Dr. Dobb's is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Channels ▼
RSS

.NET

Microsoft Courts OpenID


Despite recent security improvements to its next generation of software, Microsoft announced plans Tuesday to augment its own identity authentication standards with the OpenID framework.

The company is presenting a proof-of-concept demonstration and collaboration between its Windows CardSpace initiative and the OpenID 2.0 specification at the RSA Security Conference in San Francisco this week. The relationship is expected to help eliminate what's sometimes known as the "man-in-the-middle" attack, where a third party can read and modify messages between two unsuspecting parties.

Microsoft chairman Bill Gates and chief research and strategy officer Craig Mundi said the company would be adopting the decentralized identity management system because it realized that authentication was needed at the application layer for many Web 2.0 products. The announcement comes five years after Gates issued to Microsoft employees his "Trusted Computing" directive, which stressed security as the company's highest priority.

"Those were the days when we talked mostly about the 'I Love You' virus," Gates said during his keynote address at RSA.

Fast-forward to today, where Microsoft itself is acknowledging that attacks are more focused on areas other than the network, such as the application level.

"We realized that we still needed to create a GUI for credentials and for situations that were more on an ad hoc basis," Mundi said during the morning keynote. "It should be no more difficult for a person to identify themselves online as it is to walk in person and take a driver license and credit card for identification."

Developed by Brad Fitzpatrick of LiveJournal, OpenID is fast gaining market acceptance by Web 2.0 groups such as Wikipedia and Technorati, as well as computer security firms like Symantec.

Windows CardSpace -- formerly InfoCard -- is part of Microsoft's .Net 3.0 framework and integrates with Microsoft's Windows Communication Foundation, Windows Workflow Foundation, and Windows Presentation Foundation.

Gates noted also that the OpenID 2.0 spec would help support Microsoft's own Web security protocols, which are widely used in Web services transactions.

"There are reputation and trust issues involved that this helps solve," Gates said.

Gates and Mundi said the CardSpace/OpenID proof-of-concept demonstration is expected to be implemented in the Windows Longhorn Server product, currently in beta testing and due out later this summer.

In addition to testing OpenID in its architecture, Microsoft announced Tuesday security-related products and partner initiatives, including the launch of its Identity Lifecycle Manager 2007, the release of a public beta for its Forefront Server Security Management Console, and additional support of Extended Validation SSL Certificates in Internet Explorer 7. Microsoft also recently announced other key security-related initiatives, including the general availability of the Intelligent Application Gateway 2007, a Microsoft Network Access Protection 100-partner milestone, and the launch of Windows Live OneCare.


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.