Until now, identifying oneself on the Web has been a source of irritation, annoyance, security concerns, and risk. Web sites often require users to provide unique login IDs and passwords, and you may also have to supply some arbitrary level of personal identification. Because some sites contain information that may be of great value, or engage in transactions that may involve exchanging significant amounts of money, it is often in your interest to ensure that the passwords you use are secure. But unfortunately, at the present time there is no good, easy way to create secure passwords for all the sites that require them. By definition, a good password should be difficult for either a human or a computer algorithm to guess, and thus a good password will be difficult to remember. The usual solution to this is to write down all your passwords, which immediately makes them vulnerable to discovery.

Microsoft's first attempt at solving this problem was Passport. The idea behind Passport was that you would have a single identity with only a single password to remember. The problem with this approach, of course, is that you may not wish to have the same identity on every web site you visit. Also, many web users prefer to limit the information they give out to the absolute minimum required to perform the transactions they want on a given web site—and with good reason. All of us have experienced the tsunami of ...