
Interoperability's the name of the game
By Robert Lemos
Published: 25 May 2004 08:55 BST
Microsoft will today display software that lets customers sign in to a website and then take their identity with them as they browse the web to other federated sites, a representative said.
The technology, which won't be available until the software giant releases Windows Server 2003 R2 in the second half of 2005, will interoperate with other companies' identity management software, said Michael Stephenson, lead program manager for Windows Server 2003.
"Federated identity lets companies securely extend their applications to suppliers and external users," he said. Though the software the company plans to show off won't be available any time soon, Stephenson wanted to underscore that Microsoft is playing well with others: "We have been working closely with others in the industry on interoperability."
Microsoft's interoperability demonstration is the latest move in the software giant's plans to push for the ubiquitous use of identity management and web services. Along with IBM, the company has been a cheerleader for the adoption of the web services standard by the Organisation for the Advancement of Structured Information Standards, or OASIS. WS-Security, which includes many of the federated identity specifications, passed muster in April.
The web services framework competes to some extent with the E-Business Extensible Markup Language (ebXML), which has also been adopted by OASIS. Both sets of services aim to allow websites to offer services to other e-commerce sites.
However, to share identity between sites on the web and between servers inside a company only three options currently exist: the security assertion markup language (SAML) 1.1, the WS-Security standard or the Liberty Alliance's standard, which has become the base for the next version of SAML, 2.0. Such identity services promise to allow partners to share secure access to services by letting a person who signs in to one server access any other partner's server without having to sign in.
"We are showing how a user at one site might log on to a portal and then they can enter a purchase order at another location without having to sign on again," Stephenson said. "Today it is very expensive to provide this type of functionality."
Originally, Microsoft had hoped that its Passport service would be the single-stop place for people to store their information on the web. However, businesses and consumers did not agree, and so the software giant started to work on federated services.
While Microsoft played well with its partners, the software giant and the Liberty Alliance are still at odds. Microsoft and the Liberty Alliance have still not committed to supporting each others' standards. Stephenson said he is "very hopeful" that the two will work together.
However, the two groups continue to compete. The Liberty Alliance boasted on Monday that it offers the most mature method for sharing identity information.
Michael Barrett, vice president of privacy and security for American Express and president of Liberty Alliance's management board, said: "The WS family of specifications in general, with the exception of WS-Security, are not in any usable standards form."
American Express currently has several identity projects in pilot, including internal identity management systems and simplifying traveler's check transactions between the financial firm and its resellers. However, the move to the new infrastructure, which the company started more than three years ago, won't be quick.
"It is a complex, multiyear strategy," he said, pointing out that Microsoft is just at the beginning as well.
Robert Lemos writes for CNET News.com
Bill Gates: on web services, Linux, security and more...
XP Service Pack 2: Microsoft wants you to spread the word
Windows XP Service Pack 2: What you'll get and when you'll get it
Microsoft patches new Windows flaw
Secure Business-to-Business Single Sign-On (B2B SSO) Based on Federated Identity Management
If you are an experienced network engineer looking to develop your career with one of the world's best employers, then look no further than American ...
Ideally candidates will have: - Outstanding client, people management and coaching skills - Enthusiasm and commitment to delivering quality results ...
Other responsibilities include development and sign off of the Master Test Plan, building the team, managing people and managing the relationship ...
CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.
Stories from the web...
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
Peter Cochrane Peter Cochrane's Blog: Is convergence a fiction? Or could it finally be happening…
Clive Longbottom Quocirca's Straight Talking: A game of two halves Microsoft Virtualisation scores while its SOA bores...