http://www.microsoft-watch.com/article2/0,1995,1585354,00.asp
Wednesday, May 05, 2004
Microsoft: 'Palladium' Is Still Alive and Kicking
By Mary Jo Foley
Updated: Redmond denies published report that it is axing its
Next-Generation Secure Computing Base and insists the technology still will
debut in Longhorn.
SEATTLE - Microsoft spent much of Day 2 of its Windows Hardware
Engineering Conference (WinHEC) here refuting a published report claiming
the company has axed its Next Generation Secure Computing Base (NGSCB)
security technology.
"NGSCB is alive and kicking," said Mario Juarez, a product manager in
Microsoft's security and technology business unit.
ADVERTISEMENT
NGSCB - the hardware/software security system formerly code-named
"Palladium" - has been one of the most controversial components expected to
debut in the version of Windows that's due out in 2006+.
Unlike last year's WinHEC, where NGSCB received top billing, this year,
it's just a blip on the radar screen. In fact, there are at only three
sessions on the WinHEC docket specifically about NGSCB. But Microsoft is
still talking up its NGSCB vision at this week's show.
Microsoft is continuing to be vague about exactly how much of its NGSCB
code will ship as part of Longhorn. Company officials have gone on record
saying that customers would not be impacted by the technology until
Microsoft delivered Version 2 of the NGSCB platform. The company has not
provided a date for Version 2.
In spite of these facts, the plan of record continues to be to deliver
Version 1 of its NGSCB technology as part of Longhorn, said Juarez.
Juarez acknowledged that Microsoft is reworking its NGSCB technologies to
enable independent software vendors and customers with a way to allow their
existing applications to take advantage of NGSCB without having to rewrite
them. He said that customers to whom Microsoft has shown early versions of
NGSCB requested this change. He added that Microsoft will provide more
details on how it plans to do this some time later this year.
Microsoft has explained NGSCB's inner workings this way: The two
foundations of NGSCB were designed to be the Trusted Platform Module on the
hardware side, and the Trusted Operating Root (or "nexus") on the software
side. The nexus was to be the kernel of an isolated software stack that was
designed to run inside the standard Windows environment. The nexus was
slated to provide a set of APIs that would enable sealed storage and other
foundations for trusted-computing.
But up until this week, Microsoft had said that only applications that
were designed from the ground-up to be nexus-aware would be able to take
advantage of these features.
Juarez also admitted that the NGSCB team currently "did not have a managed
code story." He said, "We need to go back and figure out how that will look
and work."
Managed code is a key concept in Longhorn. It involves a new programming
model centered around a new "managed" application programming interface.
Microsoft is gunning to have many of Longhorn's own subsystems function as
managed applications and is advocating that third parties make their
Longhorn applications managed, as well.
Juarez said Microsoft is not providing any of its NGSCB bits as part of
the new Longhorn pre-alpha release that it is distributing this week to
WinHEC attendees. But he denied that this means that the company is
exorcising NGSCB from the product. Instead, he said that the NGSCB team
decided that the driver developers at the show wouldn't be the right
targets for this code.
"We are not updating the development environment now. We are evaluating
whether there will be one in Longhorn," he said. "The only question is what
it will look like."
Microsoft did include in the pre-alpha version of Longhorn software
developer kit that it distributed at the Professional Developers Conference
last fall both the NGSCB application programming interface (API) set, as
well as various NGSCB class-library files.
"We are making some predictable changes," Juarez continued. He said that
Microsoft has attempted to be very transparent about its NGSCB plans over
the past two years in order to allay industry fears about Microsoft's
security intentions.
"We've just been doing in public what is usually done in private," Juarez
said, in terms of detailing the NGSCB evolving its strategy and directions.
(Note: This story was updated. One of the four scheduled NGSCB sessions at
this year's show was cancelled, leaving only three on the docket. Also:
Juarez said he misspoke, re: whether there will be an NGSCB development
environment included as part of Version 1 of NGSCB. Microsoft is currently
evaluating whether or not to make the dev environment part of the release,
he said.)
--
-----------------
R. A. Hettinga