Skip Links

Microsoft switching SharePoint to claims-based authentication

By , Network World
October 16, 2007 09:08 AM ET

Network World - Microsoft is replacing the authentication system for SharePoint Server and plans to make the collaboration platform one of the first of the company’s marquee applications to rely on a new claims-based identity model.

The goal is to have SharePoint incorporate an authentication model that works with any corporate identity system, including Active Directory, LDAPv3-based directories, application-specific databases and new user-centric identity models, such as LiveID, OpenID and InfoCard systems, including Microsoft’s CardSpace and Novell’s Digital Me.

SharePoint will lose the rigid authentication system it has today in favor of using claims about a user, such as age or group membership, that are passed to obtain access to the SharePoint environment and to systems integrated with that environment.
Claims could be built dynamically, picking up information about users and validating existing claims via a trusted source as the user traverses a SharePoint environment.

“We don’t want to come up with another, or the next, authentication system for SharePoint,” says Venkey Veeraraghavan, senior program manager lead for Office SharePoint Server.

Veeraraghavan said Microsoft settled on a claims-based system because it is flexible and designed for heterogeneous identity environments. “It allowed us to invest in one place [SharePoint] and know that we can credibly say we work with multiple systems, especially as they are woven into what we’re calling a Metasystem. We want to continue to work on making SharePoint useful to our customers, not spend a lot of time integrating with each and every identity system one-by-one, or worse, not do it because of resource concerns.”

Veeraraghavan provided a glimpse of Microsoft’s work during a panel session at last month’s Digital ID World conference. Claims are a set of statements that identify a user and provide specific information.The claims are used by systems to make such decisions as who gets access, who can retrieve content or who can complete transactions, according to Microsoft officials.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News