Microsoft Lags on Federated ID Strategy

Opinion: Microsoft will tweak Active Directory in the next Windows server, and none too soon.

With Longhorn Server, Microsoft will be making some superficial changes to its Active Directory service. Anyone expecting more sweeping, substantial changes to the directory fabric that binds Windows Server will have to wait until 2011 or so.

On what am I basing this prediction? Microsoft watchers know the company is revving Windows every two years. Longhorn Server is due in 2007. Longhorn Server Release 2, the minor, interim update to that product, is slated for 2009.

That means the next major version of Windows Server looks like a 2011 deliverable—barring any delays, of course.

/zimages/7/28571.gifClick here to read about how Full Armor extends the security of Microsofts Active Directory Group Policy.

At the RSA Conference in San Jose, Calif., in February, Microsoft announced that it is renaming many of the ancillary Active Directory services that already are bundled into Windows Server. For example, Identity Integration Feature Pack will become Active Directory Metadirectory Services.

With Longhorn Server, product setup and documentation will reflect these changes, according to Michael Stephenson, Microsofts director of product management for identity and access.

But with the next version of Windows Server, things will get more interesting, Stephenson said. Thats when Microsoft will be tweaking Active Directory and its complementary services so they become the crux of the federated-ID-management strategy the company has been promising to deliver for close to a decade.

"Well be expanding on our federated services vision that will light up InfoCard," said Stephenson, in Redmond, Wash. At the same time, "We will unify around a common architecture, policy model and management experiences" for this suite of Active Directory services, he said.

/zimages/7/28571.gifMicrosoft finds an unlikely backer for InfoCard. Read more here.

"Active Directory changes will be evolutionary more than revolutionary in the Longhorn time frame," said Gil Kirkpatrick, chief technology officer of NetPro Computing, a Phoenix-based distributed-management software provider and Microsoft partner.

"But its interesting that Microsoft has been moving toward a single ID-management platform for a couple of years. The product guys have been leading the message this time around. Now, the marketing message has caught up," Kirkpatrick said.

InfoCard is Microsofts brand for its federated ID tokens. InfoCard support will be built into Internet Explorer 7.0, which, in turn, will be built into the Windows Vista client due this year.

Many in this years RSA keynote audience must have felt a mixed sense of déjà vu and perhaps bewilderment as Bill Gates hammered home his message of trusted computing and the mounting problems of security and authentication that end-to-end federated ID schemes are slated to cure.

"Password systems [today] just arent cutting it," Gates said. "Im not pretending that were going to move away from passwords overnight, but for corporate systems, this change can happen over three to four years."

Where do we begin with this message? Is there any IT manager who hasnt understood for years that existing password authentication is the major "weak link" (as Gates called it)? And havent most of us heard him tell this tale over and over again? Hes made this very speech what seems like a million times, but were still five years out from a solution?

InfoCard and the melding of Active Directory service with a common identity, policy and management architecture seem to have been caught on the Longhorn development treadmill. Microsoft will roll into a future upgrade pitch (for both clients and servers) for the authentication solution that enterprises need now.

For more on Microsoft and Mary Jo Foley, check out

/zimages/7/28571.gifCheck out eWEEK.coms for Microsoft and Windows news, views and analysis.