JPassport is a Java-based version of Passport which, say the developers allows J2EE applications on any platform to Microsoft's single sign-on system for user data and authentication.

read more @ http://news.zdnet.co.uk/story/0,,t272-s2106107,00.html.

I applaud all efforts to achieve interconnectivity of services and support of a multitude of vendors.

Java should always have all options available to "the dark side" as well as a few of its own.

However, the Passport service is the really distasteful part of Microsoft's .NET initiative.

As a consumer I will do my utmost to avoid getting any of my personal information registered on Passport (I guess it will not be easy). I aim to refuse to use any service that requires use of Passport and I will make sure to tell the service providers that I will not use the service unless there are alternatives and that it is obvious for every user that they may choose an alternative.

Anyone remember that movie where Sandra Bullock got her identity changed against her will by a baddie that looked very like the CEO of a very large company...

Does somebody know what the projectLiberty is rolling out ?I remember they promised months back to come out with Single Sign on specifications.

No clue. They do have a website at http://www.projectliberty.org/ but all it really says is they are still working on the spec.

Mark

What happens if the passport service is "down"? None of your users can login to your site?
What is the latency of that login?

I am not sure that I understand "outsourcing" mission critical pieces of my applications, especially over the internet.

I think these services are going to be used more at the intranet level... or maybe for little things like a stock quote service, or getting the weather ;)

Dion, I agree with you points. The latency in Web Services can kill any program if there are a lot of users or processes to run. Ten seconds in Internet time is not big deal, but to a program that is a lot of time. And if there are 10,000 users...

What happens if MS changes the interface to Passport? How are people going to know?

I refuse to get a passport account, or use the "secure" sections of any website the requires passport for login. I know many other people that do the same.

I won't even register a "bogus" passport account. The web sites will just not get my business, or in most cases my viewership if they use passport.

-Pete

It's funny to see how people always react the same way. We've been through that a few years ago when everyone was adamant about the fact that they would never give away their credit card number over the Internet.

The same will happen with Passport. You will be using Passport whether you want it or not, either explicitly or implicitly.

I can't wait for the time where I won't have to remember millions of logins and passwords. I wish it was a company other than Microsoft that was in charge of such a responsibility, though, but if you think about it, no company is more in the spotlight than them. They will be heavily scrutinized, and they will have to deliver on the security and privacy aspects.

Who would you rather give your credit card number to, a Web site ending in microsoft.com or foobar.com?

--
Cedric

I agree with you and it's a bit creepy. Remember that Passport story in November ?

http://news.zdnet.co.uk/story/0,,t269-s2098563,00.html

What kind of security service is that ? Even though they are in the spotlight and they are heavily scrutinised. And there are stories like that every week...

Microsoft Securiy sounds like a huge oxymoron to me.

                Yann

That is true, _however_!

When people use a credit card, you can choose the card company, and choose the vendor of the service you require. If we follow the route that MS would like us to, then all e-commerce transactions will be run through Microsoft controlled machines.

I don't know about anyone else but this really hits a chord with me! I don't like it!

So would you like your number on the back of your hand or your forehead? ;)

There are numerous (and better) alternatives to PassPort, which involve federations of service providers and more open technology. The most promising is XNS (http://xns.org), but they're stuck in a legal squabble with OneName Corp. Liberty is looking like they're going to be using a combo of LDAP and SAML. Excellent resource on this topic here: http://weblog.digital-identity.info./