Citigroup Gets A Passport

There are two significant results to Microsoft Corp’s
announcement on Wednesday that it has signed up Citigroup to .Net
and its Passport technology … results that signal both a compromise and the
potential of huge gains for the software behemoth that wants to be “King of Web Services.”

As part of the deal, customers on Passport-enabled Citigroup sites will
first sign on to Passport, then authenticated by Citigroup using one of its
own passwords. They will get a whole range of features incorporating the
best of Web services, from .Net Alerts by phone, pager or email telling
customers when they’ve reached their credit card limit or when a bill is due.

In return, Citigroup becomes Microsoft’s preferred payments provider, with
promotional presence throughout MSN, Microsoft’s Internet provider arm.

“This will allow us to acquire new customers, increase usage of Citi Cards
for online purchases and support our existing customers better,” said
Steven J. Freiberg, Citi Card president and chief executive officer.

Microsoft’s stance since the inception of its .Net framework has been one
of single user, single authentication. The announcement signals a seeming
compromise in that thought process, according to one analyst, since the
customer is also required to sign in at the Citigroup point of entry, or
gateway.

Dana Gardner, an analyst for the Aberdeen Group, says this approach is more
in line with the federated (or multiple) ID management standard endorsed
by the Liberty Alliance, a standards body that feels a centralized gateway
gives that provider too much power.

“The whole idea (at Microsoft) was of a single sign on that you would use
to get on Passport and other applications,” he said. “By having Citigroup
authenticate their users, it gives them the opportunity to at least take
partial ownership of this gateway relationship.”

The compromise is an important one, however, since it nets (no pun
intended) one of the largest credit card companies in the U.S. and will
likely convince other companies managing sensitive data to take a chance in
the fledgling Web services industry.

Sean Sundwall, .Net public relations manager, said even though Microsoft
has sped up the time table for using federated ID management with its
customers, it’s not really a compromise.

“That’s its a compromise is only partially correct,” he said. “We don’t
expect any company to give up control of its sensitive data, we welcome any
company that wants to have their own authentication process in place. At
the end of the day, they are responsible for the data in their network.”

Citigroup is the second major corporation to sign onto the .Net
platform. Last year, Federal Express signed on to give
its customers real-time management of their packages and accounts.