Microsoft has a grand plan for digital-identity management. And over the next few months, the company will begin to deliver Microsoft implementations of some of the piece parts of that plan.

At last week's Digital Identity World 2005 conference, Microsoft officials explained a concept called the "identity metasystem" In Microsoft's view, such a metasystem could go a long way to making existing digital-ID systems interoperable.

An identity metasystem is much like a metadirectory, according to industry watchers. A metadirectory, or uber-directory service, is designed to users to view data from different directory systems in a unified way.

In a white paper published this month to the Microsoft Web site, Microsoft describes the identity metasystem this way: "This metasystem, or system of systems, would leverage the strengths of its constituent identity systems, provide interoperability between them, and enable creation of a consistent and straightforward user interface to them all. The resulting improvements in cyberspace would benefit everyone, making the Internet a safer place with the potential to boost e-commerce, combat phishing, and solve other digital identity challenges."

"The ID metasystem is a new concept that we just started talking more formally about last week," said Michael Stephenson, director of product management with the Microsoft Windows Server team.

The identity metasystem is an outgrowth of the WS-* Web services architecture that Microsoft and its partners have been championing for the past couple of years.

"The WS-* architecture has a number of the characteristics required for this (digital ID meta) system," Stephenson said. "We believe WS-* is the right architecture for plugging into the metasystem."

Stephenson said that while the digital ID platform vision advances, Microsoft and its partners will continue to submit the various WS-* protocols to standards bodies in a royalty-free manner.

As outlined by Microsoft in its metasystem white paper, the digital ID metasystem will build on top of two of the WS-* protocols: the WS-Trust and WS-Metadata Exchange ones. Security token servers and WS-SecurityPolicy-based clients that require user-identification-vertification will plug into this base.

According to Microsoft, "Examples of technologies that could be utilized via the metasystem include LDAP claims schemas, X.509, which is used in Smartcards; Kerberos, which is used in Active Directory and some UNIX environments; and SAML, a standard used in inter-corporate federation scenarios."

Microsoft envisions individual vendors building their own implementations of the digital ID metasystem. Microsoft is beginning to outline its own implementation, the elements of which will include: