Microsoft Passport

Information about Microsoft Passport

Windows Live ID
Windows Live ID logo
A screenshot of Windows Live ID Sign-in page Windows Live ID Sign-in page
Developer:	Microsoft
Website:	http://login.live.com

Windows Live ID (originally named .NET Passport; briefly Microsoft Passport Network) is a "unified-login" service developed and provided by Microsoft that allows users to log in to many websites using one account. It was originally positioned as a single sign-on service for all web commerce.

Product overview

Most of the web sites and applications that use Windows Live ID are Microsoft sites and services such as Hotmail, MSNBC, MSN, Xbox 360's Xbox Live, the .NET Messenger Service, Zune or MSN subscriptions, but there are also several other companies affiliated with Microsoft that use it, such as Expedia and Hoyts. Users of Hotmail or MSN automatically have a Windows Live ID that corresponds to their accounts. Most recently user log in data has started to allow demographic targeting by advertisers using Microsoft adCenter.

Microsoft's Windows XP has an option to link a Windows user account with a Windows Live ID (appearing with its former names), logging users into Windows Live ID whenever they log into Windows.

Windows Live ID's relationship to Windows CardSpace, a component of Windows Vista, is unknown at this time; Microsoft's own Chief Identity Architect, Kim Cameron, has questioned Windows Live ID in his Laws of Identity, many of which are violated by Windows Live ID.

On August 15, 2007, Microsoft released Windows Live ID Web Authentication, opening Windows Live ID to web site developers.

Technical overview

A new user entering a commerce server will first be redirected to the nearest authentication server, which asks for username and password over an SSL-secured connection, unless the user can present a valid GLOBALAUTH-cookie. In return, a newly accepted user (a) has an encrypted time-limited GLOBALAUTH-cookie implanted on his computer and (b) receives a triple DES encrypted ID-tag that previously has been agreed upon, between the authentication and the commerce server. This ID-tag is then sent to the commerce server, upon which the commerce server plants an encrypted LOCALAUTH-cookie in the user’s computer, also time-limited. The presenting of these LOCAL and GLOBAL cookies to various commerce and authentication servers prevents the need for authentication within the time of validity, as in the Kerberos protocol.

If the user actively logs out of Windows Live ID, these cookies will be removed; however, users are often confused by other commerce server logout functions, and unintentionally leave these cookies intact. The service also depends on users allowing their browsers to ship cookies to servers other than the one they originated from.

Following recent updates to Windows XP, some users experience popups asking them to enter their Windows Live ID whenever they browse to their Documents and Settings/username/ folder, whether or not they have such an ID or use those services. This can be prevented by deleting the item "My web sites on MSN" from the NetHood subfolder in this folder, which apparently causes this by trying to access the network.

Digital rights and early criticism

Windows Live ID (at the time Microsoft Passport) was criticized by the Electronic Frontier Foundation's staff attorney Deborah Pierce as a potential threat to privacy after it was revealed that Microsoft would have full access to and usage of customer information.^[1] The privacy terms were quickly updated by Microsoft to allay customers' fears.

Security issues

Windows Live ID is used by many services to prove ownership of a user's e-mail address. However a security breach was found in Windows Live ID on June 17 2007 by Erik Duindam, a web developer in the Netherlands, who reported a "critical error was made by Microsoft programmers that allows everyone to create an ID for virtually any e-mail address." ^[2]

The problem arose around the e-mail verification link received upon a new Windows Live ID registration. A procedure was found to allow users to register invalid or currently used e-mail addresses. After registration with a valid e-mail address that the user does have access to, a verification link is received. Before using it however, the user is allowed to change the initial email address to one that doesn't exist, or an existing email address currently used by another user. After logging out a second time and confirming using the first link, the Microsoft system simply confirms the account using the invalid or unowned email address. This implies possible privacy and identity risks, for example a colleague pretending to be the user's manager or a media reporter pretending to be an investor using the Windows Live Messenger service.

This problem was acknowledged and fixed by Microsoft on June 19 2007. Without confirmation of the e-mail address, Microsoft will include a warning with any future instant messages sent on Windows Live Messenger, which will appear as "fake@emailaddress (E-mail Address Not Verified)." However, any existing accounts created with fake e-mail addresses were still active as of June 20 2007 without the warning message. Microsoft did not provide any further information on the security flaw's impact.^[3]

References

1. ^ Privacy terms revised for Microsoft Passport
2. ^ [1] "Windows Live ID security breached" on erikduindam.com
3. ^ "Windows Live Bug Opened Door to Scammers" - PC World

External links

• • [ e] Windows Live
Web Services:	Account • Alerts • Barcode • Betas • Calendar • Clipboard • Contacts • Core • Custom Domains • Drive • Expo • Favorites • FolderShare • Gallery • Help Community • Home • Hotmail • ID • Live.com • OneCare Safety Scanner • Silverlight Streaming • SkyDrive • Spaces • Translator
Live Search:	Academic • Books (Publisher Program) • Maps • Products (Product Upload) • QnA • Video
Software Applications:	Installer • Mail • Messenger (Agents • Call) • OneCare • OneCare Family Safety • Photo Gallery • Toolbar • TV • Writer
Developer APIs:	Dev • Data • SDK
Mobile Services:	Hotmail Mobile • Live.com Mobile • Messenger Mobile • Search Mobile • Spaces Mobile
Microsoft Live Labs:	Astoria • Deepfish • Photosynth • PhotoZoom • Relay Service • Security Token Service
Discontinued Services:	Search Center • Shopping • WiFi Center

Software development is the translation of a user need or marketing goal into a software product.^[1]^[2] Software development is sometimes understood to encompass the processes of software engineering combined with the research and goals of software marketing
..... Click the link for more information.

