In a speech that had the key themes of simplicity, trust ecosystems, and a fundamentally secure platform, the main points of interest came in brief demos of prerelease technologies like Network Access Protection and InfoCards.
InfoCards looks like Microsoft taking a second crack at Passport, its abortive attempt to act as a centralized hub for user identities. But this time the company seems to have mostly removed itself from the picture.
InfoCards look like a more advanced version of the Internet Explorer feature that allows you to store your passwords and contact information locally in order to easily fill out web forms with just a click or two.
Users could maintain a low-rights card containing just basic info like name and email address for sites they moderately trust, while they could create a card containing more sensitive data like credit card numbers, for more trusted sites.
Doesn’t really sound like a security feature, does it?
But Microsoft product manager Richard Turner, doing the product demo honors on a beta copy of Vista, noted that when the InfoCard window appears, the rest of the Windows desktop fades to gray in the background.
This shell is running in a secure desktop separate from my logged-in session, under a different user account, he said. It makes it far harder for malware which might have made it onto my machine to actually attack this identity infrastructure.
On the flip-side of the transaction, a HTTPS address in the URL bar of IE will now highlight in green if the web site in question has bought a high assurance SSL certificate, indicating a potentially more trustworthy site.
High assurance in this context appears to mean a cert where the issuer has authenticated the business’s identity manually in various business directories, rather than just doing a Whois lookup, which is how some of the cheaper SSL certs are sold.
In addition, InfoCards will support managed cards, which will be issued and managed remotely by organizations that the user interacts with. This could include a frequent flyer account or a store discount card, for example.
Also previously announced, but demonstrated for the first time, was the ability for IE to isolate ActiveX controls in the Temporary Internet Files folder, so that they are unable to perform malicious acts on other parts of the disk.
In addition, we got our first look at NAP, which is Microsoft’s take on the network access control market — essentially a method of quarantining PCs that do not conform to the local network’s security policy.
Seen from the client side, it was difficult to tell much about how it will work. A discrete pop-up alerted the user to the fact that they had been blocked, and gave them a button to click to remediate the situation. It could happen automatically too, we were told.
All in all, it wasn’t Gates’ most visionary keynote ever, but he did manage to tie the various bits and bobs in Vista into something roughly coherent around the themes of ease of use and trust networks.
He also threw in a couple of topical jokes about Dick Cheney shooting folk but, immediately preceding the keynote, it was the RSA organizers’ opening ceremony, themed on ancient Indian mathematics, which provided the biggest laugh.
A brief, atmospheric introduction to the so-called Vedic scriptures — old texts which apparently show that India developed mathematics long before the Arabs or Europeans — was followed up by a truly hilarious live Bollywood-style song-and-dance routine that, while you can’t fault the enthusiasm of the performers, managed to kill any sense of grandeur.
If you missed it, it’s worth trying to hunt down a bootleg. It’s very probably the only Bollywood song ever to contain the words Sarbanes-Oxley, and is likely to go down in the annals of terrible corporate anthems if only for that reason.
If not for the chorus itself: It’s a Brave New World / It’s a brand new day / Got to learn the rules / If you want to play.
It was difficult for some onlookers not to infer some kind of social commentary on the Asian outsourcing trend sweeping America, but whether that was the intent of the organizers, this reporter is unable to say.