Corporate users with third-party, Windows-based authentication systems such as VPNs could face a difficult transition to Microsoft’s Vista because of an overhaul of the core Windows logon architecture, according to independent software vendors and analysts.
The good news for users is that those same observers say Vista, which is being touted for its security features, will eventually deliver a more secure and flexible authentication architecture than exists today in Windows.
But ISVs say rewriting their code for the new architecture will produce headaches that will extend to their customers that have deployed strong authentication such as biometrics or tokens, enterprise single sign-on and a number of other systems integrated with the Windows authentication architecture.
“Not only the vendors, but the customers that have [authentication systems] already deployed are going to go through a lot of pain,” says one ISV who asked not to be named. “We knew there were going to be changes, but we didn’t know there would be wholesale changes.”
Users will have to go through testing periods after vendors deliver new interfaces for their products. During migrations, users will have key security infrastructures that straddle two different authentication environments, one for Vista and one for earlier versions of Windows, until migrations are complete. They also will have to support different client-side code and separate interfaces that will present retraining issues, experts say.
In addition, users with any homegrown authentication mechanisms linked to Windows will have to rewrite their code from the ground up.
ISVs also have to completely rewrite and certify the custom code they write to inter