This talk will explore the challenges associated with managing security for the Microsoft Passport identity management system. Identity management in itself is a well-understood problem but the unique characteristics of operating a service for 200M end-users adds new complications. As starting point we examine where identity management fits in the bigger picture of online interactions, explain the reasons why Passport exists and offer predictions about how authentication on the Internet is likely to evolve. Strict constraints around reliability, interoperability with installed software base and ease-of-use apply to security measures which can be deployed for a service of this nature. We observe that the risk model for a service is inherently different than that of a shrink-wrapped application, which has implications for operations, incident response and vulnerability disclosure. That unique character drives the overall strategy and determines how different pieces such as cryptography, systems security, human factors, operations, policy and economics interact. These implications will be examined in the context of specific problems Passport faces, including the efficient use of cryptography on large scale and battling spam for Hotmail.
Gates 4B (opposite 490) Wednesday 06/02/04 1630 hrs