An interesting move! Experts say that right now SharePoint is fairly limited with authentication. You can use NTLM (ancient and inefficient), Basic (used with SSL and the clear-text passwords are SO not good) or Kerberos (complex to configure, but better performance) or use MS Single Sign-On. This new move sounds like a great way to open up their collaboration platform to third party options, which are what most companies use. Experts say that the MS SSO model isn't very popular with users, so maybe Microsoft felt pressured to make this change in the SharePoint world to appease a large client. The story says: "Microsoft is replacing the authentication system for SharePoint Server and plans to make the collaboration platform one of the first of the company’s marquee applications to rely on a new claims-based identity model."
More Microsoft Subnet blog posts
Microsoft connection found in first Linux lawsuit
10 funniest Microsoft YouTube videos
Detecting and patching mutating wormsVisit Microsoft Subnet for more news, blogs, opinion from around the Web.
Subscribe to all the Microsoft Subnet bloggers.
The Microsoft Subnet blog is the official blog of the Network World's Microsoft Subnet community, managed by editor Julie Bort. Microsoft Subnet is the independent voice of Microsoft customers and is your gateway to daily Microsoft news, blogs, opinion, books, prize giveaways and more. Visit the Microsoft Subnet index page daily, and while you are there, subscribe to the Microsoft newsletter. The newsletter includes news generated by the Microsoft Subnet community as well as other Microsoft news stories published by Network World.
|
|
in a nutshell, M$ is greatly
in a nutshell, M$ is greatly increasing interoperability. Nice, even if 7 years too late (Active Directory should have been way more compatible with other authentication systems from the start). Hope this trend continues.
Claims based authentication?
So what’s new . . not much, apparently.
The long-standing IAM definition of any Authentication is “the process of establishing an Identity to be used in a particular instance, by verifying an assertion or claim, such as to be a particular identity or a member of a group that usually requires some form of proof, using one or more credentials or attributes.”
em>-
There are numerous existing ways of delivering the results of a Claim to a relying party, for example:
1. HTML / SAML (push) where the claim in embedded in the http header, but is lost if the service provider or page is unavailable.
2. Web Services (pull) that can be called using other SOA processes, but is unavailable if the identity provider is down.
3. Message Queues (look it up on Wikipedia) that guarantee delivery regardless of the receiving application being up or not, for later delivery (hence the queue). See MSMQ, IBMs Websphere MQ, Oracle’s AQ, Java JMS) and others.
As regards the Reliance on the claim, that is also covered by long-standing IAM definitions.
Here’s how the degree of doubt or risk works in the existing IAM world:
-
And the use of the word “Bus” for a subsystem that transfers data between computers is also a long-standing IT definition.
Perhaps what’s new is MS recognizing that the rest of the IAM world has “been there, done that” ?