7 Aug
2001
7 Aug
'01
4:11 a.m.
Risks of Microsoft Passport We all know the risks of trusting DNS and the fact that users click OK when presented with certificate warnings in their browser. So what happens when you build a single sign-on model for e-commerce that leverages these technologies? You end up with some risks that users might not expect. Microsoft's ambitious Passport service uses these common Internet standards. Avi Rubin and Dave Kormann from AT&T Research Labs document the risks of the Passport system in their research report, "Risks of the Passport Single Signon Protocol". http://avirubin.com/passport.html