more than 9 years ago | (#11228059)

So MS abandons one single sign on service which was used for very few sites to one that's used on even less sites?

Hurrah for consumer choice!

Re:A few years down the line ... (4, Informative)

finkployd (12902) | more than 9 years ago | (#11228091)

You don't really know much about liberty alliance do you? It is a federated identity management service, using OASIS's SAML to assert authentication status and attributes, not like passport's "store everything in one place" service.

It is also licensed such that MS cannot modify or extend it in a way that is interoperable with the spec (which would make it useless anyway).

Finkployd

Re:A few years down the line ... (0)

Anonymous Coward | more than 9 years ago | (#11228216)

Okay. Once and for all:

What do people refer to when they say "tin-foil hat"? Seriously, I don't know, and I found no definition of that jargon.

Re:A few years down the line ... (1)

louarnkoz (805588) | more than 9 years ago | (#11228255)

There are many different voices coming out of Microsoft. One of the most interesting opinion is that of Kim Cameron, Microsoft's architect for identity. He publishes an Identity Weblog [identityblog.com] . Kim's "laws of identity" are all about privacy and minimal disclosure.

Kim pushes an Infocard Project [typepad.com] that would enable any variation of identity management, from centralised servers to federation of entreprise servers or peer-to-peer systems. Whether such grand vision will make it into future Microsoft products is indeed anyone's guess...

Wrong persuasion method... (4, Funny)

Seabass55 (472183) | more than 9 years ago | (#11227882)

"would stop trying to persuade Web sites"

Perhaps if they did this mafia style with a hammer and some other blunt objects they would have better sucess

Re:Wrong persuasion method... (0)

Anonymous Coward | more than 9 years ago | (#11228021)

Ahh, the old sale-by-trauma methodology.
Yes, the MS Office sales dep. have used that method with success in the past.

Re:Wrong persuasion method... (1)

peawee03 (714493) | more than 9 years ago | (#11228029)

Dude, dude, dude! Get in the 21st century! They're not called "hammers" or "blunt objects" anymore. They're called "Lawyers" and "Laws & the political process" these days. Jeesh.

Misunderstanding (1)

Prince Vegeta SSJ4 (718736) | more than 9 years ago | (#11228096)

would stop trying to persuade Web sites

in Microsoft Monopoly Speak - MMS (TM), really means "will consider a pause in their relentless assault, using their normal ordinance of bullying tactics"

The normal ordinance includes: discounts on volume software, initiation of free services to smother the competitor, buy the competitor, make sure the competitors product 'breaks for no reason' on IE, guido the leg breaker, a legion of attorneys, concrete blocks, having clippy threaten to make them sleep with the phishes.

these are employed in no particular order

Re:Wrong persuasion method... (1)

Jeff DeMaagd (2015) | more than 9 years ago | (#11228104)

Homer agrees to sell his computer company to Bill Gates.

"OK boys, "buy them out""

His thugs smash things.

"What, you think I got rich by giving people money?"

Re:Wrong persuasion method... (1)

Epistax (544591) | more than 9 years ago | (#11228122)

I don't mean to troll, and maybe this was a typo, but the ditty I heard on the Simspons really worked for me.

To the theme of the army march cadence a la "I don't know but I've been told, the Parthenon is mighty old...." . "S-u-c-c-e-s-s, that is how you spell success" I haven't screwed up that word since.

Not Totally Abandoned (5, Informative)

p0 (740290) | more than 9 years ago | (#11227883)

Microsoft will still use Passport for MSN services like Hotmail.

Re:Not Totally Abandoned (1)

spac3manspiff (839454) | more than 9 years ago | (#11227928)

so basically Passport is another name for Hotmail

Re:Not Totally Abandoned (1)

Neophytus (642863) | more than 9 years ago | (#11227963)

And msn messenger.

Re:Not Totally Abandoned (1)

PhlegmMaster (596165) | more than 9 years ago | (#11228018)

And every other service listed at http://special.msn.com/ (what a great name)

Ebay (4, Interesting)

ViolentGreen (704134) | more than 9 years ago | (#11227893)

Perhaps Ebay's decision to drop it [yahoo.com] was the final straw.

Re:Ebay (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#11228023)

Wow, you're so observant and wise! Thanks for point ing out a something that was on the main page yesterday!

