Microsoft Expands Passport to Enable Universal Single Sign-In

REDMOND, Wash., Sept. 20, 2001 — Microsoft Corp. today announced plans to expand its popular Passport authentication service to interoperate with enterprises, network and other service operators to deliver trusted, universal single sign-in spanning multiple organizations and services.

“The challenge of providing universal single sign-in is larger than any one company,”
said Bob Muglia, group vice president of .NET Services at Microsoft.
“We invite the industry to participate in this federated model that bridges today’s islands of authentication into a trusted network for users, Web site operators, wireline and wireless carriers, and corporations that will unlock the power of Web services, which is the foundation of our .NET vision.”

Under the changes announced today, Passport will use the proven Kerberos standard to do open and federated authentication among organizations, erasing the technical barriers that prevented the trustworthy sharing of user credentials among independent, competing or otherwise incompatible systems. The move is intended to facilitate a trusted, interoperable authentication network across the Internet, bring universal single sign-in to all users and provide interoperability among different enterprise and service authentication systems. Passport will support universal single sign-in next year while the forthcoming Microsoft® Windows® .NET Server will allow organizations of all sizes to easily and securely participate in the Internet trust network.

Open, Federated Authentication

Authentication is the process of uniquely and securely identifying a user, after which particular privileges on a particular site, service or network can be determined. Microsoft is inviting the entire industry, including Web sites, enterprises and competing service operators, to participate in the creation of the broader Internet trust network, which will work a manner similar to that of the ATM network created by the banking industry.

This federated model allows organizations to retain fine-grained and secure control over their user identities, profiles and other business data, while participating in a trusted network that delivers a unified experience to users. The trust network is built on a common set of technical and operational guidelines and is open to any organization supporting those standards. Microsoft will lead in the formation of this network by making Passport, the world’s largest Internet authentication system, available for federation with other authentication systems.

Passport will support Kerberos 5.0, a widely adopted open standard for authentication initially developed at the Massachusetts Institute of Technology and standardized by the Internet Engineering Taskforce. The Kerberos standard provides a secure mechanism for creating trusted relationships across otherwise distinct boundaries. As the technical mechanism for creating an Internet trust network, it is well known to the security community and is supported by a wide variety of vendors.

Enterprises Maintain Security, Increase Efficiency

Today, corporations already have internal authentication systems for single sign-in and secure access to internal information on corporate networks. The challenge for most corporations is how to extend this same seamless, secure

access to their customers and business partners. The new Passport federated functionality will make it easier than ever for corporations to securely bridge existing authentication mechanisms with external systems, simplifying the lives of employees, customers, partners and IT managers who must use and administer parallel authentication systems today. By associating a Passport identity with a Windows .NET Server identity, Microsoft has begun

to tear down the wall that has forced customers to separate their internal network and extranet systems from each other.

Windows 2000 supports the Kerberos v5.0 standard today. Windows .NET Server makes it easy for enterprises using Windows .NET Server and the Active Directory™
service to extend universal single sign-in from inside the organization to the Internet through trusted interoperability with Passport and other services that support the Kerberos-based trust network.

Passport Users Benefit From Single Sign-In Today


With more than 165 million accounts, Passport is the leading authentication service providing single sign-in across multiple Web sites. Passport users can use one sign-in name and password across multiple Web sites and services. In addition, Passport offers significant benefit for Web site and service operators because it helps streamline sign-in and registration processes, giving customers a secure, customized experience. The advent of an interoperable Internet trust network will extend the benefits of Passport to enterprises and other service operators.

“If we are going to be successful in building a trusted authentication network across the Web, we will need broad participation from industry, government and public policy groups,”
said Muglia.
“In fact, we are committed to furthering this dialogue at the Trusted Computing Conference, to be held in early November in Mountain View, Calif.”

More news and technical information about

how developers can participate in the Internet trust network will be available at Microsoft’s 2001 Professional Development Conference in Los Angeles, October 22-26. Bill Gates, chairman and chief software architect, will provide developers with a deeper look at the new world of software services and how the .NET platform is creating new opportunities to build and use XML-based Web services. Those interested can register for PDC 2001 at http://msdn.microsoft.com/events/pdc/ and learn how to take advantage of the next-generation Internet.

About Microsoft

Founded in 1975, Microsoft (Nasdaq
“MSFT”
) is the worldwide leader in software, services and Internet technologies for personal and business computing. The company offers a wide range of products and services designed to empower people through great software — any time, any place and on any device.

Microsoft, Windows and Active Directory are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass/ on Microsoft’s corporate information pages.

Related Posts

Q&A: Open Passport Enables a “Network of Trust”

Christopher Payne, vice president of Microsoft’s .NET Core Services Platform, discusses the company’s announcement that Passport, the world’s largest Web authentication system, will be open to “federation,” or interoperation among multiple enterprises and service providers.