Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, May 18, 2005

Microsoft Envisions a Grand Digital-ID Plan

Microsoft has a grand plan for digital-identity management.  And over the next few months, the company will begin to deliver Microsoft implementations of some of the piece parts of that plan.

An identity metasystem is much like a metadirectory, according to industry watchers.  A metadirectory, or uber-directory service, is designed to users to view data from different directory systems in a unified way.

In a white paper published this month to the Microsoft Web site, Microsoft describes the identity metasystem this way: “This metasystem, or system of systems, would leverage the strengths of its constituent identity systems, provide interoperability between them, and enable creation of a consistent and straightforward user interface to them all.

“The ID metasystem is a new concept that we just started talking more formally about last week,” said Michael Stephenson, director of product management with the Microsoft Windows Server team.  The identity metasystem is an outgrowth of the WS-* Web services architecture that Microsoft and its partners have been championing for the past couple of years.  Stephenson said that while the digital ID platform vision advances, Microsoft and its partners will continue to submit the various WS-* protocols to standards bodies in a royalty-free manner.

As outlined by Microsoft in its metasystem white paper, the digital ID metasystem will build on top of two of the WS-* protocols: the WS-Trust and WS-Metadata Exchange ones.  Security token servers and WS-SecurityPolicy-based clients that require user-identification-vertification will plug into this base.

According to Microsoft, “Examples of technologies that could be utilized via the metasystem include LDAP claims schemas, X.509, which is used in Smartcards; Kerberos, which is used in Active Directory and some UNIX environments; and SAML, a standard used in inter-corporate federation scenarios.”

Microsoft envisions individual vendors building their own implementations of the digital ID metasystem.  Infocard Infocard, which is similar to a virtual credit card or membership card, will be the common user interface for the Microsoft digital-ID metasystem, Stephenson said.  Company officials have said that Microsoft will build into future versions of Windows, starting with Longhorn, an InfoCard client.,1995,1817451,00.asp

Posted on 05/18