Microsoft Chairman and Chief Software Architect Bill Gates gave the first keynote address at last week's RSA Conference in San Jose, California. Gates outlined four areas that he thinks the industry needs to focus on: a trust ecosystem, better engineering, simplification of security for administrators and end users, and fundamentally secure platforms.
Gates stressed a need to create platforms that are less tedious to build and use. He pointed out that the systems of yesteryear were secure primarily because of their isolated nature. However, the Internet changed that situation for many systems. Better authentication is a key need in this area; Gates said that "\[passwords\] are very quickly becoming the weak link" in terms of security and pointed to phishing attacks as proof. "We need to move to multifactor authentication," he continued and said that support for technology such as smart cards needs to be built down into the system itself.
Howard Ting, of the Microsoft Windows Server products division, helped the audience visualize aspects of Microsoft's trust ecosystem concept. Ting demonstrated the new Certificate Lifecycle Manager (CLM), which entered beta testing last week. CLM simplifies the management of digital certificates and the provisioning of smart cards. The product lets users provision a new card, protect it with a PIN, and download their certificates from Active Directory (AD) to the new card.
Ting also demonstrated a new feature of Windows Vista and Longhorn--Network Access Protection (NAP)--that helps enforce company policies. For example, if a system doesn't have the latest service packs and updates installed, NAP denies that machine network access except for any access required to download and install the required updates. NAP can automatically install updates without the user having to take any particular action. Once the machine is in compliance, it can join the network.
Another key demonstration was Active Directory Federation Services (ADFS), which is part of Windows Server 2003 Release 2 (R2). ADFS allows companies to establish trusts to streamline user identification and authentication across those companies. Effectively, ADFS can provide a method of single sign-on (SSO), which greatly simplifies a computer user's experience.
Gates presented Microsoft's new digital InfoCard technology as a way for people to gain more control over authentication processes and access to their private information. In a related demonstration, Microsoft employee Richard Turner showed how user-created InfoCards can be used to store credentials, such as a person's real name, username, and password, and can then be used to streamline logon to Web sites. Turner also showed how an InfoCard could be issued by a third-party vendor and then used in an e-commerce transaction without disclosing private information. In his example, Turner showed Vista contacting the vendor that issued the InfoCard to obtain a token, then sending the token to the e-commerce site instead of sending the user's private information.
In effect, InfoCards issued by third parties are somewhat similar to digital certificates in that one entity vouches for another's identity. But the similarities probably end there. InfoCards are more flexible than certificates because they can store varying types of information and protect user's private information from unnecessary disclosure.
Gates' closed his keynote presentation by suggesting that the industry is only in the beginning stages of building the trust ecosystem. "We've all got a common challenge here and yet an amazing opportunity to let these digital systems be used in the broadest way," he said.