But InfoCard's use will not be limited to storing and supplying ID information for making online payments or logging in to Web sites, Microsoft said. In addition, the first version will also support other authentication technologies, such as the x509 certificates used for smart cards, according to Shewchuk.
Insiders expect InfoCard to be part of Longhorn, the next major release of Windows due next year, but Michael Stephenson, a director in Microsoft's Windows Server group, said the company does not yet have concrete delivery plans for the technology.
When it pitched Passport six years ago, Microsoft envisioned thousands of online stores and other services using the system, which would let people sign on using the same username and password used for Microsoft services.
The market largely rejected Passport as the system's security was tested by hackers and scrutinised by privacy watchers who did not like the idea of Microsoft holding user information in its own databases. Potential partners, such as e-commerce sites, also balked at the idea.
Regulators in the US and Europe eventually put restrictions on Microsoft and Passport, which today is used primarily as a login system for Microsoft services.
InfoCard is different than Passport, said Jonathan Penn, an analyst at Forrester Research. "They have learned their lesson. With InfoCard the controls are supposed to be put in the user's hands," he said.
The authentication technology is part of a larger Microsoft identity management plan. Last week at the Digital ID World conference in San Francisco, executives described the company's Identity Metasystem. This architecture is designed to lie on top of the patchwork of identity systems that exist on the Internet, to make it possible for them to talk to one another.
The Identity Metasystem will support all the major identity technologies, Microsoft said. This includes some that have been developed by traditional Microsoft rivals, such as SAML, which includes the Liberty Alliance specifications for identity federation.
Though Microsoft may have tackled, in its new ID management effort, the stumbling block that stymied its Passport push, the new technology could run into a different sort of problem, Penn said.
"Microsoft is not going to be holding your credentials, but they are developing a system upon which the security of your credentials is reliant," Penn said. "InfoCard is going to be one of those services that hackers are going to try to get part of."
Talkback
These silly Americans. Who would trust a company with their personal details that says "supereasy" anyway?!
What's the diff?
With Passport they wanted to store your identity and credentials. Now they want to be the one and only mechanism provider that enables a key to unlock your own data (that ofcourse "supports" rival systems to some extend when and for as long as needed). The achieved lock-in is still the same: try to replace them and end up with loosing access to your own data (DRM anyone?). The only things missing is the EU not coming down hard on Microsoft for still not complying to EU rules, the EU allowing Software Patents (or whatever it's called nowedays) and the EU giving the BSA what it wants.
Also interesting to note that InfoCard at first will mostly be about "functionality" rather then "security" and that some will claim that it was "customer demand" that called for InfoCard and that's why, some time in the future, it should be pushed down as a default service on each and every Windows PC out there which the average user won't be able to de-install and therefor will use whenever a pop-up advises them to do so. Thus turning it into a de-facto "standard" instantly even before the right people will start waking up to things they weren't aware of before to then go into re-active damage control mode as usual and trying to talk things down.
All animals are equal but some are more equal then others.