Microsoft's token-less Vista balances trust, openness
RSA's chief executive Art Coviello on Tuesday revealed that although Microsoft had originally planned to include native support for SecurID tokens in Vista, the idea had now been shelved.
Peter Watson, chief security advisor for Microsoft Australia, confirmed that SecurID would not be supported natively in Vista. Instead, he said that Microsoft had decided to promote "openness and interoperability" by creating a framework that would allow competing vendors to plug their products into the new operating system.
"Microsoft in its support for openness and interoperability is, through Windows Vista, providing a platform to cater for the various authentication mechanisms that we see customers requiring," said Watson in an emailed statement.
"Windows Vista has a new model for adding authentication methods, such as one-time passwords, which dramatically simplifies the integration experience ... third parties, including RSA, will be able to add their authentication solutions to Windows Vista, however this will not be natively supported by Windows Vista," he added.
Neal Wise, partner of Sydney-based security consultancy Assurance.com.au, said that by not supporting just one vendor, Microsoft may be opening up the market to competition but the software giant could also be missing out on an opportunity to increase trust in Windows.
"The further embedded in the operating system it is the greater trust we could have," Wise told ZDNet Australia. "At the same time we wouldn't want to have a situation where they did a really good job supporting just one vendor ... I can see from a competition point of view that companies other than RSA would prefer not to have RSA in there."
Frost & Sullivan's security analyst James Turner is not convinced that Microsoft's decision was solely based on openness. Instead, he believes the company has not included native support for RSA's -- and any of its competitors' tokens -- because of time pressures in releasing Vista.
"I think this is Microsoft panicking about getting Vista out on time. So they're going through their wish list with a chainsaw to try and get the new OS to market," Turner told ZDNet Australia.
RSA's Coviello admits that if Vista had included native support for SecurID then the combination of RSA's tokens and Windows could have become a "real standard".
"Quite frankly it will be better for us once it is native in the operating system and everybody else can do it because then it becomes a real standard," said Coviello, who added that he was confident of SecurID's success regardless of future developments.
"I like our chances competing regardless," he said.
Frost & Sullivan's Turner agrees with Coviello on his last point: "This isn't RSA's problem, it is Microsoft's."
"Microsoft need Vista selling as soon as possible so they can recoup the money they've poured into the R&D for it. The longer the OS is in development the more expensive the project is -- not only because of rolling development costs, but also through foregone revenue," added Turner.