"Every few years Microsoft issues another grand, unified plan for
identity management. Well, they've done it again."
"Why is Microsoft distancing itself from its previous identity
management strategies? The reason is simple. Neither Passport nor
WS-Federation has gained much industry support beyond a hard core of
Microsoft's closest business partners while the rest of the industry has
flocked to SAML.
Microsoft's new party line for identity management stresses the need for
a universal identity environment that supports interoperation of
multiple identity technologies run by multiple identity providers. This
represents a 180-degree turn away from WS-Federation and Passport. The
former was intended to serve as the single universal federated identity
management protocol; the latter was positioned as an uber-identity
provider for all of cyberspace. "
"Privacy protection is the principle theme of Microsoft's new identity
management strategy. This comes through loud and clear in the identity
laws promulgated by Kim Cameron, the mastermind behind the strategy.
Cameron says identity management systems must gain user consent before
revealing information identifying the user; disclose the minimum amount
of identifying information necessary; limit that disclosure to parties
with a need to know; provision public and private identifiers for
pointing to users' identity data; and provide user interfaces that help
people avoid revealing personal information to phishing and pharming
scams. Missing from Cameron's laws is any mention of trust management,
strong assurance, multifactor authentication, single sign-on, role-based
access control, confidentiality, integrity, nonrepudiation, audit,
compliance and governance.
It's good to see Microsoft recognizes where it went astray in its
previous identity management visions. But its new strategy is too
narrowly focused to serve as the basis for a truly universal,
general-purpose, federated identity management environment. And its
InfoCard mechanism does little to address the threat of identity theft
on server-based identity providers throughout the federated world.
Microsoft needs to think through these issues more comprehensively
before releasing grandiose new vision statements."
<http://www.networkworld.com/columnists/2005/053005kobielus.html>
©2005 Bill Anderson |
