Vendors seek unity on identity protocols

Microsoft will participate in meetings to improve interoperability of its ID management systems with protocols supported by Liberty Alliance

Microsoft will participate in a meeting later this month with vendors and organizations that are backing several different identity management systems, an indication that cooperation between the software giant and its peers is improving.

The meeting, part of an initiative called the Concordia Project, strives to improve interoperability between Microsoft's CardSpace and OpenID, two identity management systems, and protocols for identity management supported by an industry trade group, the Liberty Alliance, said Roger Sullivan, president of its management board.

Vendors will hear from companies such as General Motors, Boeing, and AOL about how they're trying to integrate various identity management systems into their operations, Sullivan said.

"Many of these protocols today are very geek-centric," said Sullivan, who is also vice president of Oracle's identity management section. "They're not very people-friendy."

A major issue is how vendors can use different authentication mechanisms in their operations. For example, a financial planning Web site could allow users to forecast how much their retirement fund may be worth in 30 years. Eventually, the user may want to buy a service from the financial planner and migrate that same data to an environment that uses stronger authentication, Sullivan said.

This means there would need to be more interoperability between the protocols used by OpenID, CardSpace, and Liberty-enabled applications.

"I would more expect that we will have nuanced changes or extensions to existing protocols to enable the interoperability," Sullivan said.

The Concordia Project, set up by the Liberty Alliance, hopes to release its first set of open standards by the end of the year, Sullivan said

Microsoft said in February at the RSA Conference it would integrate CardSpace and OpenID, an open-source standard for logging into Web sites.

The work would help mitigate potential security risks, such as so-called "man-in-the-middle" attacks, where a hacker can intercept identity information as it's in transit to a Web site, officials said. Novell is also working with Microsoft on InfoCard Selector, a so-called "digital wallet" for handling identity information.

Microsoft's commitment to the Concordia project shows it has realized the importance of interoperability, said Graham Titterington, principal analyst at Ovum.

"Microsoft has already come a long way in terms of 12 months ago," Titterington said. "It's not a surprising development as a year ago I think it would have been."

The meeting will take place on June 26 at Catalyst 2007, an enterprise IT conference in San Francisco.

Copyright © 2007 IDG Communications, Inc.

How to choose a low-code development platform