Microsoft's forthcoming Longhorn Server operating system is scheduled to fold several identity services into Active Directory. 

Active Directory currently allows network administrators to set policies for groups of users, and to centrally deploy new applications to many computers.

"Longhorn will see the domain controller role that customers historically thought about with Active Directory become just one of the roles," Mike Atalla, a group product manager for Microsoft's identity and access product group, told vnunet.com in an interview at the RSA Conference in San Francisco. 

Longhorn Server is slated for availability by the end of this year. The software will add identity, certificate and rights management services as well as federation management services to Active Directory.

Identity and certificate services allow administrators to manage user accounts and the digital certificates that allow them to access certain services and systems.

Rights management services let users set limitations on information that they create, for instance to prevent an email being forwarded beyond the original recipient.

Federation management services enable companies to share credentials with partners and customers, allowing a consultant to use his company username and password to log in on a client's network.

Although these services are available in Windows Server 2003, they currently exist as standalone services and do not work together.

Companies have to set up separate user accounts if an outside consultant needs to be able to receive messages governed by rights management services, for example.

Bundling the services under Active Directory allows users to combine federated identity and digital management services, as well as any other Active Directory services.

The Longhorn enhancements are driven by Microsoft's vision for an identity meta system designed to allow services and systems to connect and interoperate regardless of their underlying technologies.  

Consumers received the first part of this meta system as the InfoCard digital identity service that ships as part of Windows Vista.

Longhorn Server will provide some of the infrastructure components, but Atalla estimated that it will take up to five years for the vision to be fully implemented.

Microsoft will focus in the next phase on building tools that allow IT staff and developers to more easily manage identities and services.

These services will allow IT staff to set boundaries within which users can reset their own passwords, for instance, or create internal mailing lists with no outside assistance.

"Empowering the IT professional will always be part of the identity management challenges," said Atalla.

"But empowering the end user to do the right things with the right tools when they need to do them is going to be a huge focus. It is an important gap in the identity management space today."