As Microsoft works to get the Windows client and server security packs out the door, it's also pushing the software's existing authentication and access control facilities--namely, public key infrastructure (PKI) and digital rights management services (RMS)--to get customers to batten down the hatches.
Both features are key for security and B2B e-commerce, particularly as Microsoft works to integrate better extranet and cross-company authentication features in a Windows Server update due out in 2005. But there's a snag: The digital certificate systems of PKI and RMS don't speak the same language. The PKI infrastructure in Windows Server 2003, for example, generates x509 certificates while the newer RMS add-on uses certificates based on xRML 1.2.1.
To solve that dilemma, Microsoft plans to make the certificate issuance systems of PKI and RMS interoperate, according to the company's monthly security briefing on Tuesday.
"Today, RMS is based on another [certificate authority] than PKI, and that's because it's based on an xRML license and certificate other than x.509. Today, they're a separate infrastructure," said David Cross, lead program manager for PKI at Microsoft. "We understand customer concerns, and the major direction in the future is to provide more integration and common management between the two infrastructures to simplify deployment."
|