Issue No. 07 - July (2003 vol. 36)
Rolf Oppliger , eSecurity Technologies
<p>Part of its .NET initiative, Microsoft's set of Web services includes .NET Passport, a password-based user authentication and single sign-in service. The system offers a simple and sufficiently secure alternative to privilege-management infrastructures and public-key infrastructure for many applications and services.</p><p>Released in 1999 and used in many Web-based applications and services, .NET Passport and its SSI service have been criticized for poor security and privacy. Its centralized nature makes it possible that other problems and security breaches will occur.</p>
R. Oppliger, "Microsoft .NET Passport: A Security Analysis," in Computer, vol. 36, no. , pp. 29-35, 2003.