Microsoft is now making an interesting move as they announce to replace the authentication system for SharePoint Server. Microsoft plan to make the collaboration platform one of the first of the company’s marquee applications to rely on a new claims-based identity model.
The goal is to have SharePoint incorporate an authentication model that works with any corporate identity system, including Active Directory, LDAPv3-based directories, application-specific databases and new user-centric identity models, such as LiveID, OpenID and InfoCard systems, including Microsoft’s CardSpace and Novell’s Digital Me.
SharePoint will lose its rigid authentication system and replace it with an claims-based authentifiation solution. Claims could for instance be age or group membership, that are passed to obtain access to the SharePoint environment and to systems integrated with that environment. Claims are a set of statements that identify a user and provide specific information.The claims are used by systems to make such decisions as who gets access, who can retrieve content or who can complete transactions.
“We don’t want to come up with another, or the next, authentication system for SharePoint,” says Venkey Veeraraghavan, senior program manager lead for Office SharePoint Server.
Veeraraghavan said Microsoft settled on a claims-based system because it is flexible and designed for heterogeneous identity environments. “It allowed us to invest in one place [SharePoint] and know that we can credibly say we work with multiple systems, especially as they are woven into what we’re calling a Metasystem. We want to continue to work on making SharePoint useful to our customers, not spend a lot of time integrating with each and every identity system one-by-one, or worse, not do it because of resource concerns.”
In its current release SharePoint is fairly limited with authentication mechanisms. You can use NTLM (ancient and inefficient), Basic (used with SSL and the clear-text passwords are SO not good) or Kerberos (complex to configure, but better performance) or use MS Single Sign-On. This new move sounds like a great way to open up their collaboration platform to third party options, which are what most companies use.
Kim Cameron, Microsoft’s identity architect, believes an industry transformation to claims-based identity is 18 to 24 months away, which would, considering the normal product release cycle of the Office platform, place the implementation of new claims-based identity model in the next major release of Sharepoint Server 2009 or later.
Read full article
© Copyright 2007, Tomas Elfving
0 kommentarer:
Post a Comment