Microsoft, VeriSign to join for Hailstorm

Microsoft Corp. and VeriSign Inc. announced an agreement Tuesday in which VeriSign will supply extra security for Hailstorm, Microsoft’s set of services that will be included in Windows XP and become the key building blocks for its .Net initiative.

VeriSign will provide security and authentication technology for Hailstorm offerings, which are part of Microsoft’s .Net strategy for the Internet, according to the release. VeriSign will also build .Net into its Internet-based trust services.

Announced last March, Microsoft’s Hailstorm is described by the company as a new XML-based platform that lives on the Internet, and is designed to give users more control over their personal information. Microsoft said it would release a HailStorm beta tool set in the third quarter, with products due out sometime in the first half of 2002.

The service includes Passport, an authentication system that will sign users on to applications and services running on .Net notification and collaboration tools. Passport is included in the upcoming version of Microsoft’s operating system, Windows XP, which will be released on Oct. 25. VeriSign’s deal with Microsoft includes support for Passport, as well as the “HailStorm” notification technology.

There have been questions concerning why companies and organizations should trust Microsoft with all of the data that it would collect from customers who make use of Hailstorm. It was a question that Microsoft CEO Steve Ballmer addressed at the InfoWorld CTO Forum in San Francisco last month.

“More people trust us with their personal information every day than any other company in the world,” Ballmer answered, noting that millions of customers who use the company’s free e-mail service Hotmail store personal information with Microsoft.

But Ballmer did add that Microsoft would likely ease security concerns by taking a “federated approach,” where Microsoft governs corporate partners that can help ensure that corporate and personal data is not compromised [see story – Microsoft may partner for security with Hailstorm].

“We do need partners who will provide value-added security services,” he said in his speech, describing Microsoft’s role in Hailstorm as a middleman. “You will see us partner with third parties.”

Microsoft has partnered with California-based VeriSign in the past, but there have been blunders. Last March, VeriSign admitted to issuing two code-signing certificates bearing the name “Microsoft Corporation,” but the application for them was found to be fraudulent.

The certificates, which were issued in January to someone posing as an employee of Microsoft, could have been used to trick users into installing malicious code onto their computers, though both companies stressed that there were no reports that the certificates had been used.

(Addtional reporting by George A. Chidi, Jr. of the IDG News Service.)

Microsoft, in Redmond, Wash., is available at VeriSign, in Mountain View, Calif., can be reached at