Mohammed H. Almeshekah and Waleed A. Alrodhan
Proceedings of the 4th Saudi International Conference (SIC’10), Manchester, UK, 2010
Paper (full text)
ABSTRACT: Microsoft Passport was developed to be the Internet global identity management system (or IdMS). In its early days, it was adopted by many well-known organizations, such as eBay and PayPal; however, several security problems have emerged. Hence, these organizations started withdrawing from the Passport scheme. In 2005, Microsoft admitted the failure of Passport and started the development of a new IdMS called CardSpace. In this paper, we examine the security features of Passport and CardSpace, then we show how Microsoft managed to overcome most of Passport’s problems. Finally, we discuss the main security flaws in CardSpace and what Microsoft can do to improve it.