Opening Passport

Related link: http://www.zdnet.com/anchordesk/stories/story/0,10738,2813501,00.html

Microsoft has announced that .NET will allow third party identity providers to compete with Passport. This is a surprising move -- I expected the company to wait until Passport was dominant before opening it to competition.

This move changes the landscape of their battle with AOL quite a lot. Before, Microsoft was pitting their web users, MSN users, and future XP users directly against AOL's subscribers and AIM users. That's still the case, but monopolization of the space is no longer possible. AOL's long term prospects are looking better, as are all other third party identity sources, including mom and pop ISPs, Jabber, Yahoo IM, and SMS providers like France Telecom.

The strategic consequences are that Microsoft has given up one huge weapon, the potential for their vast user identity database to bludgeon AOL's out of existence, in exchange for strengthening their presence web service (XP Messenger), strengthening the hold of their services and software infrastructure on next generation Internet providers, and strengthening the utility of Hailstorm (now patronizingly renamed ".NET MyServices").

It remains to be seen how open the system will really be, and whether Microsoft will also allow third party providers to compete with Messenger. It is also possible that the company holds patent rights which federation members would have to license.

The company had hinted recently that this might happen but was still under discussion. This move shows that both strategy and technology related to .NET are still in flux, something unusual given how huge a bet Microsoft is placing on it. One possible cause of the switch is internal conflict between pro-Internet and pro-Windows factions. To the degree that access to third party identity datastores makes Hailstorm apps more useful, the move strengthens Microsoft's PC software.

Three stories on the subject:

• ZDNet: MS: You don't trust us? OK, we'll open Passport, Hailstorm
• New York Times: Microsoft's Passport Sign-On System Will Work on Rival Sites
• MSNBC: Microsoft to open Passport to rivals

Postscript:

According to Dave Winer on the [Decentralization] list,

I just got off the phone with Chris Payne and Hal Howard from Microsoft, and
think I can clarify.

Today's announcement is about Kerberos only. They said that at this level
their system is open, meaning that users can choose a different server from
Microsoft's to manage their identity.

Higher level issues, schema for user data, and protocols for connecting
desktop apps to clouds are not being discussed now; however they said that
they would be released with a similar philosophy.

They may have patents, and if they have them they will use them.

WSDL, UDDI and SOAP are the underpinnings of the next level(s) up.

We had a long wide-ranging discussion of what open means, and what level of
choice will be necessary for independent developers to be willing to invest
in Microsoft's new platform.

A quick take on that news is that Microsoft is reserving the right to provide the server software for third parties that can compete with Passport.

Postscript #2, Sept 22:

The Register has this story, which gives the best overview I've seen of the incompatibilities between MS Kerberos and others.

Thoughts?