Passport 2.0 ready to ship

Amid ongoing criticism and challenges from privacy groups, Microsoft is preparing for the release of Passport, the authentication...

Amid ongoing criticism and challenges from privacy groups, Microsoft is preparing for the release of Passport, the authentication system at the centre of the company's .Net initiative.

The software maker announced that Passport 2.0, the follow-up to the single sign-on authentication service at the heart of Microsoft's Hailstorm set of Web services, would be released later this month.

"It will be posting to the Web very soon," said Tonya Klause, a Microsoft spokeswoman.

The new release comes as privacy and consumer groups have intensified their protest against Passport, adding to a complaint recently filed with the US Federal Trade Commission (FTC) against its use in Microsoft's new Windows XP operating system.

As Passport becomes a more integral piece of Microsoft's .Net initiative, industry insiders claim the company is working to include greater levels of privacy and security in both the soon-to-be-released version and future releases.

Microsoft has already been quoted as saying it intended to strengthen the level of privacy in the service.

Keith Brown, a columnist for Microsoft's MSDN developers' Web site, said Passport 2.0 would be followed by a version featuring additional privacy and security aspects. "With the release of the next generation of Microsoft's Web services strategy, still without a due date, Passport will rely on a security technology standard called Kerberos," Brown said.

Kerberos, a standard developed by engineers at the Massachusetts Institute of Technology, is currently under review by the Internet Engineering Task Force, an industry standards body. Microsoft is expected to use an implementation of Kerberos similar to the one included in the Windows 2000 operating system. It will become the key technology to securely authenticate Passport subscribers who access Web-based services, such as those included in Hailstorm.

While critics say Microsoft's latest efforts to increase privacy in Passport do not satisfy their needs, many would view Kerberos as a welcome addition to the system. Richard Smith, the chief technology officer of the Privacy Foundation, said: "Kerberos is a very good step in the right direction for providing security, which is not privacy necessarily.

"Kerberos should address a lot of the problems that Passport has from a security standpoint."

Read more on IT legislation and regulation