I always thought the "HailStorm" code name for Microsoft's .Net My Services was a little harsh--after all, no one wants to be caught in an icy downpour.
Apparently, enterprises felt the same way and ran for cover when Microsoft suggested it would be happy to maintain their customers' identities for them. According to .Net Product Manager Adam Sohn, the message Microsoft got from enterprises was loud and clear: "We don't want this dependency. Ever."
But Sohn argues that Microsoft had always seen the ASP version of My Services as a "first step," after which Microsoft "would begin to bring other instances online that were run by other folks." So now Microsoft plans to forget that step, and offer My Services as server software for enterprises. This will enable developers to create collections of "user-centric" Web services--personalized Web apps for enterprise employees as well as for consumers.
And Passport, once seen as the sole authentication mechanism for My Services, will not tag along. "We're not suggesting that Passport is going to be the login of the enterprise," says Sohn. "That's not what Passport was designed for." Instead, Microsoft now concedes that Passport will simply be one of several consumer authentication services on the Internet.
However, notes Sohn, interoperability among multiple authentication services is vital to preserving the dream of a single sign-on that delivers instant access to Web services across the Internet. In this federated model, enterprises can "have their services talk to each other in a super-rich way, which we think derives more value from customers," he says.
What's striking about all this is that it sounds remarkably like the identity scheme already under development by the Sun-backed Liberty Alliance: build from the enterprise out, beginning with internal directory services and ending with consumer identities and their associated Web services. In this model, enterprises never need to depend on a company outside the firewall to access their own user information--and consumers can build online identities through banks, credit card companies, or other institutions they already trust rather than forking over their vitals to Microsoft or some other interloper.
"We are working towards the same goals as the Alliance," confirms Sohn. Once bitterly opposed to the Liberty Alliance--which Redmond dismissed as a vehicle for Sun to bash HailStorm--Microsoft has warmed to the new Alliance chairman, United Airlines CIO Eric Dean, who appears to have jettisoned politics in favor of hammering out usable specs (although the Alliance has yet to release any). In fact, says Sohn, "We may actually end up joining [the Liberty Alliance] down the line."
Sohn also holds out hope that the Liberty Alliance will adopt WS-Security, a specification released last week by Microsoft, IBM, and VeriSign that describes how to implement a range of existing authentication and encryption schemes for Web services over SOAP. Various WS-Security sub-specifications address privacy, federation, trust, authorization, and more--elements of which Microsoft will incorporate into Passport at some later date, according to Sohn.
When Microsoft first announced HailStorm a year ago, the company was right on target in emphasizing identity as the first major building block of Web services. Without it, truly innovative Web services simply aren't possible, because distributed Web applications require the ability to spread user authentication across multiple endpoints (a calendar here, a set of commerce preferences there, and so on). Yet along the way, Microsoft has learned the obvious: Neither enterprises nor consumers are willing to cede more identity information than they have to.
Microsoft's decision to embrace the federated model is good for everyone--it would have been tragic if identity had split into warring camps and slowed the adoption of Web services. Even better, perhaps, is the fact that to enjoy the benefits of innovative new Web-based applications, you're now far less likely to be forced into sharing user information with Microsoft.
Do you think Microsoft will or should join the Liberty Alliance? What would happen to identity services if it did? E-mail Eric or TalkBack below.
