Microsoft Corp. finally placed a definitive stake in the lucrative identity management market Wednesday by unveiling a revamped version of its Meta Directory product, dubbed Microsoft Identity Integration Server 2003.
In conjunction with its new offering, Microsoft also introduced "Identity and Access Management Solution Accelerator," a new set of prescriptive guidelines created with Pricewaterhouse Coopers LLP to help customers build and test identity management infrastructures. Partnerships with Oblix Inc. and OpenNetworks Technologies Inc. will help extend Microsoft's reach to cross-platform levels as well.
Microsoft Identity Integration Server (MIIS) improves upon the software giant's Meta Directory Server through the addition of new features including automated account provisioning, the synchronization of identity information, and Web-based self-service password management capabilities, said Michael Stevenson, lead product manager for Windows Server Division for Microsoft in Redmond, Washington.
As part of its fledgling identity management strategy, Microsoft rolled out new offerings for Windows Server 2003, which will appear by the end of the third quarter.
For customers desiring a directory service to provide application specific information toward applications developed in-house, Microsoft announced its new Active Directory in Application Mode (ADAM). Stevenson said ADAM will allow customers to deploy Active Directory as a LDAP directory service for application-specific data while using their distributed Active Directory infrastructure for single-sign-on.
Also, Windows Server 2003 will include the Identity Integration Feature Pack for Windows Server Directory, and Directory Services Mark-up Language version 2.0 (DSML v.2). The added capabilities will let developers represent directory structural information and directory operations as XML documents.
In addition, Microsoft plans to introduce Microsoft Audit Collection System in the 4th quarter of 2003. A key component of Microsoft's identity management strategy, the product will enable customers to consolidate security event logs into a single location to offer intelligence capable of identifying a users' access. As part of the announcement, Microsoft will also announce support and partnerships for Microsoft Identity Platform.
Stevenson said customers faithful to Windows Server as their central identity platform will be rewarded by carrying the investment forward through Microsoft's aggressive Web services security development -- spearheaded by its WS-Security roadmap focusing on interoperable trust and identity services, standardization -- and be able to use the software as a federated ID tool.
Because of its position as one of the major stores of identity information for employees, and because it moves that data via the Web to partners and e-commerce customers, Microsoft recognizes the need to move beyond Meta Directory synchronization to apply rules-based provisioning and password management, said Johnathan Penn, analyst for Cambridge, Massachusetts-based Forrester Research.
"People today, when they're serving their employees (utilizing directories), they're doing so in a way that is inefficient and isn't standardized. It's error prone and there's very little auditing involved," said Penn. "If they want to try to do that for business partners and customers they're going to need audit trails and compliance, accuracy, and better service through making changes faster and providing ways to empower the users to make changes themselves that are reflected instantly."
Penn said vendors equipped with broad portfolios pushing identity management, such as IBM Corp. and Novell Inc., are sorely lacking tightly integrated products despite advertising otherwise.
Among the companies lining up behind Microsoft to court ID management dollars include Oblix Inc. and OpenNetwork Technologies Inc., highlighted by announcements from each company on Wednesday.
Oblix said that its NetPoint identity management software would fully support Microsoft's identity management architecture including Active Directory and the MIIS 2003 product. Oblix's NetPoint product enables user data stored in Active Directory to be used for enterprise-wide identity management on corporate intranets and extranets, Oblix said.
"We support Microsoft's authorization manager, which allows our access server to manage (Microsoft's) authorization manager. That will be available as part of Windows Server 2003," said Prakash Ramamurthy, vice president of products and technology for Oblix in Cupertino, California. "So if you've already defined policies and rules in authorization manager, you can use our access server to point to and evaluate those policies."
OpenNetwork Technologies also announced that it is teaming with Microsoft to offer support for MIIS via OpenNetwork's Universal Identity Platform (IdP) 5.0. If customers build their infrastructure within a pure .Net environment, IdP uses ADAM and MIIS for back-end integration to the mainframe, according to Adrien Ransom, vice president of marketing and alliances for OpenNetwork in Clearwater, Florida.
"Any type of environment or resource that user is trying to access that is not supported by the MIIS engine our 'broker' will pick it up and extend to that their framework," including Rack F, and WebLogic and WebSphere on the back-end, noted Ransom.
(Brian Fonseca is a staff writer at InfoWorld.)