Microsoft is planning to sync its Active Directory with its Live Web-based services to give users single sign on for applications and services both inside a company network and on the Web.
The plan will be made possible through Windows Live ID, formerly Microsoft's Passport service, though the company has not set a time line for when the functionality will be available, Michael Stephenson, director of product management for identity and access at Microsoft, said on Tuesday.
Microsoft Chief Software Architect Ray Ozzie briefly mentioned the plan to allow for federated network identity between Active Directory and Microsoft's Live online services during a keynote at the Tech Ed conference in Boston last week. He framed it as part of Microsoft's plan to bridge the gap between the more consumer-oriented Live services and enterprise services that company plans to offer to business customers. However, Ozzie did not give many details on how the service would work.
According to Stephenson, Windows Live ID, available now, is the mechanism for federating user identity across all of Microsoft's Windows Live services. Eventually, Microsoft plans to link Windows Live ID to Active Directory so when a user signs in to Active Director to access services within a company's network, he or she also will be automatically signed in to Live services, such as Windows Live Messenger, Office Live and other Web-based services.
"The goal is to have transparent and secure access of these services without the creation of a separate network identity," he said.
Coordinating identity between online services and Active Directory is not a new concept, said Matt Rosoff, analyst with Directions on Microsoft. "Microsoft has been talking about federating Active Directory and Passport for at least three years, and I don't know what kind of progress they've made," he said.
Passport is currently a way for users to authenticate themselves across various Microsoft consumer services, but it never really lived up to the vision Microsoft had for it, Rosoff said. Microsoft had hoped that third parties would pay the company to authenticate their Web-site users through Passport. But Rosoff said that it really didn't fly with companies because the data they collect by signing up users to their Web sites is valuable to them.
"Most companies looked at it as, 'We can handle authentication,'" he said.
However, services such as Windows Live Mail could add a new dimension to Microsoft's current plan to sync up Active Directory and the former Passport service, Rosoff said. "It might pave the way for things like allowing corporations to use Windows Live e-mail to host their corporate e-mail," he said.