San Diego - Microsoft this week laid out the roadmap for its identity management platform, including federation services that will ship next year and eventually provide Web single sign-on features.

Microsoft plans to announce the roadmap and the renamed federation service during the second-day keynote at Microsoft’s annual TechEd conference Tuesday morning.

Formerly codenamed TrustBridge, the technology is now called Active Directory Federation Service (ADFS), Microsoft said. It will ship next year as part of the Windows Server 2003 Update, codenamed R2, and allow users to federate identities between corporate boundaries.

Federation lets an identity credential issued by one company be used for access to a partner’s network.

“ADFS will be one of the biggest splashes in the identity management space we make this year,” says Levon Esibov, group program manager for directory and identity services.

ADFS will become the cornerstone of Microsoft’s adoption of Web services security protocols on the Windows platform, supporting authentication and authorization services between disparate systems and across corporate boundaries.

ADFS will eventually provide the Web single sign-on capabilities that Microsoft’s identity platform currently lacks. Those capabilities are now provided by third-party partners including Netegrity, Oblix and Open Network. Before Microsoft can claim single sign-on capabilities, however, support for Web services protocols, such as the Security Assertion Markup Language (SAML), must be prevalent across vendors’ identity products.

ADFS will support WS-Security, an OASIS standard, as well as protocols Microsoft is developing along with its partners such as WS-Trust, WS-Policy, WS-Secure Conversation, WS-Federation, WS-Authorization and WS-Privacy.

On Monday, Microsoft unveiled its Web Services Enhancements 2.0, a package for developers that includes those same protocols.

Microsoft’s work on federation protocols is in competition with work being done by the Liberty Alliance, which is using SAML as the foundation for a federated identity framework. Microsoft officials say they plan to eventually interoperate with the Liberty specifications.

The ADFS enhancements are the leading edge of a series of incremental upgrades to Microsoft’s identity management platform, which revolves around Active Directory, Active Directory Application Mode and Microsoft Identity Integration Server (MIIS).