<http://www.microsoft-watch.com/article2/0,1995,1585354,00.asp> Wednesday, May 05, 2004 Microsoft: 'Palladium' Is Still Alive and Kicking By Mary Jo Foley Updated: Redmond denies published report that it is axing its Next-Generation Secure Computing Base and insists the technology still will debut in Longhorn. SEATTLE - Microsoft spent much of Day 2 of its Windows Hardware Engineering Conference (WinHEC) here refuting a published report claiming the company has axed its Next Generation Secure Computing Base (NGSCB) security technology. "NGSCB is alive and kicking," said Mario Juarez, a product manager in Microsoft's security and technology business unit. ADVERTISEMENT NGSCB - the hardware/software security system formerly code-named "Palladium" - has been one of the most controversial components expected to debut in the version of Windows that's due out in 2006+. Unlike last year's WinHEC, where NGSCB received top billing, this year, it's just a blip on the radar screen. In fact, there are at only three sessions on the WinHEC docket specifically about NGSCB. But Microsoft is still talking up its NGSCB vision at this week's show. Microsoft is continuing to be vague about exactly how much of its NGSCB code will ship as part of Longhorn. Company officials have gone on record saying that customers would not be impacted by the technology until Microsoft delivered Version 2 of the NGSCB platform. The company has not provided a date for Version 2. In spite of these facts, the plan of record continues to be to deliver Version 1 of its NGSCB technology as part of Longhorn, said Juarez. Juarez acknowledged that Microsoft is reworking its NGSCB technologies to enable independent software vendors and customers with a way to allow their existing applications to take advantage of NGSCB without having to rewrite them. He said that customers to whom Microsoft has shown early versions of NGSCB requested this change. He added that Microsoft will provide more details on how it plans to do this some time later this year. Microsoft has explained NGSCB's inner workings this way: The two foundations of NGSCB were designed to be the Trusted Platform Module on the hardware side, and the Trusted Operating Root (or "nexus") on the software side. The nexus was to be the kernel of an isolated software stack that was designed to run inside the standard Windows environment. The nexus was slated to provide a set of APIs that would enable sealed storage and other foundations for trusted-computing. But up until this week, Microsoft had said that only applications that were designed from the ground-up to be nexus-aware would be able to take advantage of these features. Juarez also admitted that the NGSCB team currently "did not have a managed code story." He said, "We need to go back and figure out how that will look and work." Managed code is a key concept in Longhorn. It involves a new programming model centered around a new "managed" application programming interface. Microsoft is gunning to have many of Longhorn's own subsystems function as managed applications and is advocating that third parties make their Longhorn applications managed, as well. Juarez said Microsoft is not providing any of its NGSCB bits as part of the new Longhorn pre-alpha release that it is distributing this week to WinHEC attendees. But he denied that this means that the company is exorcising NGSCB from the product. Instead, he said that the NGSCB team decided that the driver developers at the show wouldn't be the right targets for this code. "We are not updating the development environment now. We are evaluating whether there will be one in Longhorn," he said. "The only question is what it will look like." Microsoft did include in the pre-alpha version of Longhorn software developer kit that it distributed at the Professional Developers Conference last fall both the NGSCB application programming interface (API) set, as well as various NGSCB class-library files. "We are making some predictable changes," Juarez continued. He said that Microsoft has attempted to be very transparent about its NGSCB plans over the past two years in order to allay industry fears about Microsoft's security intentions. "We've just been doing in public what is usually done in private," Juarez said, in terms of detailing the NGSCB evolving its strategy and directions. (Note: This story was updated. One of the four scheduled NGSCB sessions at this year's show was cancelled, leaving only three on the docket. Also: Juarez said he misspoke, re: whether there will be an NGSCB development environment included as part of Version 1 of NGSCB. Microsoft is currently evaluating whether or not to make the dev environment part of the release, he said.) -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'