JuiceAPac - Microsoft joins MIT's Kerberos Consortium

Microsoft joins MIT's Kerberos Consortium

Microsoft Corp. has joined the executive board of MIT's Kerberos Consortium, an organization that oversees development of the widely used network authentication standard. Rivals Apple Inc., Google Inc. and Sun Microsystems Inc. are also on the board.

The Kerberos suite of authentication protocols, which runs on most operating systems, can enable security features such as single sign-on, where a single log-in and password can be used to access multiple Web sites or applications. The protocols were developed as part of MIT's Project Athena in the 1980s.

Microsoft has implemented the Kerberos protocols in its Windows 2000, XP, Server 2003 and 2008, and Vista operating systems, but it has also been accused of subverting the standard by adding proprietary extensions.

During Microsoft's U.S. antitrust trial that began in 1998, an MIT professor testified that the vendor had extended the Kerberos specification in Windows 2000 so that a non-Microsoft server could not use the operating system's security features. That evidence contributed to the view that Microsoft gave lip service to interoperability while implementing technical blocks to lock out competitors. Microsoft eventually released details on its modifications to Kerberos.

After antitrust trials in both the U.S. and Europe over the past decade, Microsoft took steps both under court order and voluntarily to improve its documentation of protocols and to open up more of its internal technical details.

Microsoft's participation in the Kerberos Consortium "shows Microsoft's continued and growing desire as of late to work with the open-source community and industry consortiums around interoperability," Tom Kemp, CEO of security software vendor Centrify Corp., noted on his blog.

Centrify, a Microsoft partner, makes software called DirectControl that lets servers, workstations and devices from other vendors use Active Directory, which is Microsoft's authentication and provisioning technology. Authentication is accomplished using Kerberos, Kemp wrote.

Even while embroiling itself in controversy, Microsoft has also made use of Kerberos more widespread through its involvement with the protocol, Kemp wrote.

"As we all know, there are many out there that like to beat up Microsoft regarding security, but it is ironic that Microsoft by default delivers the added security of Kerberos as part and parcel of the Windows platform," Kemp wrote.