11 October 2002 Software giant Microsoft says it will publish some of the source code for its Passport authentication system in a bid to persuade developers to adopt it. It will be release the code under its Shared Source Licence.
The idea is that by sharing the source code with partners and approved developers, it will make it easier for them to include support for Passport in their products and services. However, organisations that adopt Passport will still have to pay to access the service.
The element to be opened up is called Passport Manager. This is the communications module that is embedded on the web site or in the application that an organisation is deploying. It communicates with the Passport servers to provide authentication.
At the same time, Microsoft is also building a number of new features into Passport. First is support for the Security Assertion Mark-up Language (SAML), an XML-based standard intended to support single sign-on, whereby one login and password can grant access to multiple systems.
Second, Microsoft plans to release a product called Passport Password Quality Meter intended to test the security of users’ passwords. The idea is that it will help weed out ‘weak’ passwords that can be easily cracked.
Finally, the company says that it will also build in support for the Kerberos encryption and authentication standard during 2003. However, Microsoft provoked a storm of criticism when it implemented Kerberos into the Windows 2000 operating system in a manner that meant that it could not easily interoperate with other vendors’ Kerberos implementations.
Microsoft’s Shared Source Licence is a response to the growing popularity of open source software and its benefits in helping to iron out bugs and security defects in software code.