Re:Ebay (3, Interesting)

Quarters (18322) | more than 9 years ago | (#11228177)

If Microsoft based their business on being reactive to eBay they'd have stopped development of Windows Server products by now. More likely the eBay decision was made because Microsoft let them know they were dropping support for it.

Great, now they will have to stand in line (0, Funny)

Anonymous Coward | more than 9 years ago | (#11227906)

...at the embassy to get a new one.

what about liberty alliance? (5, Interesting)

munehiro (63206) | more than 9 years ago | (#11227914)

Just some questions. Is the liberty alliance project still alive? does it provide a decentralized authentication proxy and will it be deployed concretely in some future?

There were a lot of rumors about this "passport killer" but now it seems to be faded into silence.

Re:what about liberty alliance? (1)

ScrewMaster (602015) | more than 9 years ago | (#11228019)

Well, if the sole purpose of the Liberty Alliance was to kill Passport (as opposed to actually providing a competitive technology) then the Alliance will probably disband. The reasons for Passport's failure are legion, but lack of trust in Microsoft probably isn't the primary one. I'd say it was a solution trying desperately to find a problem. Even if Passport were provided by a corporation with the public's complete confidence (I can't name one offhand), Passport didn't serve a particularly useful purpose. Systems like Passport alter the security vs. convenience equation to a degree that a lot of people just find unacceptable, regardless of the provider. Oh, I know the claim was that since the individual vendors don't need to know your personal data you're more secure. But that's wrong. You now have a single point of failure (the Passport provider) that, when it finally gets compromised (and it will, if it hasn't already) can cause massive problems. Too much valuble information under one thumb. I'd rather have my personal data given to those few businesses I buy from online, and who throw that info away when the transaction is complete. I don't mind typing my credit card number in when I buy something.

Re:what about liberty alliance? (1)

munehiro (63206) | more than 9 years ago | (#11228117)

Yes but keep in mind that a single sign-on system can be used for other purposes, from alleviate the burden of remembering tons of passwords (and accounts... my preferred login name is not available everywhere, so I finally have tons of modified login names and I have a lot of trouble remembering them all) to handling a grid sign-on. In these times where gridding is the future (and anonymous access to shared resources even more) knowing who you are and what you are allowed to do is very important.

Re:what about liberty alliance? (2, Informative)

lamona (743288) | more than 9 years ago | (#11228268)

Yes, according to their web site [projectliberty.org] they are. And the Internet2 community (mainly universities) is developing a way for its users to interact anonymously with online sites that require an identity. It's called Shibboleth [internet2.edu] . The weak spot in "Shib" is that it relies on the university's LDAP server to determine your status, but the identity that goes out across the net is regenerated for each new use and is short-lived. This wouldn't work for purchases, but it can define you as a legitimate subscriber to a service once you have signed on.

"If you build this technology, they will require it." David Sobel, CFP 2000

Re:what about liberty alliance? (2, Interesting)

blackhedd (412389) | more than 9 years ago | (#11228275)

Liberty Alliance has been going through some transition among the senior ranks. It seems that the large consumer-oriented financial-services company that drove a lot of the initial buzz is taking some baby-steps away from the initiative. There seems to be some surprise that uptake for the L/A standards seems to be slow. Also, the vendors producing Liberty toolsets (including the open source ones) aren't maturing all that well. L/A does not truly mandate anything deeper than a fairly obvious and simplistic federation scheme to go along with those OASIS standards. Still, it's an important thing for enabling serious intra-enterprise commerce.
Oh, right, we were talking about Passport! Ummm, L/A isn't the answer to widespread SSO by consumers any more than Passport was.

Not surprising (5, Interesting)

PhlegmMaster (596165) | more than 9 years ago | (#11227915)

They shot themselves in the foot a long time ago with extremely high licensing costs and requirements as well as complicated implementation requirements (not to mention the tiny client portfolio or constant security problems).

Besides, there's no push for businesses to either adopt single-sign-on services, or for customers to want it.
Businesses require flexibility when it comes to user authorisation and profiles that 3rd-party services cannot offer.
Most people either use the same user-name and password combination for all of their services, and there aren't many browsers that won't auto-complete u/p forms.

At least with this announcement, Microsoft might be able to push some of it's resources from trying to push this serviced to 3rd parties to fixing the services internally (ever tried to log-out?)

