Microsofts Passport Out, Federated Services In

Redmond balks at public pronouncements on its federated identity-management strategy. However, the slides from the TechEd conference tell it all.

SAN DIEGO—Its been two years since Microsoft issued any official pronouncements on "TrustBridge," its collection of federated identity-management technologies slated to go head-to-head with competing technologies backed by the Liberty Alliance.

When Microsoft went public with its TrustBridge plans in June 2002, Redmond officials said to expect the first TrustBridge deliverables to hit in 2003 and published a "Federated Security and Identity Roadmap" document (which the company has since removed from its Web site).

But TrustBridge has been a complete no-show. Until now.

At the TechEd 2004 conference here this week, Microsoft execs offered an updated look at where TrustBridge is now, and how Microsoft plans to deliver new products that take advantage of the concept.

Microsoft has merged its Active Directory and federated services teams, company officials acknowledged. This is the team that now spearheads the TrustBridge work. But, beyond that point, Microsoft officials declined repeated requests for comment on TrustBridge specifics.

Despite the lack of direct comment, Microsoft officials said plenty during presentations at TechEd here.

/zimages/1/28571.gifOfficials of the Liberty Alliance say its federated identity scheme is ready to go. Click here to read more.

Federated identity management, according to Mike Neuburger, a program manager with Microsofts Active Directory/federated services group, who presented at TechEd on Tuesday, is "the ability to bridge islands of identities."

Neuburger said Microsofts goal with federation is to enable interoperability across organizational and platform boundaries. Microsoft wants to connect securely with Windows "forests," with other WS*- compliant (Web services) vendors and with Microsofts own Passport Internet authentication technology.

There were very few mentions of Passport in any TechEd presentations on identity management. This is a sharp departure from 2002, when Passport was touted as a key component of Microsofts TrustBridge strategy.

Currently, Microsoft officials are actively shunning the TrustBridge code name. Instead, they are focusing much of their efforts on "Active Directory Federation Service" (ADFS), a technology that is slated to be part of the "R2" Windows Server release that is due to ship next year.

ADFS adds federated identity support to Active Directory via Web services, especially those adhering to the WS-Security and WS-Federation specifications.

/zimages/1/28571.gifRead more here about the WS-Security standard, and Microsoft and Suns cooperation.

ADFS will "extend Active Directory to enable single sign-on to external Web applications and Web services using existing organizational identities," according to one PowerPoint slide from a presentation on federated identity management at TechEd.

Microsoft briefly demonstrated ADFS as part of Server and Tools Vice President Andy Lees keynote address on Tuesday here.

But ADFS is only one piece of Microsofts new and improved identity-management puzzle, it seems.

/zimages/1/28571.gifTo read the full story, click here.