Gates and Chief Research and Strategy Officer Craig Mundie outlined a plan Tuesday during their RSA Conference...
2007 keynote for enabling safe, granular access to data via a combination of certificate-based authentication over IPv6 networks, digital rights management to protect documents and data, and a move to smart cards and away from passwords to secure identities online.
"We're seeing the need for everything he talked about, but executing and converting it all to reality; that's the difficult part," said David Porubovic, security engineer with Marriott International. "It's the right direction, provided that it can be implemented, it's cost effective, transparent to the user and easy to manage. That's the big headache."
While the joint keynote was heavy on strategy, it also served as a moment of transition for Microsoft. Gates' impending departure from a full-time role at Microsoft in 2008 has thrust the spotlight on others like Mundie and Ray Ozzie, Gates' successor as chief software architect. Mundie said Tuesday it will be his task to carry out the Trustworthy Computing initiative, which turned 5 years old this week. The initiative spawned Microsoft's Software Development Lifecycle (SDLC); the Windows Vista operating system, released last week, and Office 2007 are the first two products to emerge from the SDLC.
Carrying the bulk of the keynote in front of a full house, Mundie explained that as network boundaries evaporate and connectivity is extended to partners, suppliers and customers, the paradigm of assigning permissions based on a network topology isn't viable anymore. Inverting that paradigm means creating a simple mechanism that enables trust and interoperability via granular, standards-based permissions.
Resting the future on IPv6, NAP
He and Gates prescribed an eventual migration to IPv6 where endpoints would be authenticated and authorized via IPsec.
"We need more granularity where we trust only this application or this person on this application, and do it in a world where everyone is connected over the Internet," Mundie said. "We have to move to a way to describe these things by policy, not topology, where you have permission to get at a particular network segment or IP address, but not another. Today, the demands are not only for more flexibility, but to extend permissions to parts of the network you don't control."
Porubovic, however, said IPv6 migrations may take years.
"How is that going to play into Microsoft's strategy to tie it all down with IPv6?" he said. "That's the challenge there."
Using IPsec, Mundie said, essentially certifies that identities at both ends of a connection have been granted permission. "It says that no matter the topology or physical boundary, you can specify policies and logically enforce them rather than physically enforce them," Mundie said.
Network Access Protection (NAP), which will be integrated in Longhorn server -- due this fall -- is a big part of this paradigm as well, issuing what Gates called a health certificate to systems requesting network access that are up to date with patches and meet other configuration requirements, or quarantining their access until problems are remediated.
"The capabilities are there; what's missing is ease of administration," Gates said. "With NAP, [system] health is going to be an interesting question. One company's determination of what is healthy is going to be different than others."
Digital rights management, document encryption and security that is built into hardware were front and center on the protection front. Gates touted Microsoft's BitLocker hard drive encryption feature, embedded in Vista and Longhorn, as a means of securing data at rest, and the rights management infrastructure built into Exchange and Sharepoint that enable administrators to prescribe behavior about an email message or attached document.
Passwords still going away
Gates, meanwhile, has long touted the demise of passwords, and Tuesday's talk about IPsec certificate-based identity management furthered that agenda. Gates said last year's introduction of InfoCard, a Windows feature for managing digital identities, later renamed CardSpace, was a milestone in the migration away from passwords. He announced that CardSpace will support OpenID 2.0, a decentralized framework for digital identities. CardSpace stores identities and provides a GUI for choosing an identity for a particular transaction.
"This marriage of CardSpace and OpenID 2.0 eliminates man-in-the-middle attacks," Mundie said. "This is a big step in the right direction. The time is right."
"Creating certificate-based authentication is the right step," said one security engineer at a leading retailer who requested anonymity. "The most common problem in a breach is the insecurity of passwords. There's no way to tell if the person at the other end is truly who they say they are without certificate-based authentication."