Corporate vice president of Microsoft's Trustworthy Computing (TwC) group Scott Charney told a crowd at the RSA conference in San Francisco that the company was planning new security offerings which could help to better manage identity and authentication information.
Charney said that the company was working on a new server project as part of its "Geneva" project. The service allows administrators to use small pieces of authentication data to authorise access to web services and materials.
Microsoft hopes that the new system will allow for safe and controlled access without putting the burden on administrators to handle large lists of user privileges and access rights. At the same time, Charney sees the new system allowing better security and more accurate authentication.
"We have an identity meta-system that allows us to achieve the right objectives," said Charney.
"Essentially what [Geneva] does is allow you to pass claims about a person instead of the full identity."
For Charney, Geneva is part of a larger plan which will be needed to extend security protections into the era of web-based services and cloud computing. He argued that the current approach of combining secure coding practices with multi-level security protections and so-called mitigation tools such as filters was simply not enough.
"While it's important work that has to continue, it is a flaw to say that will ever be enough," he said.
"We need a different model for thinking about identity, one that allows authentication in the right places."
.png&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
