REDMOND, Wash., June 6, 2002 — Taking the next step toward a more connected and secure Web services environment, Microsoft Corp. today announced a new Windows® technology, code-named
that will enable businesses to share user identity information between applications and organizations.
technology will allow different organizations using the Windows operating system to exchange user identities and interoperate in heterogeneous environments using industry-standard XML Web services protocols including Kerberos, WS-Security and forthcoming protocols in the WS-Security family. Federated identity management makes it easier for businesses to build deeper and more dynamic relationships with customers, partners and suppliers, and helps mobile employees increase their productivity.
Microsoft also delivered a product roadmap, the Microsoft Federated Security and Identity Roadmap, for federated security and identity management across the Microsoft® product line. Both
and the Microsoft products, tools and services outlined in the roadmap build on the WS-Security specification to establish a federated model for user identity exchange. Introduced by Microsoft, IBM Corp. and VeriSign Inc. in April of this year, WS- Security is a security specification that defines a standard set of Simple Object Access Protocol (SOAP) extensions or message headers for exchanging secure, signed messages in a Web services environment and provides a foundation on which to build federated and interoperable Web services. In conjunction with the WS-Security specification, Microsoft and IBM co- authored a roadmap, Security in a Web Services World, that outlines plans for future specifications in the family and defines the architectural approach to establishing a federated trust model for user identity.
“Early on, Microsoft recognized that the key to taking the success of XML Web services to the next level hinged on the industry’s ability to ‘federate’ or establish cross-company trust,”
said Sanjay Parthasarathy, corporate vice president of the Platform Strategy Group at Microsoft.
“Microsoft is filling a critical need for our customers and the industry by supporting the industry standard protocols for federating XML Web services across the Microsoft product family.”
: Delivering Cross-Company Trust
By providing a way to establish and maintain trust relationships, Windows
removes many of the barriers IT organizations face, allowing them to securely authenticate and share user identities across business and security boundaries.
Businesses that manage user identities with the Active Directory® service in Windows will be able to deploy
to recognize and share identities with other organizations running Windows or any other identity infrastructure on any operating system that supports Kerberos v5.0. Kerberos, supported in Windows platforms and a variety of UNIX environments, is a widely adopted open standard for authentication maintained by the Internet Engineering Task Force. To enable an organization to federate with another,
will use the WS-Security protocol family. By using WS-Security and SOAP over HTTP,
provides the additional benefit of eliminating a company’s need for further firewall configuration.
The initial release of
technology is scheduled for 2003. Information on
pricing and delivery vehicles has yet to be released.
Enabling Federated Security in Microsoft Products
In today’s roadmap announcement, Microsoft outlines the products and approach it will take in implementing support for the WS-Security family of specifications. Microsoft will embrace WS-Security, building support for a federated security model throughout current and future products, tools and services, including the following:
.NET Passport. .NET Passport, an Internet-scale authentication service for business-to-consumer interactions, will support SOAP messages over HTTP, add support for Kerberos and embrace WS-Security in 2003. These enhancements will enable .NET Passport to federate with
and other WS-Security-based authentication systems.
Visual Studio .NET. Later this year, Microsoft will provide support for WS-Security and federated security within Visual Studio® .NET. This will allow developers of Web services to easily add digital signature support and SOAP message encryption as outlined in the WS-Security specification.
Enterprise infrastructure products. In addition to
by embracing WS-Security as a foundation for identity sharing, current and future product functionalities in Windows Server products will enable organizations to achieve a more federated approach to security.
In addition to heterogeneous federation via
Windows .NET Server, scheduled to release to manufacturing this year, will provide cross-forest trust for Active Directory, integration of Passport authentication with both the Active Directory Service and Internet Information Service, security protocol translation, and constrained delegation to support federation.
Microsoft Metadirectory Service 2.2, a centralized service that stores and integrates identity information from multiple directories, enables organizations to synchronize directory information into Active Directory in real time.
In February Microsoft announced a new sample XML filter for Microsoft Internet Security and Acceleration Server that provides application-level filtering at the edge of the network to screen and inspect incoming SOAP and XML data. The sample helps companies prepare to secure their networks as they adopt Web services.
The Microsoft Federated Security and Identity Roadmap is available for download on the MSDN® site, at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwebsrv/html/wsfederate.asp?frame=true . The WS- Security specification and the co-authored roadmap, Security in a Web Services World, are also available on the MSDN site, at http://msdn.microsoft.com/ws-security/ .
Founded in 1975, Microsoft (Nasdaq
) is the worldwide leader in software, services and Internet technologies for personal and business computing. The company offers a wide range of products and services designed to empower people through great software — any time, any place and on any device.
Microsoft, Windows, Active Directory, Visual Studio and MSDN are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass/ on Microsoft’s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. Journalists and analysts may contact Microsoft’s Rapid Response Team for additional assistance.