Microsoft seeks help from VeriSign on .Net security

From...

By Todd R. Weiss

(IDG) -- Microsoft Tuesday announced plans to use digital certificate authentication and security technologies developed by VeriSign Inc., in an attempt to provide tighter data security capabilities for its Internet-based .Net computing services initiative.

The two companies said the VeriSign technology will be used with future .Net product offerings from Microsoft. In exchange, they added, Mountain View, Calif.-based VeriSign will incorporate Microsoft's .Net technology standards into its Internet-based trust services offering and deploy Windows 2000 Server on the systems used to host Web sites as part of its domain-name registration and Web site design businesses.

Microsoft and VeriSign have worked together since 1996, when they jointly launched technology enabling the secure downloading of software on the Web. As part of the new deal, the companies said, VeriSign will support the deployment of XML-based Web services dubbed HailStorm, including Microsoft's Passport single-sign-on and authentication system.

IDG.net INFOCENTER Computerworld main page Free daily newsletters Related IDG.net Stories Microsoft to loosen reins on .Net code, snubs Linux Open Source takes on MS .Net VeriSign trial offers domain names in over 350 languages Features Cool gifts for cool nerds Visit an IDG site Choose a site: IDG.net CIO Computerworld Darwin Dummies.com GamePro.com The Industry Standard ITWorld.com InfoWorld.com JavaWorld LinuxWorld Macworld Online Network World Fusion PC World Publish.com UnixInsider IDG.net search

HailStorm is being promoted by Microsoft as a technology that will let software developers create applications that work together seamlessly over the Internet while delivering a more personalized and consistent user interface, though corporate users have expressed skepticism about its usefulness in business applications. Microsoft now plans to use VeriSign's digital certificates to encrypt information sent via smart clients in order to ensure data privacy and confidentiality.

Eric Hemmendinger, an analyst at Aberdeen Group Inc. in Boston, said the announcement is evidence that Microsoft wanted expert help in bolstering the security of .Net for users. Previously, "one could have imagined that Microsoft would have tried to launch certificate authority services on its own," Hemmendinger said. But that isn't likely now, he added.

"If Microsoft was entertaining any thoughts of getting into the [certificate authority] business, they've put those on the back burner," Hemmendinger said. "Here, Microsoft is saying, 'We need to go with a gorilla in terms of this capability. We can't do this on our own.' " In return, he noted, Microsoft gets a commitment from VeriSign for "an awful lot of Windows 2000" installations.