Re:Not surprising (1)

ThinkTiM (532164) | more than 9 years ago | (#11227962)

"At least with this announcement, Microsoft might be able to push some of it's resources from trying to push this serviced to 3rd parties to fixing the services internally" ....Just what we need, more salesmen becomming programmers... :)

Re:Not surprising (2, Informative)

ian13550 (697991) | more than 9 years ago | (#11228148)

Besides, there's no push for businesses to either adopt single-sign-on services, or for customers to want it.
Businesses require flexibility when it comes to user authorisation and profiles that 3rd-party services cannot offer.


Wow -- you really haven't been paying attention. Passport was AUTHENTICATION only (WHO you are) and not AUTHROIZATION (what you can ACCESS). Partner sites could always control what Passport users had access to.

Also, there is a very real need for this type of technology. Case in point: Companies who partner/outsource various business functions to 3rd party providers. For example, my last company I worked for (*cough* Big 4 *cough*) had 3rd party providers for travel bookings, 401(k), etc. While they didn't use Passport, they implemented another technology solution to share AUTHENTICATION data with the partner site so that employees did not have to log in twice (or more) during their Session to complete their daily transactions.

You'll also see this SSO/Affiliate/Federated technology being used to SSO people between different websites/infrastructures of HUGE corporations where each business unit is maintaining their own infrastructure and user stores. Hell, ATT/Cingular could create SSO between their two infrastructures using this -- same company (now) and 2 different sytems.

MS gave SSO a black-eye with Passport. Many, many, many different types of companies are looking to integrate authentication data between systems while still "owning" their user's data.

Re:Not surprising (0)

Anonymous Coward | more than 9 years ago | (#11228277)

The main thing that Passport provided that using the u/p for every site or having your browser store your u/p's is that Passport could assure their clients that BobSmith234 from one site was the same BobSmith234 from another site. This would be useful if say eBay and a sportscard trading forum were both on Passport; you could see the eBay feedbacks of someone else on the trading forum and be assured it was actually them. Because the accounts were free and could be tied to free email accounts, this tracking wasn't a foolproof way to track people on the web, either.

The problem is that anything requiring that you be 100% assured that this was the person you thought it was usually would dictate that you use separate u/p's for security puposes (in my earlier example, you wouldn't want someone exploiting your sportscard account to have access to your eBay account, because a huge bid in your name hurts a lot more than a forum post). This, compounded with huge licensing costs (not just anyone can plunk down $10K, particularly if they offer their service for free) and the dubious security track record of Microsoft products, killed it more than browser-based u/p collections or lack of need.

MS Shot Self in Foot (5, Insightful)

phaln (579585) | more than 9 years ago | (#11227930)

When Microsoft continued to leave "security" off its list of "necessary items" to follow up on for years, they pretty much shot any hopes of controlling a unified authentication system out the door.

Nobody takes them seriously as far as security goes. Just reading the headlines for a day would make that abundantly clear.

Perhaps a competitor will come out with a clean record and a compelling product, but in this area it isn't going to be Microsoft, if anyone.

Re:MS Shot Self in Foot (0)

Anonymous Coward | more than 9 years ago | (#11228126)

>> Perhaps a competitor will come out with a clean record and a compelling product, but in this area it isn't going to be Microsoft, if anyone.

Hmm, one name comes to mind....

Google, anyone?

A better system would be... (4, Insightful)

ThinkTiM (532164) | more than 9 years ago | (#11227932)

a public/private key scheme where public registrars keep your key. You keep your list of credit cards and identities on YOUR own devices. You then send encrypted information containing your credit card or identity in an industry standard packet of encyrpted information along with a link to the registrar.

Kerberos? (1)

spud603 (832173) | more than 9 years ago | (#11227972)

I don't know much about the underlying technology, but I've been in a few systems that use kerberos, and it seems to do the job of authentication nicely without any yucky credit card/personal info messyness.
Could kerberos be implemented on the web somehow, or is it only good for intranets?

Re:A better system would be... (1)

Lumpy (12016) | more than 9 years ago | (#11228010)

how about te java ibutton it can be encrypted in the button, then when you need to communicate it the java ibutton simply encrypt it with the current session key after validating your user pin that was sent to it. secure from one end to the other and if you break one session key you can not break any other as they are all differnt.

this has been around for a really long time. I demoed this back in 1998 at a Java conference when they were giving away rings with the java ibutton embedded in them.

