InfoCard not son of Passport, says Microsoft executive

Hoping to learn from the lessons of its unsuccessful Passport initiative, Microsoft is taking a more open tack in developing its new InfoCard identity management platform, a company executive said Tuesday.

Like Passport, InfoCard, is designed to make it easier for users to surf the Web by keeping track of their user names and passwords as they move from site to site. Unlike Passport, however, InfoCard is being designed to work on client and server software that was not developed by Microsoft.

Since the beta version of InfoCard was released in May, Microsoft has been working with developers of the Firefox and Opera browsers, as well as organizations like the Apache Software Foundation and Apple Computer Inc., said Kim Cameron, Microsoft's chief architect of identity and access, speaking at the DataCenter Ventures 2005 conference in Redwood City, California.

"These aren't your typical Microsoft customers," he said. "The main thing is, we need a solution that works on Linux boxes as much as it works on Microsoft boxes."

Though the Passport identity management system now processes about 1 billion authentication requests per day, making it too popular to rightly be called a failure, the service has never gained popularity outside of Microsoft's own Web properties, Cameron said.

"When it comes to identity, people want to understand why the parties to any interaction are there," he said. "It makes sense for people to use passport, run by Microsoft... to access Microsoft properties. It didn't make sense for users to use Passport to access eBay."

Likewise, Europeans were uncomfortable with the fact that Passport data was stored on servers in Redmond, Washington, he said.

InfoCard seeks to get around this problem by operating in what Cameron calls a "polycentric," and "polymorphic" fashion, meaning that the software will run on different operating systems, and the data will be stored in places that make sense to the user.

After its release, Passport was blasted by privacy advocates, including the Electronic Privacy Information Center, which argued that Microsoft was not taking adequate steps to protect and give users control of their data.

At the time, Microsoft disputed these concerns, but the company now needs to welcome them, Cameron said.

"We need to invite the people who used to be called privacy extremists into our hearts because they have a lot of wisdom," Cameron said. "This (is) not the son of Passport"

Microsoft's goal is to make it easier to create "identity-aware software," while at the same time respecting the users privacy concerns, he said.

Privacy will become an even more important issue as the implications of wireless networking become better understood, the Microsoft executive said.

At a recent security conference pranksters tracked a Bluetooth device that Cameron was using to offer attendees a real-time map of his progress through the convention center, a light-hearted hack that underlined a more serious point.

That same kind of technology could be used to build more intelligent, bombs, Cameron said. "Nobody has thought through the privacy threats that this involved," he said. "Now I can build a device that explodes when a specific person is in the vicinity."

With the quality of online attacks improving, and consumer confidence already somewhat shaken by recent security scares, technology vendors like Microsoft are more pressed than ever to develop a reliable, widely used identity system for the Internet, he said. "We have to put on our tinfoil hats; we have to think through these technologies; we have to fix them."