InfoCard Not Son Of Passport,

Here's an article by Robert McMillan (of IDG News Service) that appeared recently on InfoWorld. He caught me speaking to an audience of entrepreneurs and venture capitalists at the recent DataCenter Ventures 2005 Conference in Redwood City.

I participated in the conference to try and get attendees interested in building and funding software and devices whose behavior reflects identity. I was also arguing that InfoCards, as a cross-platform phenomenon providing a consistent interface to multiple underlying identity systems, finally made this plausible.

Hoping to learn from the lessons of its unsuccessful Passport initiative, Microsoft is taking a more open tack in developing its new InfoCard identity management platform, a company executive said Tuesday.

Like Passport, InfoCard, is designed to make it easier for users to surf the Web by keeping track of their user names and passwords as they move from site to site. Unlike Passport, however, InfoCard is being designed to work on client and server software that was not developed by Microsoft.

The presentation didn't deal with the fact that InfoCards uses advanced cryptography rather than passwords, so Robert can't be faulted for this assumption.

Since the beta version of InfoCard was released in May, Microsoft has been working with developers of the Firefox and Opera browsers, as well as organizations like the Apache Software Foundation and Apple Computer, said Kim Cameron, Microsoft's chief architect of identity and access, speaking at the DataCenter Ventures 2005 conference in Redwood City, California.

“These aren't your typical Microsoft customers,” he said. “The main thing is, we need a solution that works on Linux boxes as much as it works on Microsoft boxes.”

Though the Passport identity management system now processes about 1 billion authentication requests per day, making it too popular to rightly be called a failure, the service has never gained popularity outside of Microsoft's own Web properties, Cameron said.

I argued that Passport is one of the most widely used authentication service on the Web – and its success in different roles has been determined by the Third Law of Identity:

“When it comes to identity, people want to understand why the parties to any interaction are there,” he said. “It makes sense for people to use passport, run by Microsoft… to access Microsoft properties. It didn't make sense for users to use Passport to access eBay.”

Likewise, Europeans were uncomfortable with the fact that Passport data was stored on servers in Redmond, Washington, he said.

InfoCard seeks to get around this problem by operating in what Cameron calls a “polycentric,” and “polymorphic” fashion, meaning that the software will run on different operating systems, and the data will be stored in places that make sense to the user.

After its release, Passport was blasted by privacy advocates, including the Electronic Privacy Information Center, which argued that Microsoft was not taking adequate steps to protect and give users control of their data.

At the time, Microsoft disputed these concerns, but the company now needs to welcome them, Cameron said.

“We need to invite the people who used to be called privacy extremists into our hearts because they have a lot of wisdom,” Cameron said. “This (is) not the son of Passport”

Microsoft's goal is to make it easier to create “identity-aware software,” while at the same time respecting the users privacy concerns, he said.

Privacy will become an even more important issue as the implications of wireless networking become better understood, the Microsoft executive said.

At a recent security conference pranksters tracked a Bluetooth device that Cameron was using to offer attendees a real-time map of his progress through the convention center, a light-hearted hack that underlined a more serious point.

That same kind of technology could be used to build more intelligent, bombs, Cameron said. “Nobody has thought through the privacy threats that this involved,” he said. “Now I can build a device that explodes when a specific person is in the vicinity.”

With the quality of online attacks improving, and consumer confidence already somewhat shaken by recent security scares, technology vendors like Microsoft are more pressed than ever to develop a reliable, widely used identity system for the Internet, he said. “We have to put on our tinfoil hats; we have to think through these technologies; we have to fix them.”

Published by

Kim Cameron

Work on identity.