Announcements from Microsoft describe new features of the Microsoft Identity Integration Server (MIIS) 2003, identified as the third major release of Microsoft's metadirectory product. Microsoft Identity Integration Server 2003 (MIIS) "enables the integration and management of identity information across multiple repositories, systems, and platforms. MIIS augments Active Directory by providing broad interoperability capabilities including: integration with a wide range of identity repositories; provisioning and synchronizing identity information, including password management, across multiple stores; brokering changes to identity information by automatically detecting updates and sharing the changes across systems. In addition to integrating identity information across multiple platforms, MIIS makes identity management easier by automating the process of establishing and eliminating user accounts and enabling self-service password management."

"As part of its developing identity management strategy, Microsoft is introducing other new offerings for Windows Server 2003 customers at no additional charge, including; (1) Active Directory Application Mode (ADAM) enables customers to deploy Active Directory as a Lightweight Directory Access Protocol (LDAP) for application-specific data while using their distributed Active Directory infrastructure for user sign-on; (2) Identity Integration Feature Pack for Windows Server Active Directory; (3) support for Directory Services Markup Language (DSML) 2.0, which enables developers to represent directory structural information and directory operations as Extensible Markup Language (XML)-based documents; (4) The Microsoft Identity Management Solution Accelerator, which provides planning and implantation guidance, which helps customers effectively plan and build an identity management infrastructure."

Microsoft Identity Integration Server Overview

MIIS enables a company to synchronize identity information across a wide variety of heterogeneous directory and non-directory identity stores. This allows customers to automate the process of updating identity information across heterogeneous platforms while maintaining the integrity and ownership of that data across the enterprise.

MIIS allows you to easily provision and de-provision user's accounts and identity information like distribution, e-mail and security groups across systems and platforms. Customers will be able to quickly create new accounts for employees based on events or changes in authoritative stores like the human resources system. Additionally, as employees leave a company they can be immediately de-provisioned from those same systems.

End-users can be more productive by getting access to needed systems faster while corporate security is improved as employees' access to systems is automatically terminated as they leave. Administrators benefit from having these processes automated which improves their own productivity and helps to lower administrative costs.

Password management capabilities allow end-users or helpdesk staff to easily reset passwords across multiple systems from one easy-to-use Web interface. End-users and helpdesk staff will no longer have to use multiple tools to change their passwords across multiple systems.

Password resets are the single, greatest cost associated with a helpdesk. This feature helps companies to reduce the cost of their helpdesk operations while improving the productivity of their IT workforce.

Microsoft Identity Integration Server 2003, Enterprise Edition includes support for a wide variety of identity repositories including: Active Directory; Active Directory Application Mode; Attribute value pair text files; Delimited text files; Directory Services Markup Language; Fixed width text files; Global Address Lists (Exchange); LDAP Directory Interchange Format; Lotus Notes/Domino 4.6 & 5.0; Microsoft NT 4 Domains; Microsoft Exchange 5.5 Bridgeheads; Microsoft Exchange 5.5, 2000 & 2003; Microsoft SQL 7 & 2000 databases; Novell eDirectory v8.6.2 & v8.7; Oracle 8i & 9i databases; SunONE/iPlanet/Netscape Directory; IBM Informix, DB2, dBase, Access, Excel, OLE DB via SQL DTS.

Microsoft and PricewaterhouseCoopers (PwC) jointly worked to develop a solution accelerator: The Microsoft Identity and Access Management Solution Accelerator addresses how you can successfully plan, design and implement a structured identity and access management infrastructure. The solution accelerator focuses on the key components of any identity & access management implementation: directory services & identity integration, authentication, authorization, federation, privacy, provisioning or identity life-cycle management and key applications like web single sign-on. [adapted from the Microsoft Identity Integration Server 2003 Datasheet]

From the Announcement

"Customers have told us they need an end-to-end solution for managing identity information and access rights," said Bill Veghte, corporate vice president for the Windows Server Group at Microsoft. "With today's delivery of MIIS, we bring provisioning and metadirectory capabilities together in a single solution that enables customers to create and manage user identities with a single consistent view across the enterprise and throughout the complete life cycle of identity management."

