..plot of Microsoft is taking shape.
Microsoft last week extended its directory beyond Windows with the introduction of an interoperability program and agreements with key partners.
Microsoft is ramping up the interoperability program ahead of the next release of Windows Server 2003, dubbed R2, which will include Active Directory Federation Services (ADFS). R2’s release has been pushed back to between October and year-end.
ADFS lets users share authentication, or federate, data across corporate boundaries. Microsoft uses a protocol it developed with IBM called WS-Federation to support that sharing. Many other vendors use a competing standard called Security Assertion Markup Language (SAML).
Tools coming from Centrify and Vintela will let users directly hook Web-based Java applications into the directory. Centrify will add a set of modules to its DirectControl suite that uses SAML to tie Java applications to ADFS and its WS-Federation protocol. Vintela is adding ADFS federation support to its Vintela Single Sign-on for Java. The software is expected to be available shortly after Windows Server 2003 R2 ships.
“Microsoft is now entering the market with its own single sign-on, federated identity management platform, and the challenge that it has is that for users to do federated identity they have to have a pure Microsoft environment and from a Web applications perspective that is just not going to be the case” in most companies, says Tom Kemp, CEO of Centrify.
Also, Kernel Networks is developing an OpenLDAP management agent that is scheduled to be available on a royalty-free basis by year-end. The agent will let customers integrate OpenLDAP 2.x into identity-management infrastructures based on Active Directory and Microsoft Identity Integration Server 2003.
In addition to the integration work of third-party partners, Microsoft has added other aspects to its program, including an interoperability lab in Redmond, Wash., and a Web site focused solely on Active Directory interoperability.
Microsoft also says it will offer licensing for intellectual property and protocol technology to foster interoperability, including licensing the Active Directory Password Change Notification Service to independent software vendors and corporate users who want to incorporate the technology into their applications.
“We have made it easier to get at password information,” says Microsoft’s Michael Stephenson. “You can change a user telephone number and have it be the same in all repositories. Now you can have the password be the same.”