As an add-on NGAD is similar in concept to Active Directory Federation Services, a module for sharing authentication, and Active Directory Application Mode (ADAM), which will eventually give way to NGAD.
NGAD lets users create complex relationships among the data it stores such as friends, colleagues, roles, management chains, service assignments and machine sets. Those relationships can be used to create detailed claims that govern access control
Currently, AD's only relationship construct is "group."
"In a directory there isn't the ability to do the kinds of relationships that you can do even in the world's worst database,"Cameron says.
Another evolutionary element is support for the newest Web technologies such as RSS and REST to create a connection between instances of NGAD and an application or service. For example, an application could subscribe to an NGAD instance via RSS and receive updates to the claims data it stores.
"We are taking what we learned with LDAP generation directories and adding a kind of self-knowledge. The system knows how to update the data," Cameron says.
He says NGAD is in the very early stages and "there are still some really hard problems to solve." Microsoft's goal at PDC is to talk directly to developers, get them to look at the API, let them figure out how the new schema works and then listen to their feedback.
"We want to be open with what we are doing and have a relationship with the industry and lay it all out there," says Cameron, who over the past years has championed an industry-wide effort to create a standard framework around identity. He says this new effort won't be Microsoft centric and that his hope is for another standards-based industry push to define the technology.
NGAD is the next step in Microsoft's claims-based Identity MetaSystem strategy, which began in 2005 and defines a distributed identity architecture for multi-vendor platforms.
As Microsoft builds out its story around the cloud-based Azure platform, NGAD is one of the foundational elements developers can take advantage of for access control.
Microsoft did not lay out a timeframe for the NGAD directory add-on, but if it follows previous directory innovations by the company it could be released as a stand-alone product or baked into the next version of Windows.
Follow John Fontana on Twitter: twitter.com/johnfontana