An industry consortium this week plans to demonstrate a specification for desktop policy enforcement that has been a year in the making.

The Trusted Computing Group's (TCG ) specification, which is scheduled to make its debut at Interop in Las Vegas, offers a way to conduct integrity checks of desktop computers, such as requiring anti-virus or software patch updates before granting network access. While this capability exists in some products, the Trusted Network Connect (TNC) specification is the first attempt to define an open standard for it.

Some consortium members, including Funk Software, HP and iPass, will show how the specification works through software interoperability demonstrations over an HP ProCurve Switch-based LAN.

"Interoperability is important to minimize the ways we have to do this, which today requires custom development with anti-virus vendors and others," says Barbara Nelson, director of advanced technology at iPass, which makes software called Endpoint Policy Management to check desktops for missing anti-virus and software patches.

If the network industry can coalesce around a common way to do integrity checks, it will promote use of the technology, she says.

At this week's demonstration, iPass plans to show how its desktop Endpoint Policy Management software can collect TNC-related information about anti-virus and patch updates on a desktop. The information then will be forwarded to a TNC-capable authentication server from other vendors, such as Funk and Meetinghouse Data Communications. These servers, with added TNC-based code, will evaluate desktops to determine if they should be granted network access.

Paul Crandell, network security program manager at HP, says TCG will work to further develop the basic TNC architecture so that more-complex policy decisions associated with remediation can be enforced through network equipment.

"The switch will be the policy-enforcement point," Crandell says. "And interoperability will mean you can use more than one vendor's products."

Several companies involved in this week's demonstration say they plan to include TNC functionality in future products.

Dan Ratner, director of product management at Meetinghouse, says the company expects to include TNC in its Aegis client and server authentication products by the fourth quarter. "It's an opportunity to extend the products so while we're doing the authentication we can also allow the integrity checking to occur," he says.

Funk plans to include TNC as part of its Steel-Belted Radius Server and Odyssey Client by mid-May. InfoExpress expects to add TNC to its CyberGatekeeper Policy software in the summer.

TCG member Microsoft two weeks ago endorsed the new specification, promising to align its fledgling Network Access Protection effort with it. Microsoft also last year said it would align with another industry effort, the Cisco Network Admission Control (NAC), which is well underway with 40 anti-virus and policy-enforcement software vendors, including TNC backers iPass and InfoExpress. Cisco says it has no plans to join TCG or implement its new specification.