6 June 2002 Microsoft is developing security software that it hopes will promote the adoption of web services by organisations and strengthen its own position in the market.
The software giant said that the technology, codenamed TrustBridge, will provide single sign-on for business users logging onto Windows-based systems, whether hosted locally or remotely. Users can create an identity through Microsoft’s Active Directory services software, , or a rival product on any operating system that supports network security standard, Kerberos.
TrustBridge uses web services standards, including the simple object access protocol (SOAP) to pass user identification information over HTTP, says Microsoft. It is based on work done with IBM and Verisign on a specification called WS-Security. The authorisation technology won’t be available until 2003, although the company has yet to decide whether to package it with other products, or sell it separately, it says.
The ultimate goal for web services is to enable companies to more easily share information with partners, suppliers and customers across disparate applications and networks. However, the lack of a specific security standard for web services is, say analysts, one of the biggest factor that will affect the adoption of such collaborative working practices. Organisations are simply not convinced that exposing their inventory levels to customers over the web or checking customer credit records via a third-party software module, is secure enough.
As a result, identity management and authorisation looks set to become a fiercely contested sector of the web services market. Rival Sun Microsystems is developing authentication technology through the Liberty Alliance, an initiative which counts 40 companies among its membership. Liberty Alliance says it will release its long-awaited debut specifications by the middle of 2002.
But Microsoft will struggle to convince businesses of its security credentials, given the series of security flaws that have blighted Microsoft products such as its browser Internet Explorer and its web server Internet Information Server (IIS).
Recognising this, chairman Bill Gates has repeatedly said that beefing up the security of its products remains a top priority for the company.