Lighten your account management burdens—and make life easier for your online customers
Many e-commerce Web sites maintain their own databases of customer account information, such as user logon names, passwords, and credit card numbers. As a result, users must keep track of numerous sets of account information—often a separate set for each Web site they visit. Users who forget or lose track of the username or password they selected for a particular site account often choose not to return to the site rather than go through the hassle of setting up a new account. Additionally, customers who are concerned about privacy and security, if asked to submit personal information such as their birth date or gender, frequently choose not to establish an account rather than to divulge more information than they'd like.
Smart e-commerce site managers can attract customers—and reduce administration headaches—through user-identity management. Microsoft .NET Passport is an Internet user-identity—management system that lets Internet users use just one login name and password to sign in, access Web services, and shop online at all participating Web sites. Users can control what personal information they want to register in their accounts and what personal information they want to release to the Web sites that they visit. (The Liberty Alliance Project, a Sun Microsystems—initiated group of vendors, is developing a similar system and encouraging Microsoft to join with it.) If you're a Web site developer or administrator, .NET Passport helps you provide a better user experience and saves you time by supporting Internet user-identity management. When you understand what .NET Passport is and how it works, you can build a .NET Passport—enabled e-commerce Web site to better serve your customers and ease your user-management burden.
Services and System Configuration
.NET Passport provides three services: single sign-in (SSI), express purchase (EP), and Kids Passport. The SSI service lets users maintain one .NET Passport user account with which they can access .NET Passport—enabled services, such as personalized MSN pages and .NET My Services (previously code-named HailStorm—for more information about .NET My Services, see Darren Mar-Elia, ".NET Demystified," November 15, 2001, InstantDoc ID 22760). The EP service lets users store credit card information and billing and shipping addresses in an electronic .NET Passport wallet, then purchase goods on the Internet without needing to reenter information for each order. The Kids Passport service supports the Children's Online Privacy Protection Act (COPPA), which requires Web sites to obtain parental consent before collecting, using, disclosing, or displaying children's personal information. (For information about Kids Passport, see the Web-exclusive sidebar "Passport for Kids," http://www.winnetmag.com, InstantDoc ID 24125.)
The .NET Passport system provides a central Internet user-account database and performs user authentication on behalf of participating Web sites, so those Web sites don't need to maintain user-account databases. The system consists of a .NET Passport account database, which stores .NET Passport user accounts, and several network servers, which Microsoft dubs the Registration server, Member Service server, Update server, Login server, Wallet server, and Kids server. The Registration, Member Service, and Update servers handle user-account creation and modification. Participating Web sites that have registered with .NET Passport use the .NET Passport Login server to authenticate users through the SSI service, the Wallet server to fetch user credit card information through the EP service, and the Kids server to support COPPA through the Kids Passport service. Microsoft keeps the .NET Passport account database and network servers in a secure data center.
What's in an Account?
A .NET Passport user account consists of four components: a .NET Passport Unique Identifier (PUID), a credential, a user profile, and a wallet. When a user creates an account, the .NET Passport system generates a PUID that identifies the account in the account database. The .NET Passport credential consists of the user's email address, which serves as a login name, and a password, which must consist of at least six characters. Users can optionally enter first name, last name, country, state, gender, birth date, and other personal information in the NET. Passport user profile, which Figure 1 shows. Users can use the profile to specify whether to release email address, name, or other personal information to participating Web sites. Users who want to use the EP service save their credit card numbers and billing and shipping addresses in the .NET Passport wallet.
.NET Passport user accounts are free. Registering for MSN Hotmail, personalizing MSN pages, or registering Windows XP through its Registration Wizard automatically creates a .NET Passport account. Users who haven't opened an account through one of these methods can create an account at .NET Passport's registration Web site (http://www.passport.com); participating Web sites often redirect nonregistered users to the registration site. The registration process uses the Secure Sockets Layer (SSL) protocol to protect the transmission of account information, then uses Triple DES (3DES) to encrypt sensitive data (e.g., password, credit card information) in the user database. Immediately after a user creates an account, .NET Passport sends the user an email message to verify the user's email address.
The SSI Service
With a .NET Passport account, users can sign in to a .NET Passport—participating Web site to access that site's services. The only necessary software is a Web browser: Microsoft Internet Explorer (IE) 4.01 Service Pack (SP2) or later or Netscape Navigator 4.5, 4.08, or later.