An investigation of Microsoft's Passport protocol and issues regarding its security, privacy

Recently, a great deal of attention has been focused on Microsoft's Passport authentication service. Microsoft refers to Passport as a single sign-on solution, which allows users to sign on to one e-commerce website (or to Microsoft's Hotmail website), and retain their authentication when moving to other Passport enabled websites. The current interest has centered around a number of issues including recent security flaws found within Passport, privacy concerns relating to use of the service, and Microsoft's incorporation of the Passport Service into it's .Net initiative (Hailstorm) products. No other commonly used single sign-on solution currently exists for public web sites. There are now 165 million registered Passport users and over 200 different commerce websites the use the Passport service. Therefore it is important to look at both the benefits and the failings of the Passport service. Indeed since millions of users worldwide have Hotmail accounts that utilize Passport authentication and millions more will most likely use .Net products the security and privacy concerns of this product bear great scrutiny.