Microsoft Corporation

Public (NASDAQ: MSFT )
Founded Albuquerque, New Mexico, USA (April 4 1975)^[1]
Headquarters Redmond, Washington, United States

Key people Bill Gates, Co-founder and Executive Chairman ;
Paul Allen, Co-founder ;
..... Click the link for more information.

A website (alternatively, Web site or web site) is a collection of Web pages, images, videos or other digital assets that is hosted on one or several Web server(s), usually accessible via the Internet, cell phone or a LAN.
..... Click the link for more information.

Single sign-on (SSO) is a method of access control that enables a user to authenticate once and gain access to the resources of multiple software systems.

Many free and commercial SSO or reduced sign-on solutions are currently available.
..... Click the link for more information.

Windows Live Hotmail (formerly MSN Hotmail), commonly known as Hotmail, is a free webmail service by Microsoft, part of the Windows Live range of services.

The current version was announced on November 1, 2005 as an update to Microsoft's existing MSN Hotmail service.
..... Click the link for more information.

MSNBC

Type Cable news television network
Country United States
Availability United States, Canada
Slogan "A Fuller Spectrum of News"
"The Place for Politics"
..... Click the link for more information.

MSN (an abbreviation of Microsoft Network) is a collection of Internet services provided by Microsoft. Initially released on August 24, 1995, to coincide with the release of Windows 95. The range of services provided has changed significantly since its release.
..... Click the link for more information.

Xbox Live is an online multiplayer gaming and content delivery service created and operated by Microsoft Corporation. It was first made available to the Xbox video game console in November 2002.
..... Click the link for more information.

The .NET Messenger Service (often known colloquially as MSN) is an instant messaging and presence system developed by Microsoft. Its user authentication system uses Windows Live ID, which allows any e-mail address that is registered as a Microsoft Passport to sign
..... Click the link for more information.

Zune is the name of a brand of digital music products and services sold by Microsoft. It includes digital audio players and client software incorporating an online music store which includes DRM-free mp3s as well as protected songs.
..... Click the link for more information.

Expedia.com is an Internet-based travel agency, part of Expedia, Inc.(NASDAQ: EXPE ), headquartered in Bellevue, Washington, USA. It books airline tickets, hotel reservations, car rentals, cruises, vacation packages, and various attractions and services via the World Wide Web
..... Click the link for more information.

Hoyts is an Australian chain of cinema multiplexes. The company is jointly owned by West Australian Newspapers Limited and Publishing and Broadcasting Limited. Hoyts sold most of its theatres in the United States to Regal Entertainment Group.
..... Click the link for more information.

Microsoft adCenter (formerly MSN adCenter), is the division of the Microsoft Network (MSN) responsible for MSN's advertising services. Microsoft adCenter currently provides pay per click advertisements.
..... Click the link for more information.

Windows XP
(Part of the Microsoft Windows family)
Screenshot

Screenshot of Windows XP Service Pack 2
Developer
Microsoft
Web site: Windows XP: Homepage
Release information
Release date:
..... Click the link for more information.

Windows CardSpace, formerly known by its codename InfoCard, is the client software (or Identity selector) for the Identity Metasystem, a concept developed by Microsoft which securely stores and delivers the digital identities of a person, providing a unified, secure
..... Click the link for more information.

Windows Vista
(Part of the Microsoft Windows family)
Screenshot

Screenshot of Windows Vista Ultimate
Developer
Microsoft
Web site: Windows Vista: Homepage
Release information
Release date:
..... Click the link for more information.

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide secure communications on the Internet for such things as web browsing, e-mail, Internet faxing, instant messaging and other data transfers.
..... Click the link for more information.

HTTP cookies, sometimes known as web cookies or just cookies, are parcels of text sent by a server to a web browser and then sent back unchanged by the browser each time it accesses that server.
..... Click the link for more information.

Triple DES

Three successive invocations of DES

General
IBM
1978

DES

Cipher detail
Key size(s):| 112 (2TDES) or 168 bits (3TDES)

Block size(s):| 64 bits
Feistel network
48 DES-equivalent rounds
..... Click the link for more information.

Kerberos is the name of a computer network authentication protocol, which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner.
..... Click the link for more information.

This article or section needs sources or references that appear in reliable, third-party publications. Alone, primary sources and sources affiliated with the subject of this article are not sufficient for an accurate encyclopedia article.
..... Click the link for more information.

June 17 is the 1st day of the year (2nd in leap years) in the Gregorian calendar. There are 0 days remaining.

Events

..... Click the link for more information.

20th century - 21st century - 22nd century
1970s 1980s 1990s - 2000s - 2010s 2020s 2030s
2004 2005 2006 - 2007 - 2008 2009 2010

2007 by topic:
News by month
Jan - Feb - Mar - Apr - May - Jun
..... Click the link for more information.

Motto
"Je maintiendrai" (French)
"Ik zal handhaven" (Dutch)
"I shall stand fast"¹
Anthem
..... Click the link for more information.

This article is copied from an article on Wikipedia.org - the free encyclopedia created and edited by online user community. The text was not checked or edited by anyone on our staff. Although the vast majority of the wikipedia encyclopedia articles provide accurate and timely information please do not assume the accuracy of any particular article. This article is distributed under the terms of GNU Free Documentation License.

Herod_Archelaus

iPedia Free Information Center