Slashdot Mirror

← Back to Stories (view on slashdot.org)

eBay Retires MS Passport Sign-In

Posted by samzenpus on from the verify-this dept.

fihzy writes "eBay have announced they will retire Microsoft Passport Sign-In and .NET alerts. The Microsoft Passport Directory of Sites has been discontinued, too. Is Microsoft's Single Sign-On vision edging towards oblivion?"

9 of 304 comments (clear)

  1. Edging into oblivion? by douthitb · · Score: 5, Funny

    Did I miss something? Was Microsoft's single sign-on vision ever in danger of becoming main stream?

    1. Re:Edging into oblivion? by killjoe · · Score: 5, Insightful

      Although MS has suffered from a lot of spectacular failures latelly, anything they do is in danger of becoming main stream. A monopoly on the desktop and office software is a tremendous weapon to wield against the rest of the world.

      --
      evil is as evil does
    2. Re:Edging into oblivion? by skrolle2 · · Score: 5, Interesting

      I used to work on a similar system for another major portal business, although only for our own portfolio of websites, and we took this stuff really seriously for a while. When eBay joined, we were starting to get a bit scared, because if the passport thing had taken off, our business would have gone bye-bye.

      The worst thing about Passport and the related .Net services was that MS intended not only to store a username and password, but store ALL user information. Participating sites would then have free access to the information they contributed to the system, but would have to pay for anything else. Also, using the entire .Net portfolio would have made it simple for web developers to build a system with a "secure" passport logon and user database, but VERY difficult to obtain control over their own data. Microsoft, on the other hand, would have complete access to all user data regardless of source. They could have become the gatekeeper, the only company with control over user data, and everyone else paying them for data mining rights in their own data. We should be VERY thankful that it didn't take off.

      In retrospect, Microsoft made a bunch of mistakes:

      1) The whole thing got muddled in the general confusion of .Net.

      2) Most other web companies actually valued control of their user data more than ease of development.

      3) No user demand for single sign-on, either because users don't care, or because they actually value their privacy and don't want different websites to share user data.

      It's finally gone. Good riddance.

  2. Good idea, bad implementation by prostoalex · · Score: 5, Insightful
    The idea is not that bad - instead of thousands of sites and message boards requiring registration, login and confirmation of the e-mail, have just one single entity provide and verify the virtual avatar.

    As a Webmkaster, I would like to have some simple authentication solution, so that the users dont have to register in forums and what not to post. However, the implementation is just unacceptable:

    There are two fees for licensing Passport: a periodic compliance testing fee of $1,500 US and a yearly provisioning fee of $10,000 US. The provisioning fee is charged on a per-company basis.


    Small sites who would benefit frim such service don't have $10,000 to throw around, and large sites, which do have the money, just will write their own username+password code.
  3. Re:FYI by tourettes · · Score: 5, Informative

    That should be http://en.wikipedia.org/wiki/Microsoft_.NET_Passpo rt

    --
    tourettes
  4. It never was. by Fortran+IV · · Score: 5, Informative

    Microsoft's Passport sign-on was never a single-entry system, even within Microsoft's sites. Not long ago they started requiring a Passport account to post to the MS support newsgroups, so I reactivated an old Hotmail account. Surprise! Logging on to Passport thru their newsgroups did not get me into Hotmail; I had to enter the Passport account and password individually for each system, whether I entered them sequentially or simultaneously thru two browser windows.

    As usual, Microsoft paid as little attention to their proposed standard systems as the rest of the industry. (Remember, Windows Notepad didn't get the Ctrl-O and Ctrl-S shortcuts until Windows 2000, even though other MS programs had them in Windows 3.x.)

    --
    I figure by 2030 or so my 6-digit UID will be something to brag about.
  5. Bad idea, implementation irrelevant. by Tackhead · · Score: 5, Insightful
    > The idea is not that bad - instead of thousands of sites and message boards requiring registration, login and confirmation of the e-mail, have just one single entity provide and verify the virtual avatar.

    Bad idea, implementation irrelevant.

    Instead of having to compromise each site (presumably on a semi-secure server), have just one single entity provide and verify the virutal avatar... based on data resident on a machine administered so incompetently as to have six types of spyware and four spammer worms on it because the underlying operating system is as secure as swiss cheese.

    > Small sites who would benefit frim such service don't have $10,000 to throw around, and large sites, which do have the money, just will write their own username+password code.

    ...thereby saving themselves $10K, thereby limiting the damage from compromise to Just One Site, and thereby offering better security to the end user by accident.

    I've lucky in that got a good "mind" for (secure!) passwords and have no trouble remembering dozens of them.

    But even if I didnt... even if I wrote all my userid/password combinations on Post-It notes, a Post-It note resides in an area with reasonably secure physical access controls. Not so with a network-connected PC and a single-signon application.

  6. Re:I actually used it by prostoalex · · Score: 5, Interesting

    Heh, yeah, that's true, Passport tends to lose your authentication cookie more often that a 3-year-old would lose his toys. You have financial losses, I would just get frustrated.

    On top of that I used their hotmail account to register for the Passport, since that's their recommended option. I never use Hotmail for my daily webmail, in fact, the only message I have there is a thank-you for signing up. The bozos from hotmail kept threatening me with turning off the account, and they did execute their threats every 90 days. So unless I remember to log in to the Hotmail account, which I never use, I lose my passport, and have to go through easy but still frustrating retrival system at hotmail.

    The guys who designed this system are probably competing with Clippy team on who builds the most annoying product.

  7. One account for EVERYTHING... no thanks! by turrican · · Score: 5, Insightful

    The thought of a single web-based logon for access to so many different entities kinda scares me... Especially once it spans across companies.

    It's sometimes irritating to remember a number of different logons/passwords, and maybe I'm just paranoid, but I prefer the compartmentalization that separate logons brings.