Microsoft has taken a lot of heat for what critics have described as its
inability to bring trusted identity management to the public in
the last few years. But that hasn’t stopped the software giant from trying.
Microsoft is trying to integrate its identity management software components
into one platform to make it easier for developers using the technology.
“Every new feature had to go through a process where we’d understand exactly
what were its implications for broad substantive issues, not just the
security, but privacy as well, which is very, very critical,” Microsoft
Chief Software Architect Bill Gates said during his keynote at the RSA
Conference 2005 yesterday.
“The updating isolation, and now access control is very important, and we’re taking that and extending it out to the developers.”
At the show, Gates unveiled
enhancements across the company’s product lines, including Service Pack 1
for RMS. RMS SP1 allows users to deploy DRM without a network connection to
the Internet and without an operational dependency on Microsoft.
The company is also targeting the anti-virus and anti-spyware markets
vendors Symantec and McAfee are entrenched in.
Gates said Microsoft’s efforts to simplify the way it offers security include a combination of identity management and digital rights management applications, which would be bundled into the Windows Server platform.
By knitting together applications such as Active Directory, Active Directory
Application Mode (ADAM), Active Directory Federated Services, Windows Rights
Management Services (RMS) and Microsoft Identity Integration Server (MIIS),
the company could make it more efficient for developers, he said.
A Microsoft spokesperson said the company does not “have any additional
information to share around Identity Management beyond what’s publicly
available.”
But Forrester analyst Jonathan Penn said the move to integrate its disparate
security applications into one chunk to fit into Windows Server would
hardly be surprising.
“I suspect this is the same kind of strategy that Microsoft always executes:
playing to its strengths by doing more on its home turf than others do, even
though it does less on others,” Penn said. “So they’ll likely pull ID
management and DRM together in access control over the file system and
individual files.”
Microsoft embarked
on its Trustworthy Computing campaign in 2001 to ease customer concerns
about its ability to offer secure software following a rash of exploits.
In 2002, it introduced RMS, a DRM platform the company calls TrustBridge. The product became available
in fall 2003.
A more integrated security platform would be welcomed by Microsoft
supporters such as Oracle, said Rodger Sullivan, Oracle vice president and
board member of the Liberty Alliance Project for creating federated identity
products.
Sullivan said the Liberty Alliance would also welcome Microsoft’s
participation in developing open ID management standards. Microsoft is
currently working
with Sun Microsystems on making ID management interoperable between the two
companies competing on .NET and Java platforms.
Part of this has to do with a settlement between the two companies. But another part has to do with the negative
view the industry has of Passport, Microsoft’s single sign-on software.
While the Redmond, Wash., concern once said Passport would be ubiquitous,
partners such as eBay and Monster.com have dropped
Passport in favor of their own software.
The technology has largely been relegated to sign-in to Microsoft sites.