• United States

Microsoft server to tackle ID mgmt.

May 05, 20034 mins
Access ControlMicrosoftNetworking

Microsoft has found a new home for its metadirectory, which it will adapt to become the foundation for provisioning software it intends to release in July as part of a push to create an identity management platform.

REDMOND, WASH. – Microsoft has found a new home for its metadirectory, which it will adapt to become the foundation for provisioning software it intends to release in July as part of a push to create an identity management platform.

Microsoft officials confirmed that Microsoft Metadirectory Services (MMS) 2003 Enterprise Edition will be folded into a licensed server that will anchor a provisioning platform that can tie together various user repositories.

The company has referred publicly to the server as Identity Server 2003, but is considering a host of names including Identity Integrator, sources say. Microsoft says it plans to announce the product within the next 30 days, but would not provide details.

MMS 2003 Standard Edition, which is limited to synchronizing separate deployments of Active Directory, will remain as a free add-on to Windows Server 2003.

Provisioning software lets companies automatically create accounts and access rights for new users across many systems and applications, adjust those rights when a user switches jobs, and revoke them when a user leaves a project or the firm. That movement is orchestrated via a workflow between user account repositories and can be audited and tracked. Once established, provisioning software is coupled with access management software for single sign-on to create an identity management platform.

Microsoft is trying to keep pace with rivals IBM, Novell and Sun, which have or have announced products for identity management. Microsoft still has a product gap in the access management market although it has partnerships with vendors such as Oblix and Open Networks.

“Microsoft has finally started to recognize this broader opportunity around identity management,” says Mike Neuenschwander, an analyst with The Burton Group.

Benefits include security, reduced user management costs, especially around password resets, and greater control of who is on the net and what they can do.

“In the long term, however, Microsoft will have to make some adjustments to MMS to be more in line with provisioning capabilities,” Neuenschwander says. Those adjustments include adding better Web-based user management and administration tools, improving password management and synchronization capabilities, and adding workflow and auditing. He says Microsoft is contemplating integration with BizTalk Server.

One key to building out those features is that MMS 2003, which Microsoft acquired when it bought Zoomit in 1999, is the first version of the software that uses Microsoft’s SQL Server as its back-end repository. The database provides more flexibility for adding features and developing applications than the previous one based on Zoomit’s Via, experts say. SQL Server technology, codenamed Yukon also will become the back end for Active Directory in a future release and for Microsoft’s envisioned unified file system.

But Microsoft still faces an issue of standards support. The Organization for the Advancement of Structured Information Standards (OASIS) is nearing completion of the Service Provisioning Markup Language (SPML). Microsoft, which is part of the technical committee, has yet to adopt the specification or commit to an interoperability test among vendors set for July. Industry insiders are whispering that Microsoft might not adopt the standard. IBM, Microsoft’s partner in Web services standard creation, two months ago proposed an alternative to SPML that did not gain any support within the SPML group.

“I can’t see that Microsoft would not support SPML given its work to date,” says Darran Rolls, chair of the OASIS Provisioning Services Technical Committee and technology director for Waveset. “For them to be involved is vital to the industry.”

The first version of Microsoft’s provisioning server will be a rebranding of MSS 2003 Enterprise Edition, which has connectors for many platforms including Windows NT 4, Microsoft Exchange, Lotus Notes, Microsoft SQL Server, Oracle databases, Lightweight Directory Access Protocol directories, Sun and Novell directories, ERP applications, and various file systems.

The new server will be a licensed product, where it had been free as part of engagements with Microsoft Consulting. Pricing will start at $25,000 per CPU.