Challenge from Liberty
Doubts about Microsoft's ability to run a centralised authentication system made it all the more appealing when a viable alternative emerged. The Liberty Alliance, a trade group formed by Sun Microsystems and backed by a number of major players, including Intel, was formed to create standards for a "federated" identity service, in which data could be securely shared among e-commerce sites without the need for a central broker.
The group recently released a major revision of its specifications and now has 31 companies shipping or working on products that support the standards, said Simon Nicholson, the chair of the business and marketing expert group at the Liberty Alliance.
"Certainly the market has spoken very clearly to say the technology we deploy must be based on open standards... and there will be no central repository of identity data; it will be a federated model," he said.
The primary selling points of the Liberty Alliance model, Nicholson said, have been that it works with a shopping site's existing technology and that it doesn't insert an outside company into the transaction process.
"Businesses have these relationships that have taken a while to mature, and they don't want to see another brand trying to insert themselves between them and their customers," he said.
Analyst Pescatore said Microsoft had erred by making its initial Passport plans too intrusive and far-reaching. "Their original architecture was pretty much that Microsoft was always in the loop; they weren't just selling you a piece of software," he said. "Then they talked about this more federated architecture, where you could put up your own Passport server, but by then it was too late."
Credit card companies and other infrastructure players were satisfied to wait for Liberty Alliance plans to coalesce. "The fact that Liberty Alliance was moving a little slow wasn't a problem, because banking and finance had no plans to use a federated identity service anytime soon," Pescatore said. "Liberty was going to base their architecture on a standard that was already in the marketplace, and that sounded good to them."
Problems with Passport coincided with waning interest at Microsoft in becoming a services company. The past few years have seen the company ditch most of the grander plans lumped under the .Net banner, which originally stood for turning software into a Web-delivered service. Instead, Microsoft is increasingly relying on third-party partners to address the services market.
"I really think they're just not interested anymore in running hosted services, except in situations where they think it's going to help them sell software," Rosoff said. "They've already suffered the PR fallout from the whole .Net My Services thing, and [Passport] is really the last shoe to drop."
However, Passport will continue to run on Microsoft sites, Rosoff said, and parts of the service will are likely to show up in future technologies.
"I think Microsoft will be evolving the technology, and maybe we'll see it in future releases," Gebel said. "If you look at Longhorn and (its Web services technology) Indigo in particular... they are certainly baking more of the Web services framework into the platform. You'll see different forms of federation there."
Pescatore said Passport especially makes sense for Microsoft's Smartphone platform for mobile phones, where the convenience of a single sign-on would be valuable. Just don't expect a repeat of the hoopla that accompanied Passport's arrival.
"Passport is not dead or dormant," he said. "It is just at a stage of, 'let's get it out there first and then start preaching the value of it.'"
