SharePoint Unchained

Posted on November 2, 2007
Filed Under Enterprise Software |

Am I the only person that missed the announcement a few weeks ago that Microsoft is moving SharePoint to a claims-based authentication model, which means Active Directory is no longer a prerequisite?

The goal is to have SharePoint incorporate an authentication model that works with any corporate identity system, including Active Directory, LDAPv3-based directories, application-specific databases and new user-centric identity models, such as LiveID, OpenID and InfoCard systems, including Microsoft’s CardSpace and Novell’s Digital Me.

The other aspect of this that is kinda cool for identity groupies is that claims-based authentication assumes there is a service consuming the security credential, any number of claims providers, and finally, the person owning the identity that can verify or veto claims.

What this means for consumers is that we may well get to a point where you don’t have a workplace identity and a separate basket of identity credential that we use in the consumer web, instead just one root security credential backed up by a distributed network of claims about you… the blurring of the line that I have referenced before. Also, because this supports multiple claims providers, the service that is consuming the identity can scale in security by requiring additional claims.

In the final analysis, as Cameron points out, this is a method for transferring claims that says nothing about truth. The claims provider can reject a claim or the user can veto a claim about themselves and that is where this security model gets it’s strength.

I would also point you to the Defrag blog for additional perspective on how security technology is 1) moving out of the "security organization", and 2) having greater long term impact on social software than most commenters will realize.

Tags: , , ,

Comments

  • Feeds