The continuing stream of product enhancements and developments and— as a result—the many Passport versions released over the last three years illustrate the important role Microsoft has reserved for the product. In 2001 Microsoft positioned Passport as the basic building block for its consumeroriented Web services initiative—also known as “Hailstorm.” In late 2001 Microsoft commissioned Ready Run Software to port the Passport SSO solution to Sun Solaris and Redhat Linux (more information is available at http://www.rtr.com/Ready-to-Run_Software/passport_press_release.htm).[3 ]In 2002, Microsoft revealed plans for an MS Passport version 3.0 that will be rooted on the WS-security standards (explained below).
Microsoft has to face many competitors in this space. The growing industry focus on identity management gave way to many players in the Web SSO space. At the time of writing, we can easily say that all major software vendors are involved in this game.
The standardization efforts in the federation and Web identity management space are also progressing in a very competitive way. Whereas Microsoft, IBM, and Verisign are pushing the Web services security standardization initiative (WS-Security),[4] most other major software vendors stick to the Liberty Alliance[5] and the Security Assertion Markup Language (SAML)[6] as the building blocks for a Web-based SSO infrastructure and federated Web services. Federation will be covered in Chapter 9.
[3 ]The Passport SDK for Solaris and Linux can be downloaded from http://msdn.microsoft.com/library/default.asp?url=/downloads/list/websrvpass.asp .
[4]See http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwssecur/html/securitywhitepaper.asp.
[5]See http://www.projectliberty.org.
[6]See http://www.oasis-open.org.