Microsoft, Sun agree on sign-on specs

Computerworld - Microsoft Corp. and Sun Microsystems Inc. today said they have agreed to a single sign-on specification to ease cross-platform identity management and promised to broadly improve the interoperability of their rival .Net and Java Web services platforms.
The announcement, made in Palo Alto, Calif., by Microsoft CEO Steve Ballmer and Sun CEO Scott McNealy, comes one year after the two companies agreed to settle a lengthy antitrust legal battle. The settlement included a $2 billion payment by Microsoft to Sun and a 10-year agreement to improve interoperability between the companies' systems (see story).
"We've integrated the security environment," said Ballmer, "enabling you to essentially form an integrated view of users, security and IDs between the Sun world and the Microsoft world. That's a very important piece of work that we have done in the first 12 months."
The companies jointly developed single sign-on specifications for both .Net and Sun's Java Enterprise System environment that work within a company's firewalls and with suppliers and partners.
Microsoft and Sun also said they are jointly developing software for managing the systems of both companies from a single console and working to improve the ability of Sun's Sun Ray thin-client system to work with Microsoft products.
"You have Solaris and Windows playing nice -- in unique and quite unexpected ways across the board," said McNealy.
The two companies also formed an IT advisory board that includes Fred Killeen, director of systems development and chief technology officer at General Motors Corp.'s Information Systems and Services organization.
GM, which has 1 million users across the globe, is a heavy user of Solaris and Windows systems, Killeen said. The automaker uses Microsoft desktops that authenticate users to Active Directory, but it also has a user portal environment called Socrates that uses Sun's portal products and directory in the back end.
The Microsoft and Sun effort will "enable us to have an end-to-end authentication for the users," he said.
Such authentication is important because "it will take out a significant amount of the complexity in our current environment," said Killeen. "We will have fewer passwords, we will have fewer calls to our help desk, so we expect that we will reduce the complexity and the cost. So this is really a big deal for us," he said.
GM is now working on a proof of concept to develop an integrated environment.
The single sign-on draft specifications, called Web Single Sign-On Metadata Exchange Protocol and Web Single Sign-On Interoperability Profile, will be submitted to an as-yet-unidentified standards body andwill likely be included in next year's product releases.
Ballmer said end users "want to be able to log-in in the morning and they want to be able [log into] applications that run on .Net and applications that run on Sun systems."
The specifications solve a problem created, in part, by two authentication specifications, either those produced by the Liberty Alliance or the WS* (the asterisk is used to indicate a range of WS-I or Web Services Interoperability Organization specifications).
Jamie Lewis, an analyst at Burton Group in Midvale, Utah, said the single sign-on plan "is the most significant piece" of today's announcement because Web-based single sign-on will help users with security as well as Sarbanes-Oxley compliance issues.
While it doesn't cover all user needs, Lewis said it will cover many of them.