Microsoft has found a partner in its efforts to recruit enterprise customers to embrace its single sign-on service Passport behind the corporate firewall.
A maker of network identity management software called OpenNetwork Technologies Inc. said Tuesday that it will retool its DirectorySmart product later this year so that companies who use the software for authenticating users in a network will also be able to sign on automatically to any application or Web site that supports Microsoft's Passport authentication service.
OpenNetwork, based in Clearwater, Florida, offers a version of DirectorySmart that allows its customers to build a single sign-on service for accessing a variety of applications within an enterprise. The software manages the identity of users and sets policies for what they can access based on certain credentials.
DirectorySmart runs on top of Microsoft's Active Directory software but allows customers to manage user identities and policies for accessing applications from various vendors including BEA Systems Inc. and IBM Corp., as well as open source products such as the Apache Web server. It does this by way of software plug-ins which are installed on a Web server, application server or Web portal, allowing those to talk to Active Directory.
OpenNetwork now says it will offer addition plug-ins to extend support to any software or service that uses Passport for user authentication, according to Kurt Long, president and chief executive officer of OpenNetwork. That support also extends to Microsoft's BizTalk Server, Commerce Server and Content Management Server.
The company will create compatibility with Passport by employing Microsoft's implementation of a standard authentication protocol known as Kerberos. That standard, developed by researchers at the Massachusetts Institute of Technology, can be used to verify who users are when they sign on to a password-protected Web site or application.
Currently, OpenNetwork uses its own method for allowing users to be authenticated across various parts of a network, said Bob Warner, vice president of product engineering at OpenNetwork. "We would do the same thing, only utilizing the Kerberos credential used with Passport," he said.
Microsoft has published the technical specifications for its implementation of Kerberos so that other companies can adopt it in order to make their single-sign on services compatible with Passport. However, Microsoft has yet to integrate it fully into the next version of Passport, Warner said. Like any company that attempts to be compatible with Passport, OpenNetwork will have to wait to roll out its new software until Microsoft has completed its effort.
"We're just now in the research and development phase," Warner said. The company expects to release a beta of DirectorySmart that works with Passport before the end of the year, around the same time Microsoft is expected to integrate Kerberos into Passport.
The sign that Microsoft's partners may be ready to support Passport in "federated" services -- those which provide a common technology for authenticating users across multiple applications and Web sites -- comes as the debate rages over who should control user profiles on the Web and within corporate networks. The term federated as Microsoft uses it means that any of those that employ the Kerberos implementation will be compatible.
A competing effort is under way to create a separate federated system through an industry consortium known as the Liberty Alliance Project, which is headed by Sun Microsystems Inc. Its members include Cisco Systems Inc. and AOL Time Warner Inc. That group is developing a standard protocol that companies would be able to adopt to make their single sign-on systems compatible with one another, but has yet to announce details for the plan.
The concept of a single piece of technology to authenticate users across the growing number of networks and Web sites is a lofty goal, according to most analysts and users.
"One thing you find very quickly in this space is that there is no one standard for everything," said Rick Spiekelmier, chief technology officer of Extensity Inc., a vendor of software used for managing employee services such as expense reports, time cards and travel planning.
An important element of Extensity's software is identity management. However, most of its customers have yet to employ a global identity system that links all of its employees and corporate partners in one directory, Spiekelmier said. Of those that are beginning to install a network identity platform, there is no common denominator of technology that is used for authentication.
"The end result is we end up having to support everything," he said.