This latest security issue with Passport highlights the problem with any highly centralized identity infrastructure. That is, a single point of failure can compromise everything, and even if it doesn't you can't easily prove it didn't. And it is easy to create a hole as happened here. Microsoft was responding to user desires by allowing email management, and an unforseen side effect occurred. With extremely large centralized systems, this is an exponentially more likely occurrance - it's inherent in the centralized vs. distributed structures.
Microsoft is one of the few companies with the resources and corporate determination to keep doing the work it takes to fully secure such a system, and eventually Passport is likely to be one of the most secure systems in the world. The question is, by the time this can be proved, will anyone still care?
This all illustrates why, for most uses, a distributed approach to identity (such as federation) is what will actually deploy. In that type of architecture, security difficulty doesn't escalate exponentially with scale, liability boundaries can be agreed upon and technically proved, and any failure will be isolated to a small portion of the identity information. And with any failure the maximum exposure that might have occurred can be quickly determined and risk management will be reasonable.
Since identity infrastructure will forever be tightly intertwined with risk management and liabilty, architectures that naturally minimize both are most likely to deploy to wide scale, and those that don't - won't.
Posted by pbecker at May 16, 2003 12:04 PM