Microsoft builds Web services TrustBridge

Microsoft Corp. announced new software on Thursday that will allow organizations to more easily share information stored in computer systems with business partners and customers.

However, Microsoft’s newfound federated approach could encounter resistance if it is largely geared toward Microsoft Windows and Active Directory environments and a significant level of trust — found lacking in the past by many end-users toward Microsoft Passport and Hailstorm initiatives — is not properly established, analysts said.

Code-named TrustBridge and scheduled to be available next year, the software allows organizations using the Windows operating system to share user identifies across business boundaries via XML Web services protocols, according to Adam Sohn, product manager of .Net platform strategy, for Redmond, Wash.-based Microsoft. A provider of human resources services, for example, could give its customers access to its systems by sharing user identity data.

Users of Microsoft’s Active Directory service will be able to use TrustBridge to recognize and share user identities with other organizations running Windows or any other identity infrastructure that supports Kerberos 5.0, Microsoft said. Kerberos is a standard security protocol developed at the Massachusetts Institute of Technology (MIT).

“Supporting other environments outside of [Windows] would be essential for any kind of business federation to work,” said analyst Dana Gardner, research director for messaging and collaboration services at Boston-based Aberdeen Group Inc. “[TrustBridge] looks like it is only federating Active Directory to Active Directory. … [If that’s the case] it will not be of much use to people who don’t use Active Directory.”

Competing against Microsoft’s network identity model is Liberty Alliance, spearheaded by Microsoft rival Sun Microsystems Inc., in Palo Alto, Calif. The Liberty Alliance plans to release the first phase of its specification, which is expected to create a federated network identity and authentication sharing mechanism, in the coming months, according to Liberty Alliance.

Last week, Liberty Alliance announced that SAP AG, Cingular Wireless LLC, and i2 Technologies Inc. joined its ranks as sponsors. Industry behemoths such as AOL Time Warner Inc., General Motors Corp., Hewlett-Packard Co., and American Express Co. serve on Liberty’s management board.

Gardner says the federated approach quickly resonated with large companies who perceived Hailstorm and Passport as a potential threat that Microsoft would do an “end-run around” to snatch their customers, leaving the vendor with little choice but to bounce all of its transaction information off the software giant.

“So the federated approach caught fire, where you got to keep your customers and I could keep mine but we share just enough information through the directories and this Liberty Alliance that we can cooperate without giving up the goose that laid the golden egg, namely the relationship with the customer,” Gardner remarked.

“Microsoft has to come back and show that it has a federated approach and can be a trusted third party, rather than an untrusted monopoly that potentially could get between you and your customer,” Gardner added.

The Aberdeen analyst said he found “conflict” in Microsoft’s efforts to dub a solution “trust” to allow companies to do business and share ID information while offering that model through its own group of set standards. He said a third party — such as a government, regulatory commission, or monetary organization — is required to properly select best-of-breed solutions and decide which standards are required and most appropriate.

TrustBridge springs from Web services security work Microsoft has been doing with IBM and VeriSign. The companies developed a specification, called WS-Security, which describes how to exchange secure and signed messages in a Web services environment.

In addition to TrustBridge, Microsoft announced Thursday that its Visual Studio .Net developer package will be updated later this year to include support for digital signatures and encryption for messages sent using SOAP (Simple Object Access Protocol) following the WS-Security specification.

Also, .Net Passport — Microsoft’s authentication service for the Web — will next year support SOAP over HTTP, Kerberos, and the WS-Security specifications. This will enable .Net passport to federate with TrustBridge and other authentication systems employing WS-Security, Microsoft said.

.Net Server, due to be available to customers next year, will support Passport through Active Directory and the Internet Information Service, Microsoft said.

The idea behind Web services is to allow companies to link their applications to the often disparate systems of partners and customers, regardless of the application type or vendor. Technologies enabling this include XML, SOAP, and UDDI (Universal Description, Discovery and Integration).

Microsoft has been pushing Web services as an important part of its .Net initiative. The software giant was part of a group of industry players that formed the Web Services Interoperability Organization earlier this year. This consortium seeks to make sure that vendors developing Web services products implement standards in the same way.

Pricing or packaging information for TrustBridge was not announced.

Microsoft is online at