Microsoft is developing a portal-like interface for its identity management platform that will let users self-manage their identity information and provision network services.
The features are part of Gemini, the code name for the next version of Microsoft Identity Integration Server (MIIS). Microsoft officials offered the first peek at Gemini at the Digital ID World conference.
Microsoft said Gemini likely would ship at the same time as Longhorn server in 2007, but could be released as early as 2006.
Gemini's highlight, according to Microsoft, is self-service provisioning features that let users maintain their own identity information and give delegation of authority to managers, department heads and others to create and delete accounts for select user sets.
The intent is to make it easier and more cost-effective for customers to manage user identity and access by pushing out those responsibilities to users with a vested interest in the information.
"This is a self-managing model with constraints as opposed to the manual model of today," architect of directory services for Microsoft, Kim Cameron, said. "For the first time, we'll have a separate provisioning component that's self-service for identity management."
MIIS is a system-to-system integration hub built on meta-directory technology that pushes identity changes made in one system out to all other systems connected to the hub to keep identity information in sync or to create accounts. For example, a new employee added to the human resources system could trigger the account creation for that user in other systems based on a set of pre-defined rules. Also, an employee's job status change could trigger new levels of privileges in current accounts.
Cameron said users could go as far as they wanted in delegating provisioning authority, including provisioning group memberships within Active Directory.
"We have finally finished the wiring [of the identity platform], and now we can do more stuff on top that is valuable," he said. Self-service delegation and administration, along with Web-based access controls, were the most glaring gaps in Microsoft's identity management strategy, experts said.
Microsoft, along with HP, IBM, Novell, Oracle and Sun Microsystems are building comprehensive identity-management platforms with an eye on Web services and standards-based interoperability.
MIIS shops today must write scripts to delegate any level of provisioning authority to users. In Gemini, users will have a personalised point-and-click portal-like interface that gives privileges that reflect their role and authority level within an organisation.
The feature will be linked with the Authorization Manager features in Windows Server 2003 and with an audit/reporting module in Gemini based on another technology Microsoft is developing called the Audit Collection System, which is used to track changes made to user identities and access rights. MIIS is one component of Microsoft's emerging identity-management platform that also includes Active Directory and Active Directory Application Mode (ADAM). ADAM is based on the Lightweight Directory Access Protocol and is an alternative to the standard, full install of Active Directory.
Microsoft plans to release Service Pack 1 of the current version of MIIS along with Windows Server 2003, code named R2, in the second half of 2005. That MIIS release will include more synchronisation connectors as well as upgrades to password management features.