eBay Nixing Microsoft’s Passport

UPDATED: Microsoft has lost another partner to market its single sign-on services after auction giant eBay said it will no longer support Passport and its .NET alerts.

In a notice released late Wednesday, eBay said members will have to sign in through eBay directly starting in late January.


“Once this takes place, the Microsoft Passport button that is currently displayed on Sign In pages will be replaced with links to a page with more information, including Help in case
you cannot remember your User ID or password,” the notice said.


eBay also said it will discontinue sending eBay Notifications through
Microsoft .NET alerts, and recommended that users who would like to continue receiving auction updates will be able to sign up and get them through their mobile phone or PDA.


Microsoft, meanwhile has nixed its site directory for Passport, although Passport will be very much a way of life for users of Microsoft’s Web sites, such as its e-mail offering Hotmail.

“We have discontinued our Site Directory, but you’ll know when you can use
your Passport to make sign-in easier. Just look for the .NET Passport Sign
In button!” a notice on its Passport site said.


In October, online job listing company Monster.com stopped using Passport after three
years
as a partner.

The latest move from eBay raises the question of whether Passport has a future in Redmond’s vision of using the sign-on system for accessing secure Web services .


Many analysts believe Web services, distributed computing that allows
applications to communicate with one another, will only work if vendors can promise safe, trustworthy single sign-on services to users. For example,
experts expect a combination of single sign-on and Web services to enable
shoppers to purchase goods in a mall through a handheld computer.


But Microsoft has been faced with mounting concerns about security due to a rash of
security issues in its Windows operating system and IE browser. The problems have left some customers and partners leery about subscribing to Passport or other services that require users to provide their personal information, such as address and credit card data.

The situation wasn’t helped in 2003 when two security analysts for Gartner urged financial institutions and other enterprises to stop using Microsoft’s .NET Passport service.

“Microsoft failed to thoroughly test Passport’s security architecture, and this flaw — uncovered more than six months after Microsoft added the vulnerable feature to the system — raises serious doubts about the reliability of every Passport identity issued to date,” according to a report at the time by John Pescatore and Avivah Litan for Gartner.


“[Passport] lost momentum a long time ago, and now we have significant
evidence of market erosion. I’m sure this is not the last such case we’ll
hear about,” Forrester security analyst Jonathan Penn Penn told internetnews.com.


“Remember, eBay is being hit by fraud via phishing and keystroke logging
attacks on its customers,” he said. “The last thing they need to worry about
when dealing with all these account compromises is an open door over which
they have no control. The security weaknesses and lack of control
participating organizations have in Passport (being a centralized, MS-run
service) is undoubtedly a big factor behind eBay’s decision.”


The company also faces tough competition regarding single sign-on and authentication systems. HP , Sun
Microsystems and others offer their own federated
identity service through the Liberty Alliance, which IBM
joined in October along with seven other members.


“Authentication remains a widespread industry issue,” Earl Perkins, a
security analyst at META Group, said of Liberty at the time. “An
organization capable of leveraging support from influential companies across
industries and developing and model that makes strong authentication
convenient, affordable, and interoperable between infrastructures and
authenticators… is well positioned to drive widespread adoption.”

A Microsoft spokesperson said the company’s commitment to providing partners with secure and flexible authentication services has not changed.

“Over the past couple of years, Microsoft learned a lot working with partners and customers and shifted the focus of the service to serve as a great single sign-on solution for consumers of MSN and Microsoft online services, as well as working with close partners where it made sense for both parties,” the spokesman said.

“At the same time, Microsoft and industry partners have been making great progress on a set of specifications for federation based on web services, and fully expect the Passport service to federate where appropriate via these web services-based protocols.”

Updates prior version with Forrester analyst comment and to include a comment from a Microsoft spokesperson.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web