VeriSign got the full joint-marketing treatment yesterday, with VP of research and advanced products Nico Popp keynoting alongside Microsoft chief security strategist Scott Charney at the Microsoft TechEd conference in Dallas, Texas.
While full technical details of the work were not available, it seems as though VeriSign is adapting its PKI products to the fact that Microsoft has included a full-featured PKI in Windows Server 2003, which reduces the need for third-party products.
Popp said that VeriSign is working with Microsoft, using Microsoft APIs, to create two offerings – managed PKI services somewhat similar to existing offerings. One product will be released in the fourth quarter, the other in the first quarter next year.
One service, aimed at larger customers that want to retain some control of their PKI, will comprise a certificate authority (CA) in Windows Server 2003 that talks to VeriSign’s root CA elsewhere on the internet.
The other service will be for companies that don’t mind outsourcing more functionality. This will comprise a thin registration authority server, which acts as a gateway for a CA hosted by VeriSign elsewhere.
Popp said that the VeriSign services will use features enabled when Windows Server 2003 and Windows XP Professional are deployed together, such as automatic certificate issuance and key generation.
Microsoft’s product literature says that Server 2003 can automatically issue certs to XP clients, a definite advantage considering that third-party PKIs must be purchased separately, and require per-certificate license fees and increased management tasks.
Popp said one of the benefits of what VeriSign is developing will be that certificates issued and trusted on local networks will be linked back to VeriSign’s hosted CA, allowing them to be trusted by third parties.
VeriSign will introduce an interoperability CA service, Popp said. Companies using Windows for their PKI will be able to extend their PKI infrastructure to the internet by connecting it to VeriSign, which could be useful in web services scenarios.
Source: Computerwire