Microsoft's 'PassPort' Out, Federation Services InBy Channel Insider Staff | Print
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
Redmond balks at public pronouncements on its federated identity-management strategy. However, the slides from the TechEd conference tell it all.SAN DIEGOIt's been two years since Microsoft issued any official pronouncements on "TrustBridge," its collection of federated identity-management technologies slated to go head-to-head with competing technologies backed by the Liberty Alliance.
When Microsoft went public with its TrustBridge plans in June 2002, Redmond officials said to expect the first TrustBridge deliverables to hit in 2003 and published a "Federated Security and Identity Roadmap" document (which the company has since removed from its Web site).
But TrustBridge has been a complete no-show. Until now.
Despite the lack of direct comment, Microsoft officials said plenty during presentations at TechEd here.
Federated identity management, according to Mike Neuburger, a program manager with Microsoft's Active Directory/federated services group, who presented at TechEd on Tuesday, is "the ability to bridge islands of identities."
Neuburger said Microsoft's goal with federation is to enable interoperability across organizational and platform boundaries. Microsoft wants to connect securely with Windows "forests," with other WS*- compliant (Web services) vendors and with Microsoft's own Passport Internet authentication technology.
There were very few mentions of Passport in any TechEd presentations on identity management. This is a sharp departure from 2002, when Passport was touted as a key component of Microsoft's TrustBridge strategy.
Currently, Microsoft officials are actively shunning the TrustBridge code name. Instead, they are focusing much of their efforts on "Active Directory Federation Service" (ADFS), a technology that is slated to be part of the "R2" Windows Server release that is due to ship next year.
ADFS adds federated identity support to Active Directory via Web services, especially those adhering to the WS-Security and WS-Federation specifications.
ADFS will "extend Active Directory to enable single sign-on to external Web applications and Web services using existing organizational identities," according to one PowerPoint slide from a presentation on federated identity management at TechEd.
Microsoft briefly demonstrated ADFS as part of Server and Tools Vice President Andy Lees' keynote address on Tuesday here.
But ADFS is only one piece of Microsoft's new and improved identity-management puzzle, it seems.