RealTime IT News

Microsoft May Bundle Up Protection

Microsoft has taken a lot of heat for what critics have described as its inability to bring trusted identity management to the public in the last few years. But that hasn't stopped the software giant from trying.

Microsoft is trying to integrate its identity management software components into one platform to make it easier for developers using the technology.

"Every new feature had to go through a process where we'd understand exactly what were its implications for broad substantive issues, not just the security, but privacy as well, which is very, very critical," Microsoft Chief Software Architect Bill Gates said during his keynote at the RSA Conference 2005 yesterday.

"The updating isolation, and now access control is very important, and we're taking that and extending it out to the developers."

At the show, Gates unveiled enhancements across the company's product lines, including Service Pack 1 for RMS. RMS SP1 allows users to deploy DRM without a network connection to the Internet and without an operational dependency on Microsoft.

The company is also targeting the anti-virus and anti-spyware markets vendors Symantec and McAfee are entrenched in.

Gates said Microsoft's efforts to simplify the way it offers security include a combination of identity management and digital rights management applications, which would be bundled into the Windows Server platform.

By knitting together applications such as Active Directory, Active Directory Application Mode (ADAM), Active Directory Federated Services, Windows Rights Management Services (RMS) and Microsoft Identity Integration Server (MIIS), the company could make it more efficient for developers, he said.

A Microsoft spokesperson said the company does not "have any additional information to share around Identity Management beyond what's publicly available."

But Forrester analyst Jonathan Penn said the move to integrate its disparate security applications into one chunk to fit into Windows Server would hardly be surprising.

"I suspect this is the same kind of strategy that Microsoft always executes: playing to its strengths by doing more on its home turf than others do, even though it does less on others," Penn said. "So they'll likely pull ID management and DRM together in access control over the file system and individual files."

Microsoft embarked on its Trustworthy Computing campaign in 2001 to ease customer concerns about its ability to offer secure software following a rash of exploits.

In 2002, it introduced RMS, a DRM platform the company calls TrustBridge. The product became available in fall 2003.

A more integrated security platform would be welcomed by Microsoft supporters such as Oracle, said Rodger Sullivan, Oracle vice president and board member of the Liberty Alliance Project for creating federated identity products.

Sullivan said the Liberty Alliance would also welcome Microsoft's participation in developing open ID management standards. Microsoft is currently working with Sun Microsystems on making ID management interoperable between the two companies competing on .NET and Java platforms.

Part of this has to do with a settlement between the two companies. But another part has to do with the negative view the industry has of Passport, Microsoft's single sign-on software.

While the Redmond, Wash., concern once said Passport would be ubiquitous, partners such as eBay and Monster.com have dropped Passport in favor of their own software.

The technology has largely been relegated to sign-in to Microsoft sites.