As we've discussed, Microsoft plans to integrate at least three .NET services in its upcoming Windows XP OS, which will replace both the Windows 9x line and its Windows 2000/NT 4.0 siblings. In recent XP beta releases, Microsoft has made available one of these services, an old favorite called Passport.
Microsoft designed Passport to extend the concept of secure authentication and user information storage to multiple Web sites. As e-commerce grew in popularity, it became obvious that requiring customers to manage and maintain a different profile for every site they visit was problematic. From the user's standpoint, this requirement means juggling a diverse set of logons and passwords, not to mention credit card information and other personal information. Two scenarios come to mind. If, for example, you replace your credit card, you would have to visit every site for which you had registered and update your credit card information. Here's another possibility that we've discussed in the past: A company with which you don't want to do business purchases a site that you frequent; as a result, the parent company now has your credit card information, buying history, and other personal information. Before Passport, you could do nothing about this undesirable consequence.
But Passport takes the authentication and user information store away from e-commerce sites and gives it back to you. Passport supplies one sign-on so that you can use one logon name and associated password at any Web site that supports the technology—no more logon juggling. Passport also currently includes a wallet service that lets you securely store credit card information so that you can make "express" online purchases without having to type in a long number and expiration date every time you visit a new site or want to make a purchase.
Today, Passport is a decent service, although few Web sites use it; some of the better known include Starbucks.com, 1-800-Flowers.com, buy.com, Expedia.com, Hilton.com, Officemax.com, and Victoriassecret.com. But the Passport of the future—which might go by Passport.NET or .NET Passport—includes a number of new capabilities that we've discussed in previous issues of .NET UPDATE. And because of its integration with the Windows XP desktop, this could be the version of Passport that finally takes off.
In XP, Microsoft takes the concept of single sign-on to a new level. Now, you can link a Passport logon to your Windows logon: That is, when you log on to XP, your Passport logon is, optionally, enabled automatically. You can configure this option using the Control Panel User Accounts applet. When you choose to change an account, you can set up that account to use Passport. The .NET Passport Wizard lets you create a new Passport account or use an existing Passport account.
Passport accounts are also tied to accounts on Microsoft's Web-based email services, including Hotmail and MSN. When you give the Passport Wizard your Hotmail email address and password, you can choose whether to sign on automatically to this Passport account. Doing so gives you a level of Windows-Internet integration that earlier versions of Windows and Internet Explorer (IE) only hinted at.
At this point, however, the integration is just a placeholder. Automatic Passport logons through Windows logons doesn't yet appear to affect any Passport-enabled sites you visit, although this will change before XP ships in October. If you fire up MSN.com, Hotmail, or one of the sites I mentioned earlier, you still have to manually log on to Passport before you can get anywhere. But in the meantime, the infrastructure is in place, and my understanding is that we'll see the integration kick in by the release of XP Release Candidate 1 (RC1) in late June.