Single sign-off
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
Hundreds of companies have got behind Microsoft and Suns respective single sign-on technologies. But is it all really worth it?
When Sun Microsystems CEO Scott McNealy founded a 'single-sign on' initiative with a group of senior CIOs in September 2001, dubbed the Liberty Alliance, supporters portrayed him as the 'white knight', riding in to save the day from Microsoft and its 'insidious' alternative, the Passport authentication service.
But in truth, no white knight was necessary. Microsoft required no assistance in running Passport into the ground.
It all seemed so different when Passport was switched on in 1999. It instantly became the biggest service of its kind, launched off the back of Microsoft's hugely popular Hotmail-branded hosted email service. The user names and passwords of Hotmail subscribers were automatically subsumed into Passport,
| ||
In the process, Microsoft would create one of the world's biggest and most valuable databases. It wanted to charge commercial companies a fee to access and sell to the Passport user pool.
But none of this has worked out quite as Microsoft planned. Only a comparative handful of users have actually stored their credit card details on the Passport service, admits Peter Bell, the head of strategy for Microsoft's .Net developer group. This is assumed to be because of security concerns.
But there is a more fundamental problem with Passport: not enough businesses and consumers, rightly or wrongly, trust Microsoft with their own customers' details. "Nobody wants to delegate the management of their customer to someone else," least of all Microsoft, says Laura Koetzle, a Forrester Research analyst.
Microsoft has tried to play down these problems. Above all, it says, Passport was never meant to be a standalone revenue-generating product - after all, it charges a flat annual fee of just $10,000 to companies wanting to connect to the Passport service.
Instead, Microsoft regards Passport as an important first step in the company's long-term vision of delivering software to subscribers over the web. "As we see more software-as-a service plays, we will see consumers demanding more single sign-on," says Bell.
Liberty Alliance
Meanwhile, what of the Liberty Alliance? To its critics, the group has made little progress. The Liberty Alliance has only 65 affiliates, and some analysts have questioned whether the group's first set of specifications, released in July 2002, adds much to existing authentication.
The Liberty Alliance, for its part, insists that its 'federated' model will mean it can sidestep some of Passport's pitfalls. Businesses will still own their customer details, but can pass authenticated users on to the web sites of their business partners. All this can be done without having to reveal their competitive knowledge about the customer to other companies.
"Companies want to share customers' identity - not their CRM [customer relationship management] profile," explains Nokia's Timo Skytta, who heads a team designing Liberty Alliance's specifications.
But the real question facing both Passport and Liberty Alliance is whether there is demand for single sign-on at all. According to several surveys carried out by John Pescatore, a Gartner analyst, consumers are not interested in it because they typically use the same user name and password for every site they access. Ovum's Neil Machiter agrees. "My wife uses cookies to identify herself to the websites she uses. As far as she's concerned she is already getting single sign-on."
Whether the technology industry is prepared to accept this is another matter. But, says Microsoft's Bell: "I think consumers value security and privacy more now than they did... but not as much as the computer industry would like."
