How Safe is a .NET Passport Account in Windows XP Professional?
Go back in time about 10 months, and you'll recall the big launch of Microsoft's unified e-commerce strategy, Hailstorm. Now fast forward to today, and you see Microsoft canceling Hailstorm, pulling the plug right before its premier developer event, TechEd in New Orleans. What gives? The issue is that of security around Passport, because that was a critical aspect of the broader Hailstorm initiative. Without Passport, there is no Hailstorm. But the concept of having Passport act as a Registry of the most confidential of all your data, in effect, has proved to be at risk of security breaches.
It's a Hailstorm Out There! Not...
Microsoft is quietly backing away from Hailstorm, and its inability to really address Passport security issues can mean only one thing: Passport is expected to be the catalyst of e-commerce growth in future .NET initiatives, and by ignoring this issue, Microsoft must be hoping it will just go away.
Let's get to the first question: How safe is Passport? Do the Web services for integration in .NET really deliver? While .NET is shown at the latest TechEd to be capable of handling mapping (so can GPS devices) what's the go-forward .NET strategy for commerce?
Clearly, Microsoft has to either step up and fully define what steps it is taking to make Passport more secure, or force another transaction technology into the .NET development plans. With Passport compromised and not reliable for transactions, what's the best approach for handling transactions on the Microsoft platform?
Get All Confidential Data Out of Passport Accounts Until Microsoft Shows Evidence Security Is Better
On the one hand, Passport is actually a communications tool. The concept of using Passport in conjunction with MSN doesn't really show any major security issues. However, the inclusion of logins, passwords, and credit card data can jeopardize yours and your user's privacy. Stay away from using passwords for transactions.
For Securing Transactions, Look to Best-of-Breed Application Servers and Tools
Clearly, if you are already committed to .NET as a development platform, the questionable security of Passport may make you rethink part of your commitment for personalizing transactions. Look to best-of-breed vendors who are offering development tools for initiating and completing transactions for a replacement for Passport. If you are still looking at a development platform, consider BEA WebLogic or WebSphere. This is especially true if you are just starting your development strategy and need to have an application that can scale outside the four walls of your company. BEA's development tools are very good at defining a Web service, for example.