In this article, Nicholas Petreley claims that because American Express, eBay, and VeriSign will support Passport, you won’t be able to build an e-commerce app with Mono (unless you hook it to Passport):
Microsoft is already promoting Passport aggressively by making deals with the likes of American Express, eBay, and VeriSign, among dozens of other popular e-commerce sites. So for Mono to be of any use in developing open-source e-commerce applications, Mono will have to support Passport.
I don’t see how the one follows the other. Because some random companies start supporting Passport, will Mono (or .NET for that matter) suddenly become incapable of using strong cryptography?
You do not need Passport to develop .NET applications that work with the existing e-commerce infrastructure. For example, .NET’s System.Net.WebRequest is perfectly happy talking to an https server. .NET’s web forms can sit behind a web site that is protected with SSL. The System.Security.Cryptography namespace is full of support for strong crypto.
Strong crypto, including SSL, have been the cornerstones of e-commerce to date, and will continue to be for some time (in fact, Passport uses https during user authentication).
Passport is only necessary if you want to use it as a single sign-in solution for Hailstorm or your web site. It is not necessary for e-commerce (I think we should resist all efforts to make it the only authentication mechanism for e-commerce).
The .NET framework is a general-purpose development framework. Passport is a single sign-in solution that can be implemented on any web server, not just IIS. Passport is no more essential for .NET e-commerce applications than it is for Perl, J2EE, Python, or PHP e-commerce applications.
I appreciate Petreley’s concerns about whether Mono will help Passport take over the world. But I don’t agree that Mono is part of the problem. I think Mono will facilitate multiple solutions to the single sign-in problem. Read more here, in Mono’s Not Just a Vehicle for Passport.