Microsoft Calls for Initiative on Web Security

The vendor-neutral proposal is based on the software maker's Trustworthy Computing push. 

SAN FRANCISCO-Buoyed by the success of Trustworthy Computing at Microsoft-a five-year initiative that saw the company move from security pariah to industry trendsetter-the software giant is proposing a vendor-neutral push to build an ecosystem of trust on the Internet.

Microsoft used the spotlight of the RSA Conference 2008 here April 8 to start the dialogue on what is being called End to End Trust, a concept built around authenticating identities and securing Web-based transactions and communications.

During a fireside chat-style keynote address, Microsoft Chief Research and Strategy Officer Craig Mundie announced the release of a white paper outlining the proposal and called for "robust and meaningful discussion" from partners and competitors alike.

"The opportunity is now," Mundie said, noting that the rise in malware-related identity theft and child safety issues has pushed security and privacy issues to the front burner.

At its core, Microsoft's End to End Trust proposal calls for the creation of a trusted stack where each element in the stack-the operating system, applications, people and data-can be authenticated and is equally trustworthy.

The proposal, which Mundie said will require buy-in from partners and competitors alike, also calls for a system that enables people to preserve their identity claims while addressing issues of authentication, authorization, access and audit.

Although the proposal is being billed as a clone of Microsoft's long-term TwC, a collaborative effort that underscores security and privacy principles at every stage of software creation, company officials are careful to stress that it must emerge as a vendor-neutral approach with closer alignment between technological, social, political and economic forces.

"We need to come together and work on extending Trustworthy Computing to the Internet," George Stathakopoulos, general manager of security response at Microsoft, said in an interview with eWEEK. "I think you can safely say that the Internet today is where we were five years ago. We were not in the best shape. In 2002, we had to deal with the big worm attacks and we were struggling to cope. We adopted the Trustworthy Computing initiative and we accomplished a lot over the last five years."