MS Goes Open Source to Boost Identity Management

By Lisa Vaas  |  Posted 05-24-2007
Microsoft is launching a slew of initiatives to help Web sites identify visitors.

First, the company is kicking off four open-source projects to support the development of ID cards for online users. Microsoft is also releasing one of its identity management specs, Identity Selector Interoperability Profile, under its OSP (Open Specification Promise), meaning the specification is clear of licensing fees or patent worries.

Finally, Microsoft is responding to users' requests for better direct synchronization of identity information between Active Directory and the OpenLDAP Directory using Microsoft ILM (Identity Lifecycle Manager) 2007 by collaborating on an open-source project with Kernel Networks and Oxford Computer Group to create an OpenLDAP adapter for Microsoft ILM 2007.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internet's Security IT Hub.

Microsoft says information cards are the primary mechanism for representing user identities in what the company is calling the identity metasystem—an ecosystem in which personal identity information can be exchanged so people know with whom they're dealing online.

The company describes the identity metasystem as having three elements: people presenting their identities, a site or service needing proof of identity, and the identity providers who put forth information about those people.

Those identity providers can be any organization that controls identity information, stored in directories or databases: insurance companies, government agencies or academic institutions, for example.

The projects, announced on May 24, are geared to improving interoperability for those three elements and demonstrate what Microsoft calls its "Interoperability by Design" efforts.

"Our customers expect us to enable interoperability between Microsoft-based solutions, as well as across other platforms and technologies. For this reason, we take a very pragmatic, customer-centric view of interoperability," Bob Muglia, senior vice president of the Server and Tools Business at Microsoft, based in Redmond, Wash., said in a statement. "Addressing the effective exchange of identity information is a perfect example of how we look at interoperability holistically in order to meet a critical customer need."

The open-source projects will create code to specify Web sites' security policies and to accept cards in Java for Sun Java System Web Servers or Apache Tomcat or IBM's WebSphere Application Server, Ruby on Rails, and PHP for the Apache Web server.

In addition, the goal of one of the projects is to implement a C library that can be used generically on any site or in any Web service. Microsoft Windows already supports information cards with the Visual Studio development environment; the implementations created by the open-source projects will complement that existing ability.

The projects will be hosted here on SourceForge.Net and here on RubyForge. They'll also be aggregated for developers to access at here and here.

As far as the Identity Selector Interoperability Profile goes, it will be joining 38 other Web services specs that Microsoft put out under its OSP in September. The purpose of this spec is to improve interoperability in the identity metasystem for client computers using any platform.

Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK's Security Watch blog.