Microsoft releases first public beta of identity management server

ILM 2.0 ship date slips into early next year

Microsoft Tuesday filled in the blanks on its delayed identity management scorecard by releasing the first public beta of Identity Lifecycle Manager 2.0.

The news came in the opening keynote of the company's annual TechEd conference, which is being hosted in Orlando this week.

Bob Muglia, Microsoft's senior vice president of the server and tools business, hit again on the theme of dynamic IT, Microsoft's 10-year plan to automate management of the data center and desktop, just like he did more than a month ago at the Microsoft Management Summit. Dynamic IT was previously called the Dynamic Systems Initiative.

Muglia also made several announcements around virtualizations, a foundation technology in the company's bid to automate systems management.

He also finally unveiled the Beta 3 of ILM 2.0, the first public availability of the software  that was supposed to ship in February at the RSA Conference. (Compare Identity Management products.) Muglia made no mention of that delay and slipped in another, pushing out the final ship date if ILM 2.0 to the first quarter of 2009.

He did say, however, that identity management is key for all businesses.

ILM is Microsoft's platform for identity synchronization, certificate and password management, and user provisioning. It was originally called Microsoft Identity Integration Server and was the company's meta-directory technology, which it purchased from Zoomit in 1999.

"One of the most critical aspect for all business is managing their identities within their organizations," Muglia said. "And as we move forward to where you use services to run part of your business, managing your identities across multiple service providers becomes a challenging problem. Federation is a key issue to make sure that the credentials of users are always kept up to date.”

Muglia showed a demo centered on managing a business workflow process to create a new user identity and provision the user for access to groups, distribution lists, services and Microsoft and third-party applications. The results were distributed throughout the workflow process via integration with Outlook.

Microsoft also highlighted self-service tools that let users reset their own passwords and manage their profiles.

Missing is support for Microsoft's CardSpace technology, a user-centric identity system that puts users in control of their own identity information via a set of information cards. It is designed to give users identities tailored for use on the Internet or intranet depending on the sensitivity of the data they are accessing.

User-centric systems also include models such as LiveID, OpenID and Novell's Digital Me.

Microsoft said it plans to eventually tune ILM to manage CardSpace identities.

"That is absolutely part of the strategy," said Doug Leland, Microsoft's general manager for the identity and access division.

"Today, CardSpace is predominantly positioned as a consumer offering, but as we move forward with ILM we will look for the opportunity to bring it into the enterprise."

Microsoft is also contemplating support in ILM for the Service Provisioning Markup Language (SPML), but there is no concrete timetable. In April, Joe Long, general manager of the connected identity and directory at Microsoft, would only say about SPML support, "we are committing to interoperability."

Despite those exclusions, ILM 2.0 has four areas of focus: policy, credential, user and group management.

"This is a major step forward for us," Leland said, adding that Microsoft has built ILM to function as a Web service so developers can build applications on top of it such as enhanced smart card management.

ILM's policy-based management gives users workflow to build identity-based policies, using ILM 2.0 or Visual Studio tools, that can be enforced, logged and audited. The certificate capabilities support management of third-party certificates, and the new user management features let IT automate and reuse provisioning tasks. Improvements in group management provide the ability to create and manage membership and approval processes.

In addition to ILM, Muglia also showed a demo of Kidaro, a technology that lets IT administrators manage and deploy virtual PCs out to user desktops. Users can monitor the health of virtual machines, run reports, look at images and set policies for different user groups.

Microsoft has rebranded the Kidaro software as Microsoft Enterprise Desktop Virtualization and will release it in the first half of 2009.

Learn more about this topic

 
From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies