SAN FRANCISCO -- Balancing privacy with security on the Internet is always a challenge but the balancing act will only become tougher and the industry must work together to address it, Microsoft Chief Research and Strategy Officer Craig Mundie said in a Tuesday keynote at RSA Conference 2008.
Despite progress on the security side, "we do find ourselves where the intimacy of computing… is escalating the challenges we have in privacy," he said in his keynote, which was conducted as a dialogue with Christopher Leach, CISO, Affiliated Computer Services.
He said Microsoft is releasing a paper Tuesday that describes the software giant's vision of end-to-end trust. The vision requires many pieces, including a secure operating system, trusted hardware devices, and secure applications. The paper aims to start an industry dialogue, Mundie said.
"The end-to-end trust proposal isn't a product roadmap but it's framing a problem, the questions of authentication, access, audit… and what are the social, political and technical issues around that," he said. "It's something everyone will need to play a more active role in."
By integrating CardSpace mechanisms into Vista, Microsoft is going beyond the broad authentication mechanism of user name/password, but the company focused on moving to a trusted stack environment, Mundie said, adding, "We can't do this by ourselves."
Afterwards, Philip Black, director for enterprise infrastructure services at Petro-Canada, a Canadian oil and gas company, said, "They [Microsoft] do recognize what the issues are and it sounds like they're doing some things to address them."
He appreciated that Microsoft "recognizes it has to fit into a heterogeneous environment." Black also supports Mundie's advocacy of role-based identity management. "It's the way it has to work," he said.