Microsoft said Tuesday at the RSA security conference that it is launching a trustworthy Internet initiative much like its Trustworthy Computing plan launched in 2002.
And like Microsoft's Trustworthy Computing initiative it all started with a whitepaper. That fact is what makes Microsoft's strategy and research chief's Craig Mundie's comments at RSA a bit strange. Microsoft was essentially announcing a white paper and a "dialogue" with the security community that will encompass technology, privacy and political implications.
Mundie called it "End to End Trust" encompasses the following:
- Creation of a trusted stack where each element in the stack can be authenticated and is equally trustworthy, from the operating system to applications, people and data.
- A system that enables people to preserve their identity claims while addressing issues of authentication, authorization, access and audit.
- Closer alignment between technological, social, political and economic forces in order to make real progress.
We believe there are three key pieces to creating greater trust on the Internet. The first is creation of a trusted stack where security is rooted in hardware and where each element in the stack (hardware, software, data and people) can be authenticated in appropriate circumstances. The second piece involves managing claims relating to identity attributes. We need to create a system that allows people to pass identity claims (sometimes a full name perhaps, but at other times just an attribute such as proof of age or citizenship). This system must also address the issues of authentication, authorization, access, and audit. Finally, we need a good alignment of technological, social, political and economic forces so that we make real progress. The goal is to put users in control of their computing environments, increasing security and privacy, and preserving other values that we cherish such as anonymity and freedom of speech.
That was Mundie's big windup for the whitepaper:
At this year's RSA, Microsoft will not announce a new company strategy. Rather, we will use this opportunity to ask all who care about online safety to join in a robust and meaningful discussion about building a more trusted Internet. At the same time, we know customers have concerns about threats today, so we will also talk about integrated solutions we are delivering to help customers address current needs for maintaining secure and private environments. To facilitate the dialogue, we are providing a whitepaper describing End to End Trust, Microsoft's proposed vision to help create a more trusted Internet.
You can almost hear the crickets. Here's what you'll hear from folks: Microsoft wants a dialogue about Internet security. So?
Actually, Microsoft's white paper is worth a read and could lead to bigger things. But we won't know for about a year when Microsoft goes to RSS and delivers its report card.
George Stathakopoulos, General Manager of Microsoft's Trustworthy Computing group, noted that the software giant expects to hear from the critics. Why should Microsoft be initiating this discussion? Can you trust it?
Stathakopoulos said that he expects most folks to enter the dialogue. No one disagrees that Internet must be secure soup to nuts. And the sooner people start talking about the security ecosystem the better.
Some key points from Stathakopoulos:
- Internet security goes beyond one player. For instance, Stathakopoulos noted that there needs to be secure software, trusted devices and applications that are preapproved. If you had such a lineup--a trusted stack--you could book a hotel room, check in and enter your room via your cell phone. "That technology is interesting but by itself it will fail," said Stathakopoulos. "This technology will fail without all partners ecosystem coming together. There has to be alignment."
- Privacy will be critical. Microsoft's scenarios could sound Big Brother-ish. Privacy will be a tough issue and require dialogue with political entities, security executives and the technology industry.
- Who will the allies be? Stathakopoulos said that everybody is an ally on security--Mozilla, Apple, Symantec and other anti-virus vendors to name a few.
The whitepaper isn't a strategy paper, it's a conversation starter. "This whitepaper was possible due to the goodwill established over the last few years," said Stathakopoulos. "We need a dialogue to help to stay on focus and on track and not get derailed by vendor politics."