Hoping to learn from the lessons of its unsuccessful Passport initiative, Microsoft is taking a more open tack in developing its new InfoCard identity management platform, a company executive said on Tuesday.
Like Passport, InfoCard is designed to make it easier for users to surf the web by keeping track of their user names and passwords as they move from site to site. Unlike Passport, however, InfoCard is being designed to work on client and server software that was not developed by Microsoft.
Since the beta version of InfoCard was released in May, Microsoft has been working with developers of the Firefox and Opera browsers, as well as such organisations as the Apache Software Foundation and Apple, said Kim Cameron, Microsoft’s chief architect of identity and access, speaking at the DataCenter Ventures 2005 conference in Redwood City, California.
“These aren’t your typical Microsoft customers,” he said. “The main thing is, we need a solution that works on Linux boxes as much as it works on Microsoft boxes.”
Though the Passport identity management system now processes about one billion authentication requests per day, making it too popular to rightly be called a failure, the service has never gained popularity outside of Microsoft’s own web properties, Cameron said.
“When it comes to identity, people want to understand why the parties to any interaction are there,” he said. “It makes sense for people to use Passport, run by Microsoft, to access Microsoft properties. It didn’t make sense for users to use Passport to access eBay.”
Likewise, Europeans were uncomfortable with the fact that Passport data was stored on servers in the States, he said.
InfoCard seeks to get around this problem by operating in what Cameron calls a “polycentric” and “polymorphic” fashion, meaning the software will run on different operating systems, and the data will be stored in places that make sense to the user.
After its release, Passport was attacked by privacy advocates, including the Electronic Privacy Information Center, which argued that Microsoft was not taking adequate steps to protect and give users control of their data.
At the time, Microsoft disputed these concerns, but the company now needs to welcome them, Cameron said.
“We need to invite the people who used to be called privacy extremists into our hearts because they have a lot of wisdom,” he commented. “This [is] not the son of Passport.”
Microsoft’s goal is to make it easier to create ‘identity-aware software’, while at the same time respecting users’ privacy concerns, Cameron said.
Privacy will become an even more important issue as the implications of wireless networking become better understood, the Microsoft executive added.
At a recent security conference pranksters tracked a Bluetooth device that Cameron was using to offer attendees a real-time map of his progress through the convention centre, a light-hearted hack that underlined a more serious point.
That same kind of technology could be used to build more intelligent bombs, Cameron said. “Nobody has thought through the privacy threats that this involved,” he said. “Now I can build a device that explodes when a specific person is in the vicinity.”
With hackers getting better and better at making online attacks, and consumer confidence already somewhat shaken by recent security scares, technology vendors such as Microsoft are more pressed than ever to develop a reliable, widely used identity system for the internet. “We have to put on our tinfoil hats,” said Cameron. “We have to think through these technologies; we have to fix them.”