Microsoft Pushes Interoperable Net Trust Network

 
 
By Peter Galli  |  Posted 2001-09-20 Email Print this article Print
 
 
 
 
 
 
 
Microsoft Corp., acknowledging that no single company will be able to provide a universal single sign-in or authentication service, will announce Thursday an initiative that it hopes will facilitate a trusted, interoperable authentication network across the Internet. The Redmond, Wash., software maker also hopes the move will help spur adoption and usage of its Passport authentication service and, ultimately, its Web services.
Brian Arbogast, vice president of Microsofts .Net core services platform, told eWEEK that the company is proposing an Internet trust network that would enable open, federated authentication and that would bring universal single sign-in to all users and provide interoperability among different enterprise and service authentication systems.
The goal is to enable Web services based on XML (Extensible Markup Language) to interoperate freely, through a broad Internet trust network that works in a manner similar to e-mail, DNS and the ATM network created by the banking industry, Arbogast said. HailStorm gets new name Microsoft has also renamed its core group of initial Web services, known as HailStorm until now, to .Net My Services. These will also be federated, but details will only be made available at the companys Professional Developer Conference in Los Angeles in October, he said.
"We realize that there will be many different authenticators on the Internet, including enterprises for their own staff and other service operators beyond Microsoft," Arbogast said. "As such, we need a model for bridging across these networks. We at Microsoft believe in and support an open model for authentication on the Internet." To achieve this, the network and Microsofts own Passport service will support Kerberos 5.0, an open standard for authentication, which "provides a secure mechanism for creating trusted relationships across otherwise distinct boundaries," he said. "Its use will also remove the technical barriers that have until now prevented the trustworthy sharing of user credentials among independent, competing or otherwise incompatible systems." Microsoft will take the lead in the formation of this network by making Passport available for federation with other authentication systems, he said. This essentially means that Passport will be able to accept credentials issued by other organizations that were part of the network, while they could in turn accept Passport credentials. This is a major shift for the software company, which has, until now, been the only operator of Passport. "This federated model allows organizations to retain fine-grained and secure control over their user identities, profiles and other business data, while participating in a trusted network that delivers a unified experience to users," Arbogast said. As such, it will be built on a common set of technical and operational guidelines and open to any organization supporting those standards. But there will have to be a set of technology and operating agreements between the partners in the trust network around things like key exchange, management procedures, security, privacy and operations procedures. Microsoft is currently working on these operating agreements, he said. Moving forward, Passport will support universal single sign-in next year, while the upcoming Microsoft Windows .Net Server line -- due for release next year -- will allow organizations of all sizes to easily and securely participate in the Internet trust network. If the initiative gets off the ground, enterprises will be able to participate by licensing a Windows .Net server or buying an implementations of Kerberos Version 5. Authentication providers will be able to outsource authentication to Passport or, in the future, to other federated authentication providers. They will also be able to buy or build an authentication system that is compliant with Kerberos Version 5, he said. But industry sources, who declined to be named at this early stage, were reserved in their response, saying that while the broad concept of many federated authentication services is appealing, there are a lot of second-order issues that need to be addressed. "From what I can see, Microsoft intends still, on the client side, to have just one authentication service offered to the preponderance of consumers who use PCs. So it will be interesting to see where they ultimately come out on that. But, in the abstract, should there be an ability for server-to-server interoperability on authentication services, that would be appealing," one source said. Another source cautioned that it is still far too early to make a decision about participating until it is clear exactly what Microsoft is proposing, and "since its Microsoft, youve always got to look and see exactly what the fine print is," he said. Microsofts Arbogast said there has already been a round of discussions with enterprises and other interested parties in this regard, which will be aggressively pursued. "We intend to use the Trusted Computing Conference in November to continue our discussions with industry, government and policy groups," he said. AOL Time Warner Inc. is one of the companies Microsoft is hoping will throw its weight behind the initiative. "We are calling on competitors like AOL to adopt the same model and to interoperate and federate with us, but I dont know to what degree theyre prepared to open up and change their model to participate in this," Arbogast said. AOL spokesman Jim Whitney told eWEEK Thursday morning that the company has not been formally approached by Microsoft as yet. "We are not going to comment on this until we know more about it. This announcement is the first we have heard of it. We will be looking at the proposal and then make a determination on the correct way to respond," he said. Arbogast said Microsoft will "continue to engage with AOL on a number of fronts and will welcome them to this model of building on a trusted network of authentication on the Internet."
 
 
 
 
Peter Galli has been a financial/technology reporter for 12 years at leading publications in South Africa, the UK and the US. He has been Investment Editor of South Africa's Business Day Newspaper, the sister publication of the Financial Times of London.

He was also Group Financial Communications Manager for First National Bank, the second largest banking group in South Africa before moving on to become Executive News Editor of Business Report, the largest daily financial newspaper in South Africa, owned by the global Independent Newspapers group.

He was responsible for a national reporting team of 20 based in four bureaus. He also edited and contributed to its weekly technology page, and launched a financial and technology radio service supplying daily news bulletins to the national broadcaster, the South African Broadcasting Corporation, which were then distributed to some 50 radio stations across the country.

He was then transferred to San Francisco as Business Report's U.S. Correspondent to cover Silicon Valley, trade and finance between the US, Europe and emerging markets like South Africa. After serving that role for more than two years, he joined eWeek as a Senior Editor, covering software platforms in August 2000.

He has comprehensively covered Microsoft and its Windows and .Net platforms, as well as the many legal challenges it has faced. He has also focused on Sun Microsystems and its Solaris operating environment, Java and Unix offerings. He covers developments in the open source community, particularly around the Linux kernel and the effects it will have on the enterprise.

He has written extensively about new products for the Linux and Unix platforms, the development of open standards and critically looked at the potential Linux has to offer an alternative operating system and platform to Windows, .Net and Unix-based solutions like Solaris.

His interviews with senior industry executives include Microsoft CEO Steve Ballmer, Linus Torvalds, the original developer of the Linux operating system, Sun CEO Scot McNealy, and Bill Zeitler, a senior vice president at IBM.

For numerous examples of his writing you can search under his name at the eWEEK Website at www.eweek.com.

 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel