Microsoft Readies Identity Integration Server SP2, 'Gemini' Upgrade

At Tech Ed 2005, Microsoft said it is building out its Microsoft Identity Integration Server (MIIS) platform--formerly known as Microsoft Metadirectory Services (MMS)--to offer improved security and operational efficiencies, better enable online business transactions and help customers meet regulatory requirements such as Sarbanes-Oxley and HIPAA.

In 2006, Microsoft plans to release MIIS SP2, which will bring self-service password reset for end users and a new ERP Management Agent (MA) for integrating SAP and PeopleSoft identity information into MIIS, said Andreas Luther, group product management for MIIS in Microsoft's Identity and Access Group. MIIS SP1 and Resource Kit v 2.0, both released in late 2004, provided password synchronization, a Provisioning Wizard and basic workflow application that demonstrated how to build workflows in MIIS, according to Microsoft.

Yet that's just the beginning of Microsoft's identity management and access plans, Luther said. Further out, in the Longhorn Server time frame, Microsoft plans to release its Gemini version of MIIS. The upgraded server, slated to come out in 2007, or about three months after Longhorn Server ships, will offer core functionality required for process integration services, including rich workflow, centralized auditing and reporting, codeless provisioning, self-entitlement management and a self-service platform, he said.

The platform allows corporations to manage identity data--such as account information, passwords, configurations and access rights--stored in heterogeneous directory services throughout the enterprise. Microsoft acquired ZoomIT and its metadirectory platform in 1999 and renamed it Microsoft Metadirectory Services. It was released as Microsoft Identity Integration Server 2003 Enterprise Edition in 2003.

Identity management is crucial to enabling B2B transactions between companies and their partners and suppliers. In Microsoft's world, B2B will get a big jump-start later this year with the R2 release of Windows Server 2003, which offers Active Directory Federation Services. MIIS, for instance, will work with the Active Directory Federation Services to enable cross-company identity management and authentication.

"MIIS will offer a complete password management story, with powerful workflow and business process integration," Luther said, adding that there needs to be strong safeguards to protect companies that engage in B2B transactions. "When you federate with partners, you have to manage user accounts. If you create accounts for partners, what if your partner doesn't tell you that an employee leaves?"

The Gemini provisioning capability is an integrated toolset that will manage the life cycle of digital identities and entitlement, Luther said. The enhanced provisioning will offer automated deprovisioning of accounts and centralized auditing of access to resources. He added that the unified Gemini workflow engine and model will enable full workflow support for provisioning and allow for the development of end-user self-service applications.

"It will give you a UI for defining rules when and where entitlements are created, and there's no more coding required," Luther said. "It's ready-to-use, out-of-the-box, self-service and compliance checking."

Microsoft also will include process integration services so companies can provision and provide life-cycle management services for all digital objects, including files and SharePoint, for example, Luther said. Identities include resources and policies as well as files. The Gemini release, too, will offer tight integration with Visual Studio 2005 for developing self-service applications and group management improvements, including support for multiple forests, creation of computed groups based on business rules and autogroup creation.

Identity management and access has become a hot industry topic, with major software vendors such as Sun Microsystems, Novell, Red Hat and Citrix Systems marketing platforms for managing user and object identities and access to network resources.

John Parkinson, chief technologist of the Americas region at Chicago-based integrator Capgemini, said the MIIS platform will help drive digital supply chain, B2B and digital rights management software adoption.

"IAS [Internet Authentication Service] is a critical component of a lot of things, especially in a heterogeneous world. By breaking these services out of Active Directory and making them available to any process that needs to authenticate itself or its user, you can build a very robust, scalable and manageable identity and permissions management platform," Parkinson said.

"IAS allows an externally trusted or more weakly authenticated party to have access to your data or processes without knowing how your internal securing mechanisms work," he added. "This is a much stronger architecture than the simple token-passing schemes that were implemented in previous Microsoft products."

In the Gemini time frame, Microsoft also plans a "generic" LDAP Management Agent that will support OpenLDAP to consolidate different vendor implementations of LDAP, Luther said. Novell's implementation of LDAP for its eDirectory is different from IBM's LDAP implementation for its directory service, so a unified management agent is necessary for integrating these identities, he said.

MIIS SP2, due out in the second quarter of 2006, also will provide support for Microsoft Speech Server to enable phone password rest, and it will be integrated with SmartCards, according to Microsoft. And this summer, the company plans to ship two new agents for mainframe systems. MIIS features Management Agents that plug into the identity server repository.