To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/webservices/0,39024657,39126828,00.htm

Leader: Decline of Passport a privacy win
Industry rallies and saves the day...

By silicon.com

Published: Tuesday 04 January 2005

While many of us were on holiday between Christmas and New Year's Day, eBay announced it is dropping Microsoft's Passport - a service for storing passwords and credit card details for multiple websites.

The parting was particularly noteworthy as eBay was among the first to adopt the service back in 2001 - and, it may turn out, among the last to drop it.

Following the eBay news, Microsoft admitted it would stop seeking out new customers for Passport, though it will continue to support the service and use it across MSN and other Microsoft sites.

The news was not entirely surprising. Another once-loyal customer, Monster.com, stopped using Passport in October. And earlier this year Microsoft had already started to morph the service from an all-Redmond offering to tools that can work with other companies' identity management software.

Almost from its inception, Passport saw considerable opposition, as privacy advocates objected to the central repository of sensitive information, trade regulators complained about violating data protection laws and security experts discovered a major flaw in 2003.

We will suppress the impulse to poke fun at Microsoft for having to face the embarrassment of pulling back a product it once touted as the great populariser of web services. Everyone makes mistakes and knowing when to quit is often a sign of good business management.

What's interesting here is the combination of forces that led to Passport's downfall - most notably the united front of competitors opposing it with the Liberty Alliance. Including heavyweights such as Sony, Sun, HP, Oracle and Intel - and adding new members by the handful - the Alliance formed soon after Passport's debut and seeks to create an authentication standard for web services that makes it easy for companies to create their own Passport-type offerings.

This is a win for online privacy and security. It shows even a Microsoft couldn't force a questionable option upon us - as they did with the notoriously vulnerable Internet Explorer.

The idea of handing over sensitive data to a single central player - whether Microsoft or someone else - may have been doomed from the start but still the industry rallied and made sure it didn't prevail. How much better off would be we in terms of online privacy if this happened more often?