Microsoft, VeriSign Secure .Net

Microsoft may be laying the groundwork for future control points even as it blesses the creation of an open source version of its .Net platform.

Microsoft may be laying the groundwork for future control points even as it blesses the creation of an open source version of its .Net platform.

One such possible choke point, critics said, could emerge from Microsofts powerful alliance with digital certificate provider VeriSign, which has agreed to provide greater security for .Net technologies and adopt them for its own customers. Critics warned the deal could lead to Microsofts locking in a new generation of Web applications on its new platform, making it a de facto standard because so many users will rely on it.

The mixed signals come on the eve of a debate between Microsoft Senior Vice President Craig Mundie, who describes open source software as "a security risk," and Michael Tiemann, chief technology officer of Red Hat and an early open source developer. They will face off July 26 at the OReilly Open Source Convention in San Diego.

Despite Mundies thoughts on open source, another Microsoft official last week endorsed the plans of open source developer Miguel de Icaza to launch his .Net-compatible open source code project at the conference.

De Icazas move "is a ringing endorsement of .Net" as a development platform for more than just Windows, said Tony Goodhew, Microsoft project manager for the language underpinnings of .Net.

But the Microsoft/VeriSign alliance is a bid by Microsoft to push wider adoption of Passport, which will be the user identification system for .Net, said Eric Raymond, president of the Open Source Initiative, a group that urges adoption of open source code in the commercial world.

"If Microsoft can get a large-enough mass of developers writing applications that use Passport for authentication and security, then theyve got a lock" on a future generation of Web applications, Raymond said.

A Washington, D.C., trade group, ProComp, that includes Microsoft rivals, recently charged Microsoft with seeking an "identity monopoly" by integrating its .Net and Hailstorm development technologies and Passport service. The Verisign deal increases the chances of Microsofts building a de facto security standard, critics fear.

In its announcement with VeriSign last week, Microsoft said it will augment the sign-on and user authentication system of its Passport with higher levels of security provided by VeriSign. While Passport might be sufficient for a user to enter a Web site and fill a shopping cart, a large financial transaction might be endorsed by the use of an encrypted digital certificate from VeriSign, said Tom Pilla, a Microsoft spokesman.

Broader Cooperation

Verisign will use .Net technologies and adopt Passport for its own customers, said Bob Korzeniewski, executive vice president of VeriSign.

"Were building in an option of higher-level trust" than Passport provides at present, he said, adding that the alliance goes far beyond previous Microsoft/VeriSign cooperation, which dates to 1996.

De Icaza, a leading open source code developer, conceded that Microsoft, in its deal with VeriSign, has taken another step toward making Passport an alternative to many developers who need to build user identification and assignment of privileges into their software. Passport is already used with Microsoft Hotmail, The Microsoft Network and the Microsoft Developer Network.

Goodhew said anyone was welcome to take the specifications for .Net that Microsoft has submitted to the European standards body, ECMA, and implement them. Third-party versions will compete with Microsofts own version of .Net tools and languages. Microsofts .Net technologies, in effect, provide a platform on which a variety of developers may produce Internet applications built with code from different languages, including the new C Sharp, Visual Basic, C and C++.