.NET Passport

Passport User ID (PUID)

Operational Info

Legal Stuff & Registration Requirements

Companies using Passport have to have a privacy statement of acceptable level to use the Passport service. Haven't seen a definition of "acceptable level".

MS does not "mine" user info or track click-through information. They do however collect aggregated information about the number of users by attributes such as gender, age or region.

Users cannot refuse e-mails from MS about passport (i.e. service updates and surveys). That said, you don't have to reply to the surveys (and I've never had one).

Sites must agree to:

To register, you must supply:

or, if registering on a mobile device:

Additionally, you can record the following in the passport as well (anything else, the individual site has to store outside of passport and (presumably) link by the PUID):

XP Integration

Required to use:

Nag screen / bubble goes away after 5 connections / refusals.

XP can log you into Passport automatically (if you want)

.NET Passport Express Purchase Service

When the Express Purchase button is clicked the user is redirected to a https:// address on a MS server. Here they can sign into passport (if they haven't already), then select the billing and delivery address information previously entered. This information is sent back to the merchant's website and the user re-direct back.

Kids .NET Passport Service

Supports the American COPPA (Children's Online Privacy Protection Act). Parents can set a consent level ("Deny", "Limited" or "Full") that controls a site's ability to access information about the child.


Passport creates 3 cookies: