Microsoft prepares move on ID management

Microsoft is working on restructuring its identity management platform, adding services directly into the operating system with an eye toward lessening users' current integration chores.

The biggest additions would be folding Microsoft's Identity Integration Server (MIIS) - a separate product and cornerstone for Microsoft's identity platform - into Windows to add services such as provisioning and password management. The operating system already includes Active Directory, another foundation of Microsoft's identity platform.

The sources said Microsoft was developing new workflow technology for the operating system that would be used to orchestrate the provisioning and other identity services across multiple systems.

According to observers, Microsoft's intent was to centralise some identity services and make it easier to deploy its identity platform by reducing the amount of integration end-users must do and giving developers one point where they can tie their applications to the identity platform.

They also suggest Microsoft hopes to build a cohesive package around its enterprise identity platform, Web services development tools and standards support, and personalised identity services it is creating in its forthcoming Longhorn operating system, set to begin shipping in 2006.

Microsoft officials would not comment on their future plans for the identity platform.

The restructuring comes as Microsoft is battling rivals IBM, Sun and others who have put together tightly integrated identity suites at a time when identity management has become a corporate hot button.

While the MIIS change is not set in stone, it would dramatically change the capabilities of the operating system. For example, the integration would let users reset passwords across all Microsoft and other platforms from their Windows desktops. Today, users deploy MIIS or purchase third-party software to handle those services.

The catch is that while corporate users would get the provisioning engine in the operating system, they would have to buy the connectors to link the operating system capabilities to other platforms including directories, databases and applications such as Lotus Notes and SAP.

Microsoft's chief software architect, Bill Gates, referred to MIIS in his keynote address last week at the RSA Conference in San Francisco as a key element of the vendor's identity strategy.

"You go to one place, and that information is propagated in the right way across the different places it should be," he said.

Microsoft is also planning to add workflow services in the operating system, most likely with Longhorn, using a technology under development called Windows Orchestration Engine (WinOE). Work to include WinOE in MIIS and other Microsoft software is already underway.

While all this integration could be years down the road, it dovetails with identity services Microsoft is set to release by year-end in the next version of Windows Server, dubbed R2.

R2 includes Active Directory Federation Services (ADFS), which lets user identity information one company supplies be used to gain access on partner networks.

ADFS will eventually provide the Web single sign-on capabilities that Microsoft's identity platform currently lacks, and it is the foundation of the company's adoption of Web services security protocols in Windows, such as WS-Federation and the Security Assertion Markup Language (SAML).

The federation services will intersect with personalised identity services Microsoft is developing, including a revival of Passport with a focus on corporate users, sources say.

Passport was Microsoft's first pass at developing a single sign-on service, but bugs, privacy concerns and dwindling support caused its demise.

Sources claim Microsoft is developing an MIIS connector to synchronise Passport with corporate directories. The idea is that companies could set up their own Passport hubs to store their user information without any Microsoft involvement and use ADFS to federate their hub with their partners' Passport hubs.

Personalisation would be rounded out using the client-side Identity System and Information Card being developed for Longhorn. The Information Card technology is the exact opposite of Passport's design in that users are in control of their personal information and how it is shared.

The cards could be used in peer-to-peer relationships, including validating email senders, or as a single sign-on control. The cards also could secure access control and communication between a user and a company, and between departments or organisations.

Microsoft plans to tie the Identity System into its larger Web Services-based federated identity initiatives.

The vendor hopes to make the cards cross-platform, but critics say the key will be if Microsoft supports other federation standards, including the SAML and the Liberty Alliance's similar user-centric identity model.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John Fontana

Network World
Show Comments


James Cook University - Master of Data Science Online Course

Learn more >




Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?