Can Microsoft bridge the Web services trust gap?

Microsoft will have to develop significant level of trust among end users if its TrustBridge software is to succeed, analysts...

Microsoft will have to develop significant level of trust among end users if its TrustBridge software is to succeed, analysts have claimed.

The software, announced this week, will allow organisations to share information stored in computer systems more easily with business partners and customers, but Microsoft struggled to win user confidence for its Passport and Hailstorm initiatives.

However, Microsoft's new-found federated approach could encounter resistance if it is largely geared toward Microsoft Windows and Active Directory environments, analysts said.

Codenamed TrustBridge and scheduled to be available next year, the software allows organisations using the Windows operating system to share user identifies across business boundaries via XML Web services protocols, according to Adam Sohn, Microsoft's product manager of .net platform strategy.

A provider of human resources services, for example, could give its customers access to its systems by sharing user identity data.

Users of Microsoft's Active Directory service would be able to use TrustBridge to recognise and share user identities with other organisations running Windows or any other identity infrastructure that supports Kerberos 5.0, Microsoft said.

Kerberos is a standard security protocol developed at the Massachusetts Institute of Technology (MIT).

"Supporting other environments outside of [Windows] would be essential for any kind of business federation to work," said analyst Dana Gardner, research director for messaging and collaboration services at Aberdeen Group.

"[TrustBridge] looks like it is only federating Active Directory to Active Directory. [If that's the case] it will not be of much use to people who don't use Active Directory."

Competing against Microsoft's network identity model is the Liberty Alliance, spearheaded by Sun Microsystems. The Liberty Alliance plans to release the first phase of its specification, which is expected to create a federated network identity and authentication sharing mechanism, this summer.

Last week, the Liberty Alliance announced that SAP, Cingular Wireless, and i2 Technologies had joined its ranks as sponsors. Industry giants such as AOL Time Warner, General Motors, Hewlett-Packard and American Express serve on Liberty's management board.

Gardner said the federated approach quickly resonated with large companies that were apprehensive that Microsoft could use Hailstorm and Passport as a Trojan horse to their customers, leaving them with little choice but to bounce all transaction information through the software giant.

"The federated approach caught fire, where you got to keep your customers and I could keep mine but we shared just enough information through the directories."

The Liberty Alliance means businesses can "co-operate without giving up the goose that laid the golden egg, namely the relationship with the customer", Gardner remarked.

"Microsoft has to come back and show that it has a federated approach and can be a trusted third party, rather than an untrusted monopoly that, potentially, could get between you and your customer," Gardner added.

TrustBridge springs from Web services security work Microsoft has been doing with IBM and VeriSign. The companies developed a specification, called WS-Security, which describes how to exchange secure and signed messages in a Web services environment.

In addition to TrustBridge, Microsoft announced yesterday that its Visual Studio .Net developer package will be updated later this year to include support for digital signatures and encryption for messages sent using Soap (Simple Object Access Protocol) following the WS-Security specification.

Read more on Web software