I still have my dev kit and use it to unlock my house.

technology has existed for a long time, the discreet devices that can be on the person also exist and are dirt cheap (cheaper than a smartcard) insaanely durable and is completely open so that anyone can design the system without paying royalties.

there is no excuse for it to not exist right now.

Lost the battle, but war is not over (4, Insightful)

nurb432 (527695) | more than 9 years ago | (#11227934)

They will be back. They have the time and the funds to punt on this..

But they are not done...Total domination takes time.. They learned that lesson with java and the web in general...

Re:Lost the battle, but war is not over (1)

PhlegmMaster (596165) | more than 9 years ago | (#11228043)

They will be back. They have the time and the funds to punt on this..

Just like Microsoft Bob... they weren't done torturing the consumer when the Microsoft Office Assistant asked that infamous question.

Re:Lost the battle, but war is not over (1)

nurb432 (527695) | more than 9 years ago | (#11228087)

"Bob" was different, it was just a failed application ( which if it looked at objectively, it was a good concept, just badly implemented )..

The winner of the 'single signon' battle wins a LOT of money, and control over a much larger playing field..

So whats next? (2, Interesting)

v0idnull (707821) | more than 9 years ago | (#11227951)

So really, whats next? If anything, the world would benefit from some simplification in identification. I'd feel more comfortable with one company or government knowing my details, then 20/30 companies and various different governments knowing my details. Mind you, Passport sucked. But thats no excuse to not try to do something better.

Noble cause (4, Insightful)

confusion (14388) | more than 9 years ago | (#11227971)

The idea behind passport, at least partly, was a good idea in making the internet a little more consistant and easier to use for the herds of everyday people. The big problem is that when a company like MS forges a solution, its going to have strings attached and a financial motivation to pressure companies to do things they don't want to do.

I still think the idea is valid, but the implementation and execution, in true MS form, left a lot to be desired.

ms money (2, Interesting)

Anonymous Coward | more than 9 years ago | (#11227975)

Maybe MS Money 2005 won't force you to use passport. I'm still using MS Money 2001 for this reason.

Re:ms money (1)

RupW (515653) | more than 9 years ago | (#11228161)

Maybe MS Money 2005 won't force you to use passport. I'm still using MS Money 2001 for this reason.

No, I think it does. I suspect they're using it so they can cut off your access to the MSN financial feeds after however-many years you get. You can get a demo from Microsoft and try it if you want.

But Money *2004* definitely has a no-Passport 'I don't need to use online features' option.

Downfall? (0, Flamebait)

Albinofrenchy (844079) | more than 9 years ago | (#11227986)

Wow, it's looking bad for MS. Firefox, IE exploits, linux sneaking up on them, and their attempt to be big brother now fails too. I'll be sure to toss a rose on the casket when the giant dies off for sure, albeit a black rose.

Re:Downfall? (3, Insightful)

east coast (590680) | more than 9 years ago | (#11228088)

Wow, it's looking bad for MS. Firefox, IE exploits, linux sneaking up on them, and their attempt to be big brother now fails too.

The truth is that it failed long ago and it just took this long for it to swing around. As for the rest? I've been hearing for years and years how Linux and open source was going to crush MS to a pulp. At the current pace it'll happen right around the year 2112.

And I'm not being trollish. Let's at least accept the fact that when you're in a biased community like Slashdot you're going to see things with a heavy slant. Joe Sixpack STILL hasn't embraced open source, cares little about it and is even less inclined to learning a new OS, free or not. Not to even factor in the school system. Once I see a serious move to Linux in accessible schools like state universities, community colleges and the free public schooling system maybe there will be something there.

Re:Downfall? (0)

Anonymous Coward | more than 9 years ago | (#11228125)

Thank God! It had been ten minutes since the last Slashdot proclamation of Microsoft's impending death, and I was becoming concerned that all of you people had been swallowed by a tidal wave or something.

So, it's all back to normal. Whew! Now, please kill yourself, as you are clearly too stupid to live.

One login is easy for identity theft. (4, Insightful)

Yaa 101 (664725) | more than 9 years ago | (#11228060)

Let me have my 1000's of different logins as you can't imagine what happens when your only identity online get's compromised.
Imagine the work you need to pick up the pieces, this after all the work you need to make sure that the theft's impact remains small...

People that buy in on a single net identity are not so smart it seems...

