Today, Bill Gates and Craig Mundie keynoted the RSA Conference 2007 and announced a variety of security related Microsoft initiatives. Perhaps the biggest news was announced in detail on the blog of Microsoft’s Kim Cameron where Microsoft pledged interoperability between its CardSpace identity technolgy and the emerging open standard, OpenID:
JanRain, Microsoft, Sxip, and VeriSign will collaborate on interoperability between OpenID and Windows CardSpace™ to make the Internet safer and easier to use. Specifically (excerpted – ed.):
- Microsoft recognizes the growth of the OpenID community and believes OpenID plays a significant role in the Internet identity infrastructure. Kim Cameron, Chief Architect of Identity at Microsoft, will work with the OpenID community on authentication and anti-phishing.
- JanRain, Sxip, and VeriSign recognize that Information Cards provide significant anti-phishing, privacy, and convenience benefits to users. Information Cards, based on the open WS-Trust standard, are available though Windows CardSpace™.
- JanRain, Sxip and VeriSign plan to add Information Card support to future identity solutions.
- Microsoft plans to support OpenID in future Identity server products
- The four companies have agreed to work together on a “Using Information Cards with OpenID” profile that will make it possible for other developers and service providers to take advantage of these technology advancements.
The OpenID connection wasn’t surprising given Microsoft’s past failed attempt to go it alone in the identity business with Passport.
• Microsoft announced Identity Lifecycle Manager (ILM) 2007. Available to customers in May, ILM 2007 is a new solution that builds on Microsoft’s metadirectory and user provisioning capabilities by adding support for managing strong credentials such as certificates and smart cards. ILM provides an integrated and comprehensive solution for managing the entire life cycle of a user identity. Microsoft also unveiled a comprehensive strategy and road map for identity life-cycle management, including planned availability of ILM “2,” the next version of ILM, in late 2008.
• Microsoft launched the public beta of the new Forefront Server Security Management Console, a centralized, Web-based management solution for onsite or remote administration of Microsoft messaging and collaboration security solutions.
• Microsoft announced that it has enabled support for Extended Validation (EV) SSL Certificates in Internet Explorer 7, which is the first browser to fully support EV SSL Certificates. When a user visits a site with a valid EV Certificate, Internet Explorer 7 will alert the user to the available identity information by turning the background of the address bar green and displaying identity information. Twelve certificate authorities, including VeriSign Inc., Cybertrust and Entrust, are already issuing EV SSL Certificates.
• Microsoft has added four new data providers to the Microsoft Phishing Filter service: the Australian Computer Emergency Response Team (AusCERT), BrandProtect, MySpace.com and Netcraft Ltd., whose own broad set of Internet Explorer and Firefox toolbar anti-phishing data sources will be included as data feeds into the service. These new providers join Microsoft’s current anti-phishing data providers, which include Cyveillance, Digital Resolve, Internet Identity, MarkMonitor Inc., and RSA Security, the security division of EMC Corp.
Microsoft Corp. today announced the availability of MapPoint® 2006, an industry leader in business mapping software. MapPoint 2006 can help customers improve decision-making capabilities and increase new business opportunities through the use of maps and geographical information, enabling better analysis, visualization and communication of business information. It also enhances its usefulness for mobile information workers by adding rich new Global Positioning System (GPS) integration and driver guidance capabilities so that users can make the most out of time spent away from the office. MapPoint 2006 is available today, and comes in two offerings: a stand-alone software package as well as one that includes both the MapPoint 2006 software and a new GPS locator hardware kit.
Microsoft Corp. today announced the availability of the Microsoft® Solution for Windows®-based Hosting for Applications Version 1.0. The new solution provides independent software vendors (ISVs) and hosting service providers with the platform, tools and best practices to deliver software as a service, an area in which leading IT market research and advisory firm IDC estimates spending will reach $10.7 billion (U.S.) worldwide by 2009.
One of the little publicized Microsoft hosting solutions. Admittedly, it’s a specialized market.
Beta 1 of Virtual Server 2005 R2 service pack 1 includes:
Intel Virtualization Technology compatibility Host Clustering technical white paper and the VB script
Beta 2 includes the features of Beta 1 plus:
AMD Virtualization compatibility Active Directory integration and management features Volume Shadow Service (VSS) Expanded guest and host OS support
Download Beta 1 here. Beta 2 is planned for Q4 and final release in 1Q2007.
‘Mendicino’ Version 1.0 Ready to Roll. Mary Jo Foley reports that Mendocino, the SAP/Microsoft joint project linking Office to the SAP back-end will be announced tomorrow.
Windows Live ID has been rolled out in place of Passport for the Windows Live sites. Passport login information still works, of course. More details here.
Ed Oswald has an exclusive at BetaNews:
EXCLUSIVE Microsoft plans to roll its Passport authentication service into the Windows Live family of Web services by 2007, renaming it to Windows Live ID, BetaNews has learned. While the company is keeping mum on specifics, the service would make use of Microsoft’s new InfoCard technology.
A Microsoft spokesperson confirmed the existence of Windows Live ID to BetaNews late Monday, calling it the authentication service for Windows Live. “You may consider it a major upgrade to Passport technology,” he said. According to Microsoft, Windows Live ID would play a large part in making upcoming services possible.
“We do plan for Windows Live ID to work with InfoCards in the future,” he continued, although declined to say whether the feature would make it into the service’s initial launch.
With over 30 services potentially taking on the “Live” moniker, industry watchers are warning that the Redmond company risks diluting the brand like it did with the .NET concept.
If this is correct, I detect a bigger branding disconnect than that. Passport and InfoCard are completely different technologies for addressing the same problem and as I mentioned earlier today, while Passport has a deserved reputation as too proprietary, the Open Source crowd is now saying the same thing about InfoCard. Renaming Passport as Windows Live ID won’t do anything for its acceptability and forever tarnishes the Windows Live ID name for the eventual InfoCard solution.
As for the Microsoft fad of renaming every product as “Windows Live Something,” there’s more detail in the article and this is a perfect example. Currently Passport is in a sort of “Microsoft Use Only” limbo – why does it need to have “Windows Live” slapped on it? What’s next, Windows Live Bob?
Just two weeks ago, Bill Gates was touting the InfoCard identity management system coming in Windows Vista. Today it appears that an Open Source alternative will be announced. Joris Evers at CNET:
IBM and Novell on Monday are expected to announce an open-source response to Microsoft’s forthcoming InfoCard identity management technology.
The companies plan to contribute to an open-source initiative code-named Higgins Project. The project aims to help people manage their plethora of Internet logins and passwords by integrating identity, profile and relationship information used across authentication systems on the Net.
The open-source project, managed by the Eclipse Foundation, is a response to Microsoft’s InfoCard identity management technology, Anthony Nadalin, distinguished engineer and chief security architect at IBM, said in an interview.
“This is a move to help get identity management out in the open source. InfoCard is one user-centric identity system…but the implementation Microsoft has is not what I would call open,” he said. “There are a lot of hidden elements.” One example, he said, is how it interacts with Active Directory, Microsoft’s identity management technology for businesses.
Microsoft has been taking pains to make sure that InfoCard doesn’t suffer the same fate as Passport, which was viewed as too proprietary, by touting its open nature (,,). It looks like they have a way to go. Also, all of these identity management systems require that Web site proprietors sign up to use them in place of their existing security arrangements. That alone guarantees a long, rancorous process.
Update: The IBM press release is here.