Microsoft to show off ID federation
The software giant will display software on Tuesday that lets customers sign in to a Web site and then take their identity with them as they browse the Web to other federated sites.
The technology, which won't be available until the software giant releases Windows Server 2003 R2 in the second half of 2005, will interoperate with other companies' identity management software, said Michael Stephenson, lead program manager for Windows Server 2003.
"Federated identity lets companies securely extend their applications to suppliers and external users," he said. Though the software the company plans to show off won't be available anytime soon, Stephenson wanted to underscore that Microsoft is playing well with others: "We have been working closely with others in the industry on interoperability."
Microsoft's interoperability demonstration is the latest move in the software giant's plans to push for the ubiquitous use of identity management and Web services. Along with IBM, the company has been a cheerleader for the adoption of the Web Services standard by the Organization for the Advancement of Structured Information Standards, or OASIS. WS-Security, which includes many of the federated identity specifications, passed muster in April.
The Web Services framework competes to some extent with the E-Business Extensible Markup Language (ebXML), which has also been adopted by OASIS. Both sets of services aim to allow Web sites to offer services to other e-commerce sites.
However, to share identity between sites on the Web and between servers inside a company only three options currently exist: the security assertion markup language (SAML) 1.1, the WS-Security standard or the Liberty Alliance's standard, which has become the base for the next version of SAML, 2.0. Such identity services promise to allow partners to share secure access to services by letting a person who signs in to one server access any other partner's server without having to sign in.
"We are showing how a user at one site might log on to a portal, and then they can enter a purchase order at another location without having to sign on again," Stephenson said. "Today it is very expensive to provide this type of functionality."
Originally, Microsoft had hoped that its Passport service would be the single-stop place for people to store their information on the Web. However, businesses and consumers did not agree, and so the software giant started to work on federated services.
While Microsoft played well with its partners, the software giant and the Liberty Alliance are still at odds. Microsoft and the Liberty Alliance have still not committed to supporting each others' standards. Stephenson said he is "very hopeful" that the two will work together.
However, the two groups continue to compete. The Liberty Alliance boasted on Monday that it offers the most mature method for sharing identity information.
"The WS family of specifications in general, with the exception of WS-Security, are not in any usable standards form," said Michael Barrett, vice president of privacy and security for American Express and president of Liberty Alliance's management board.
American Express currently has several identity projects in pilot, including internal identity management systems and simplifying traveler's check transactions between the financial firm and its resellers. However, the move to the new infrastructure, which the company started more than three years ago, won't be quick.
"It is a complex, multiyear strategy," he said, pointing out that Microsoft is just at the beginning as well.