Microsoft to Share Passport Source Code

Redmond hopes to increase enterprise use of its single sign-on solution.

• By Matt Migliore
• 10/16/2002

Craig Mundie, Microsoft's CTO, speaking last week at the Digital Identity World 2002 Conference in Denver, said the company will begin providing access to Passport code in November under Microsoft's Shared Source License—a relatively new program that allows developers to use certain elements of Microsoft code for integration efforts, as well as for debugging and testing.

Previously, Microsoft has exposed the code for Windows CE and portions of its .NET Framework under the Shared Source License. Passport is the latest addition to this effort.

Under terms of Microsoft's open-source program, authorized code is free to academics, developers and governments. However, organizations that actually deploy Passport as part of a single sign-on solution will still have to sign a contract and pay for the service.

By giving developers access to Passport code, Microsoft is making it easier for them to build applications that plug into the system. The company hopes this will increase enterprise adoption of Passport.

Shawn Willett, principal analyst for IT market research firm Current Analysis Inc., says Microsoft has been working to cast Passport as more of an enterprise-ready solution rather than a consumer-oriented offering. Passport has been particularly successful in attracting the consumer market to Passport, says Willett, but it hasn't yet been able to get buy-in from the enterprise. "I think it has been a challenge for Microsoft to get Passport into the enterprise and b-to-b markets."

Willett says enterprises have been particularly hesitant toward Passport because they want to be able to control their own database of user names and passwords, rather than turn it over to Microsoft.

When Passport was originally launched, the technology was configured to house all authentication information in a data repository hosted by Microsoft. When concerns were raised about Microsoft's right to use that information for other interests, and its ability to effectively secure it, the company began a marketing push that promised to federate Passport.

As part of its federated strategy, Microsoft has promised to give organizations using Passport more control over their own customers' authentication information. It has also vowed to add support for standards such as SAML (Security Assertion Markup Language) and Kerberos within Passport, which would give enterprises more flexibility to incorporate the technology into their existing identity systems. However, it has been slow to bring significant product enhancements to market that make good on those promises.

According to Willett, the move to open some of the code for Passport shows Microsoft is starting to make concrete efforts that appeal to the enterprise. Until now, Willett says Passport hasn't been getting much uptake among enterprise users. "It's been slow going [for Passport in the enterprise]," says Willett. "[Microsoft] just hasn't had the products around Passport to generate enterprise interest."

Even if Microsoft is able to surround Passport with solid products for enterprise users, Willett says the company will still have to overcome stiff competition from established vendors in the space, including VeriSign Inc., which has been very successful in selling identity systems to the enterprise.