$this->articleCE->primaryUrlById(3658246) = /security/article.php/3658246/OpenID+Joins+Microsofts+New+Security+Features.htm
OpenID Joins Microsoft's New Security Features - InternetNews.
RealTime IT News

OpenID Joins Microsoft's New Security Features

SAN FRANCISCO –- UPDATED: Five years after helping to launch Microsoft's Trustworthy Computing initiative, Bill Gates put some grace notes on how far and wide the extensive effort helped improve the company's product lines.

"It was just last week that we released Vista and that's a big milestone for us in terms of security because we had a chance to apply our development process, our secure design lifecycle process to that product," he said during the RSA Security Conference here.

Gates, who is transitioning out of day-to-day management of the company by 2008, called security the fundamental challenge that will determine whether the industry can successfully create a new generation of connected experiences.

"The answer for the industry lies in our ability to design systems and processes that give people and organizations a high degree of confidence that the technology they use will protect their identity, their privacy and their information," he said.

In an update that reflected a thaw in Microsoft's approach to some open source projects, Gates said the company's Windows CardSpace identity management metasystem will work with OpenID 2.0, an open source user-driven digital identity framework.

OpenID is a decentralized digital identity system, in which any user's online identity is given by URI , such as a Web address, and can be verified by any server running the protocol.

Web sites that support OpenID are fashioned in such a way that Internet users don't need to create and manage a new account for every site before being granted access; users need only to authenticate with an identity provider that supports OpenID.

Gates and Microsoft Chief Research and Strategy Officer Craig Mundie also outlined Microsoft's conceptual approach to supporting Trustworthy Computing.

This includes adapting to the evolution of networks, protection and identity.

Mundie said policy will be the key to managing computer access, rather than the gear connecting to the network. The executive said the idea is for the network and the Internet to seamlessly work together.

Gates also said Microsoft is a strong supporter of IPSec  and IPv6 . IPsec calls for Internet Protocol (IP) communications to be protected by authenticating or encrypting each IP packet in a data stream. IPv6 (Internet Protocol version 6) will significantly boost the number of IP addresses available for networked devices.

Gates and Mundie also called for devices that protect computer users' data in transit and data at rest whether they reside on server, the desktop or a mobile handheld computer or smartphone.

Finally, in the thought stream that led to the CardSpace-OpenID interoperability news, Gates and Mundie stressed the importance of an open, standards-based identity metasystem.

These approaches, Gates and Mundie argued, will lay the foundation for accessing the Web from any device without undue worry.

This is important, Mundie said, because computer-savvy criminals are becoming more "nefarious and serious" about hacking into databases or duping unsuspecting victims into coughing up personal information. "There are so many devices and people connected," Mundie said. "This challenge is going to get tougher.

In other Microsoft news today, Microsoft announced Identity Lifecycle Manager (ILM) 2007, which adds support for managing strong credentials such as certificates and smart cards over, as the name suggests, the life cycle of a user identity. The company will rev ILM "2" in late 2008.

Microsoft also announced the public beta of the new Forefront Server Security Management Console, a Web-based management application that does on site or remote administration of Microsoft messaging and collaboration security software.

ForeFront is Microsoft's enterprise security suite, a portfolio the company has created in the last few years through acquisitions and in-house development to vie for new market share versus Symantec, McAfee, IBM, CA and others.

Finally, the company said it is supporting Extended Validation (EV) SSL Certificates in Internet Explorer 7. When a user visits a site with a valid EV Certificate, Internet Explorer 7 will alert the user to the identity information by turning the background of the address bar green and displaying identity information.

The company also recently updated customers on the availability of Longhorn server, the long-awaited successor to the Windows Server operating system.

Beta 2 is currently available and is intended for evaluation by hardware manufacturers, independent software vendors and developers and the IT professional community. Beta 3 will be available publicly in the first half of 2007.

Longhorn security features include Network Access Protection (NAP), which allows administrators to isolate computers that don't comply with their security policies.

It is designed to protect both remote and local users from viruses, worms and malicious software by helping to verify and directly update any computer attempting to access the network, while restricting the network access of clients that aren't compliant with network policies.

Other security features of Longhorn include:

  • Windows Service Hardening, which limits the ability of a compromised service to damage a system by either allowing services to run with only privileges they need, or by allowing services to isolate themselves from other services or applications by using a unique service identity;

  • Full volume encryption prevents unauthorized users from breaking Windows file and system protection;

  • Windows Bitlocker Drive Encryption prevents a thief who boots another operating system or runs a software hacking tool from breaking file and system protections or performing offline viewing of the files that are stored on the protected drive;

  • Device installation policies can be used to prevent users from installing any device, allowing them to install only devices on an approved list of devices, or preventing users from installing devices that are on a prohibited list.

Michael Hickins contributed to this story.