Microsoft secures Passport while lobbying interest groups
Consumer Association unconvinced
Microsoft will take first its steps towards delivering a federated version of Passport this year, releasing tools enabling developers to build Kerberos protocols into the online security system ahead of a full product release in 2003,Gavin Clarke writes
The company told Computerwire it planned a series of Software Development Kits (SDKs) to implement the network authentication protocol into Passport later this year. A full version of Passport, built on Kerberos, is expected next year.
"The road to Kerberos in Passport is being fleshed out. It will be next year before we see a fully Kerberos-capable model," said Microsoft's recently appointed .NET policy and regulatory affairs manager, John Noakes. He was unable to say when the SDKs will become available.
The executive spoke as he embarked on a campaign to lobby powerful consumer and business groups over Microsoft's track record on software security and data protection. Noakes has met the Confederation of British Industry (CBI) and will soon meet the Consumers Association, the UK's best-known consumer lobby group. Microsoft revealed its lobbying strategy in January.
The company is anxious to redress its poor reputation over security and data protection. Microsoft wants to ensure Windows, Internet Explorer and Passport overcome this, and are considered in major government initiatives and business projects.
Noakes said early discussions had indicated lack of knowledge about software like Passport, and some criticisms were poorly informed. "I have to start at the beginning to explain what Passport is and what it does. When people are in full possession of the full facts there isn't as much negative sentiment," he said.
The CBI is vital in helping Microsoft. The organization relies on members to formulate responses to European Union and UK government regulations. Microsoft, a CBI member, hopes it can clean its track record and then position itself as a participant in CBI activities relevant to software and security.
A CBI spokesperson indicated Microsoft's approach could prove successful. "It was a two-way, beneficial meeting on how the CBI can get Microsoft involved as a member on various security issues coming up," she said. The spokesperson was unable to say what security issues would be tackled in future.
Noakes will receive a rough reception at the Consumers' Association, though, where concerns center on potential for mis-use of personal data in Passport.
Alan Stevens, the Consumer Association's head of digital services, said Microsoft may have to agree to financially compensate consumers whose personal information is abused or hacked.
"I'd like to know what they use the data for and what the security systems are wrapped around it. There's no absolute security. There's always the fear and concern that someone with the appropriate skills can hack it," Stevens said.
The Consumers' Association is also hostile to what it believes are abuses by Microsoft of its desktop monopoly. Stevens said Microsoft must work closely with consumers on product development and delivery cycles, reducing bugs in its software. He claimed Microsoft has exploited its market strength to force upgrades on consumers. "The main problem is the way Microsoft rushes products to the market to get more money in the till," he said.
© ComputerWire.com. All rights reserved.
Sponsored: Today’s most dangerous security threats