Microsoft opens up its identity management e-wallet
Says open-source developers shouldn't worry that technology offer is a patent trap
Microsoft is making the Identity Selector Interoperability Profile technology freely available under its Open Specification Promise (OSP) to any developers -- individuals as well as programmers at open-source projects or commercial ventures -- who want to build identity management software. The OSP is a mechanism through which Microsoft offers some of its technology specifications for open use while making "a personal promise" not to assert any patent claims against people who utilize them.
Identity Selector is a sort of electronic wallet that securely stores an end user's personal information, according to Thom Robbins, director of Microsoft's .Net product management group. Used with the company's Windows CardSpace technology, Identity Selector can make it easier for users to log into Web sites and for sites to harvest as little or as much personal information from a user as needed to authenticate his identity, Robbins said.
Formerly known as InfoCard, CardSpace is a component of Microsoft's .Net Framework 3.0 that is built into Windows Vista and available for Windows XP. Nevertheless, it is meant to be a cross-industry technology that can be adopted by all users -- unlike Passport, an earlier Microsoft technology that enabled people to use the same username and password when logging into HotMail, MSN and other Microsoft Web sites or services.
Other technology that Microsoft has released under the OSP include its Office Open XML file format.
Microsoft also said that is creating four open-source projects to help Web developers accept the authentication data created by CardSpace and Identity Selector. These projects are meant to enable interoperability with Java on systems running Sun Microsystems Inc.'s Sun Java System Web Server, IBM's WebSphere Application Server or the open-source Apache Tomcat software, and with Ruby on Rails and PHP on the Apache Web Server.
Two of the open-source projects will be hosted on the SourceForge and RubyForge Web sites, while the other two will be hosted on separate pages on Microsoft's own CodePlex site -- one for Java, and the other for Ruby.
In addition, Microsoft said it will cooperate with two small vendors on an open-source project to build an OpenLDAP adapter for its Identity Lifecycle Manager 2007 software. That will enable users to synchronize identity information between Microsoft's Active Directory and the OpenLDAP directory and add to ILM 2007's out-of-the-box connectivity to 30 other directories, databases and identity systems, Microsoft said.
Despite recent statements by Microsoft reiterating its claims that Linux and other open-source technologies violate its intellectual property, Jean Paoli, the software vendor's general manager for interoperability and XML architecture, said that open-source developers shouldn't look skeptically at today's announcements.
In identity management, Paoli said, "I can tell you that we do a lot of open-source projects, and it's all about collaboration."
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts