ASPnews.com -- Analyst Columns : Weekly Review: One Small Step for Microsoft ....

www.aspnews.com/analysis/analyst_cols/article.php/891531

Weekly Review: One Small Step for Microsoft ....
By Phil Wainewright
September 25, 2001

Microsoft (NASDAQ: MSFT) moved the world a step closer to widespread adoption of integrated Web services last week with the announcement that it will open its Passport authentication service to third parties (see Microsoft Opens Door to Passport).

Passport to the Future?

Will Microsoft's authentication technology lead to a brave, new world of Web services? Sound off in the ASPnews Discussion Forum
Unfortunately, Microsoft will have to follow up this small step with something more like a hop and a leap before we can say the world is properly on its way towards that ultimate destination. But this first step is an important and necessary part of the whole process, which makes it a welcome move.
A Single Point of Net Entry
Microsoft's aim in opening up Passport is to make it possible for users to access online applications and services from different providers without having to sign on individually with each one in turn. Instead, the user would just sign on once, and then Passport would pass his or her details from one application to the next.
In IT industry jargon, this is called single sign-on. It's previously been possible only within a single, self-contained computing environment — typically within an enterprise network. The ultimate vision that Microsoft has outlined is one that gives users single sign-on for the entire Internet, giving them immediate access to every resource they are entitled to use. In the context of the new generation of component Web services, automated access could enable previously unimaginable possibilities, such as automated assembly of new applications on demand.
Others Have Tried Before
Microsoft's plans for Passport will not be the first time that universal sign-on has been attempted. Two years ago, Novell launched a service called DigitalMe, which used its directory services platform to store single sign-on data for online consumers. Last year, Jamcracker began work with other members of the Internet Business Service Initiative (IBSi) to enable single sign-on to multiple services offered by the group's members, such as OpenAir, Works and Employease. They saw it as the highest priority among several integration challenges that they faced.
Both efforts made little progress. Novell didn't have the customer base to achieve the mass adoption that any such initiative needs if it's going to succeed. Jamcracker and its partners quickly got bogged down in standards committees, sacrificing the goal of rapid progress in the hope of ultimately gaining broad-based industry support.
This is the hop that Microsoft has to make, taking Passport from a popular service to universal solution. It must reckon it has a fair chance of doing so. Passport already claims more than 165 million user accounts, and it has adopted the Kerberos 5.0 technical standard for authentication, adding a useful veneer of standards compliance.
To aid the popular appeal of its offering, Microsoft has announced that the family of Web services that Passport belongs to — previously codenamed Hailstorm — will now be known as My .Net Services. Unfortunately, this excessively consumer-friendly name may prove counter-productive to Microsoft's objective of making Passport just as ubiquitous in the corporate world as it already is in the mass consumer market.
It's all too easy to forget that, on the Internet, every user is an individual with multiple identities. Some of those identities are as consumers, while many others are business roles. Some are hybrids, for instance when workers send emails from home, or when they use Internet access in the office to apply for jobs elsewhere. Integrating all of these various identities into a single system could be powerful.
Microsoft's objective is for Passport to manage all of these identities. It sees the service turning into a single, common authentication system that will be used across enterprise systems, Web sites and services to manage user authentication. Therefore it must gain the confidence of enterprises and business users as well as consumers.
Making a Federation Case Out of It
An important element in enabling this, since many of the participating organizations already have existing authentication infrastructures in place, is the concept of federation. From the earliest days of .Net, when Hailstorm was known simply by its pre-codename moniker of .NET Building Block Services, Microsoft has identified federation as a key element in the architecture (see Microsoft Maps Out a Net-Centric Future)
"This federation concept gets increasingly important," company CEO Steve Ballmer told delegates at the unveiling of .Net in June last year. "People will be able to, in some senses, outsource or federate their internal intranet infrastructure with the public Internet, yet retain control over management and policy and security in the ways that all companies certainly want to today."
In essence, what it does is allow organizations to maintain control of their local resources while still being able to interact with outside services that are not under their direct control.
This is where Microsoft will have to make its most courageous leap. Federated services interact across normal organizational boundaries — Microsoft cites the ATM networks oeprated by the banking industry as an example. Another example you won't find it mentioning is the FBI, but it would be more helpful if it did, because it underlines a key attribute for any successful federated agency — neutrality in relation to its constituents. That is not what Microsoft is proposing with its current iteration of Passport.
Microsoft Cops on Compliance Beat
Although it says it wants to make the system open, it also wants to police compliance to privacy and security standards. "If adherence and enforcement of strong privacy policies are not met, then we will work with the provider to try and fix this problem immediately or we will "turn them off," warned Christopher Payne, vice president of Microsoft's .Net core services platform in an interview last week.
This neutral policing role is incompatible with participation in the system as a provider. Before it can become the universal solution Microsoft wants it to be, Passport will have to be operated and managed by a neutral third party. For the moment, Microsoft will continue to try to make it a proprietary system that it manages itself. In fairness to the company, it is honor-bound to give this a try — it would be failing its shareholders if it didn't. But if it truly wants to lead the creation of a universal Internet "trust network," then it will have to give up proprietary control and fully unleash all the power of collaborative Web services. Give it a year or two, and Microsoft will have made that leap.
This review of the week's news highlights is by ASPnews.com founder and consulting analyst Phil Wainewright. A comprehensive news digest is published every month in the ASP News Review newsletter, available exclusively to subscribers.