In addition to integrating identity information across multiple platforms, MIIS makes identity management easier by automating the process of establishing and eliminating user accounts and enabling self-service password management.

"With Microsoft Identity Integration Server 2003, Pirelli now has a true identity management solution," said Marco Micci, technology innovation manager at Pirelli SpA. "We use MIIS to manage identities for more than 18,000 employees in 24 countries. This solution will help us achieve significant cost savings and improve productivity and efficiency as we move forward."

New Offerings Accelerate Customer Adoption of Identity Management Solutions. As part of its developing identity management strategy, Microsoft is introducing other new offerings for Windows Server 2003 customers at no additional charge, including the following:

• Active Directory Application Mode (ADAM) enables customers to deploy Active Directory as a Lightweight Directory Access Protocol (LDAP) for application-specific data while using their distributed Active Directory infrastructure for user sign-on. ADAM provides customers with greater flexibility in deploying an Active Directory infrastructure or a directory-enabled application.

• Identity Integration Feature Pack for Windows Server Active Directory integrates identity information between multiple Active Directory forests or between implementations of ADAM. As a result, customers will be able to manage digital identities more easily across their Windows Server Active Directory infrastructure.

• Directory Services Markup Language (DSML) 2.0 enables developers to represent directory structural information and directory operations as Extensible Markup Language (XML)-based documents. The result is interoperability between Active Directory and other directory services vendors that support this standard.

• The Microsoft Identity Management Solution Accelerator, built with PricewaterhouseCoopers LLP, provides planning and implantation guidance, which helps customers effectively plan and build an identity management infrastructure.

Windows Server 2003, released in April, provides customers with a foundation from which to manage digital identities and access permissions through the integration of Active Directory and new features such as the Authorization Manager. The new software delivered by Microsoft today significantly extends those capabilities to provide customers with greater flexibility and interoperability in managing identity information across the enterprise. In addition, Microsoft is working with key industry partners to deliver additional identity management services and solutions.

Standardization of Interoperable Identity and Trust Web Services Specifications: Microsoft is actively demonstrating its commitment to support its customers' identity and access management needs through the integration of interoperable identity standards into the Windows platform. Microsoft, in conjunction with several industry leaders, is providing tools that developers can use to discover, integrate and help secure Web services easily. In April 2002, Microsoft, IBM Corp. and VeriSign Inc. released the Web Services Security (WS-Security) specification, one of several specifications outlined in the Microsoft and IBM road map titled "Security in a Web Services World." The road map provides a comprehensive framework for building interoperable and secure Web services, including support for federated identities. Several additional specifications, including WS-Trust, WS-Policy and WS-Secure Conversation, were released for review in December 2002. Microsoft will continue to work with industry partners to advance interoperable identity specifications through Web services, allowing companies to work more effectively with partners, customers and vendors by making it easier for them to manage identity information and access rights.

Problem Space: Introduction to Microsoft Identity Integration Server 2003

In most enterprises today, each individual application or system has its own user database or directory to track who is permitted to use that resource. Identity and access control data reside in tens and hundreds of different directories and applications such as specialized network resource directories, mail servers, human resource, voice mail, payroll, and many other applications.

Each has its own definition of the user's "identity" (name, title, ID numbers, roles, membership in groups). Many have their own password and process for authenticating users. Each has its own tool for managing user accounts, and sometimes dedicated administrators responsible for this task. Further, most enterprises have multiple processes for requesting resources and for granting and changing access rights. Some of these are automated, but many are paper-based. Many differ from business unit to business unit even when performing the same function.

Administration of these multiple repositories often leads to time-consuming and redundant efforts in administration and provisioning. It also causes frustration for users, needing them to remember multiple IDs and passwords for different applications and systems. The larger the organization, the greater is the potential variety of these repositories and the effort required to keep them updated. This labyrinth of inefficient processes and overlapping systems can have significant consequences for: (1) Cost Containment and Productivity; (2) Security; (3) Customer Service and Supply Chain Integration.

Microsoft Identity Integration Server (MIIS) 2003 can help solve this chaos. MIIS is a system that manages and coordinates identity information from multiple data sources in an organization, enabling you to combine that information into a single logical view that represents all of the identity information for a given user or resource. [adapted from the Technical Overview of Microsoft Identity Integration Server 2003]