Re:One login is easy for identity theft. (1)

RupW (515653) | more than 9 years ago | (#11228200)

Let me have my 1000's of different logins as you can't imagine what happens when your only identity online get's compromised.

But can you remember them *all*? Or do you write them down somewhere, making a different single point of failure?

Most people just use the same set of passwords anyway. If you got hold of Amazon's passwords you'd probably have access to a huge number of eBay accounts, for example. It all comes down to convenience, and if the single point of failure is well secured and well administered then it's a good-enough solution for Amazon and eBay, etc. It's not a good idea for anything ultra secure like your bank.

passport to be replaced by chip- in your hand? (0)

Anonymous Coward | more than 9 years ago | (#11228101)

If the goal is security than why do they convince people to give away more and more of their personal information?

Security isn't based upon giving up your personal information to some company or government,
keep more of your personal information to yourself - that is real security.

Newsflash! (5, Funny)

Foofoobar (318279) | more than 9 years ago | (#11228115)

Innovation isn't really innovation if no one wants it but you.

Misconceptions (5, Informative)

RupW (515653) | more than 9 years ago | (#11228118)

The Redmond software company said Wednesday it would stop trying to persuade Web sites to use its Passport service, which stores consumers' credit-card and other information as Internet users surf from place to place."

  • Passport does not store your credit-card details any more. You had to opt in to passport's Wallet service to do this. Microsoft discontinued Wallet a long time ago.
  • You do not have to provide any personal details to Passport. If you do, you can refuse Passport permission to pass them on to other sites. In this case, all the end sites get is your 64-bit user ID.
  • End sites cannot store information in your Passport account. The API is one way only. To alter the details in your Passport you have to go to passport.net
  • Passport is a trusted third-party for authentication. You don't log into any passport-enabled site directly; they redirect you to a secure page on passport.net (often with some source-site branding) and Passport redirects you back to them once you've logged in.
  • Passport absolutely DOES NOT "store your passwords". A few people said this in the eBay story's comments (!). Come on people, we're supposed to be tech-savvy here.

I'm almost sorry to see it go - it was a usable, simple to integrate single-sign-on with a big name, money and a fair critical mass behind it. Shame the entry price was so high.

Re:Misconceptions (4, Insightful)

s7uar7 (746699) | more than 9 years ago | (#11228163)

Coupled with the cost, that 2nd point will be the reason there was such a low take-up by 3rd party sites. Companies use your registration details for far more than just letting you in to the site - giving demographics to advertisers for example. If they're going to allow logins from clients with no details, they may as well do away with the registration all together.

Re:Misconceptions (0)

Anonymous Coward | more than 9 years ago | (#11228191)

Come on people, we're supposed to be tech-savvy here.

That doesn't matter! We're open source! We cackle with glee anytime anything negative happens to MicroSoft reguardless of their possitive technology and market force. The facts and truth don't matter just as long as it's open source it's good...

Microsoft bad! Microsoft bad!

Two words: MicroSoft Bob! Even given that it happened 9 years ago we have to continue to beat this dead horse!! It's so much fun to make fun of a product that failed so long ago most slashdot users never experienced it first hand!

Bow to Linus! Or you're nothing but a fucktard!

Terrible! (-1)

Anonymous Coward | more than 9 years ago | (#11228124)

This means no more competition for the US government's plans for passports! Now I'll have to use their damned chip.

What snapped in my head when I read this (2, Funny)

mr. marbles (19251) | more than 9 years ago | (#11228130)

To quote Nelson Muntz from The Simpsons "HA-HA!"

first po5t! (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11228187)

And enjoy all t4e enjoy th3 loud

No X-mas Party Either (-1, Flamebait)

Foofoobar (318279) | more than 9 years ago | (#11228205)

Just heard from some sources on the M$ campus that in order to save money, Microsoft cancelled their X-mas party. Word is that they did it to save money.

This is the latest in Microsofts attempts to stem bleeding by cutting employee benefits; the first round cut free sodas (a classic sign in dot bomb times of impending doom), then they cut insurance benefits and towels in the changing rooms. Then they cut contractors and their game production. Now they are cutting Christmas parties?? They have also announced that they are moving more jobs to Tsunami country and are building a larger facility over there.

Things are not looking good in monopoly land when the 800 pound gorilla comes to the party covered in band-aids.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...