Microsoft's directory team forced to reconsider ignored standards

Company’s recent statements to be more open putting pressure on software development

Recent proclamations by Microsoft CEO Steve Ballmer that the company would move toward interoperability and support for standards is putting pressure on the head of the company's directory and identity development to reconsider support for industry standards such as SAML that have been long ignored.

CHICAGO -- Recent proclamations by Microsoft CEO Steve Ballmer that the company would move toward interoperability and support for standards is putting pressure on the head of the company's directory and identity development to reconsider support for industry standards such as Security Assertion Markup Language that have been long ignored.

Joe Long, general manager of the connected identity and directory at Microsoft, said during a panel discussion at NetPro's Directory Experts Conference that Microsoft was being forced to re-examine if it would support SAML, the Service Provisioning Markup Language (SPML) and the Extensible Access Control Markup Language (XACML).

"Microsoft has introduced an interoperability promise and we are trying to understand the ramifications of that," Long said. "Hopefully we can make a commitment one way or the other in the next few months."

Long was referring to a major announcement CEO Steve Ballmer made in February in which he laid out four principals that would govern the company going forward: openness, data portability, support for industry standards and interoperability for IT and open source developers. As part of the announcement, Microsoft also made many of the APIs for its major enterprise software available for free and said it would document how it implemented standards and the extensions it created to those standards.

Microsoft already supports the SAML 1.1 token format but does not support the SAML request/response engine that it is part of the specification. It also does not support SAML 2.0. The Liberty Alliance and the Shibboleth identity project support SAML.

Microsoft supports WS-Federation, a specification it created with IBM and sent to the Organization for the Advancement of Structured Information Standards for standardization. WS-Federation unlike SAML splits the request/response engine and the token format allowing it to support many token formats.

Long's comments came a day before Microsoft's Stuart Kwan took the DEC keynote stage and explained that standards were a key cog in building an "identity bus" for identity systems that applications could plug into. (See story here.)  

When Long was asked by an audience member if Microsoft planned to support the SAML request/response engine, he said. "I am not prepared to answer that."

Later when he was asked if support for SPML was on the road map for Microsoft's Identity Lifecycle Manager, which will get a version 2.0 upgrade in the second half of this year, Long said: "We are committing to interoperability." He headed off the anticipated questions about XACML support by saying he was looking into that also.

When asked what was so hard about deciding to read XML, Long shot back, "It is supporting them and committing to them forever. The reality is that when these technologies show up in products they come with an architectural model and we have to understand holistically how that impacts us."

Some said that support for these standards and others is a long time coming and Microsoft should make the commitment.Network World. "Interoperability is the key. As a user I want support on all my platforms.

"It is way past the time they should be considering this. They are protocols. It is just a way to talk," says Dave Kearns, an author, blogger and online columnist for

Learn more about this topic

 
From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies