Today at TechEd EMEA 2008 Developers in Barcelona, Spain, Microsoft announced a big step forward in the world of digital identity, unveiling the first public beta of a software platform, code-named “Geneva”, which will help developers create applications across the ‘cloud’, between organizations and on-premises with a single, simplified and open identity model. “Geneva” implements the shared industry vision of an interoperable Identity Metasystem via support for industry standard protocols such as WS-* and SAML and other interoperability capabilities. Additionally, Microsoft announced a collaboration with Orange and eBay on a proof-of-concept customer experience for eBay Powersellers and Orange network users that would use Windows® Cardspace “Geneva”, the next generation of Microsoft’s identity card selector for users.
“Working with user identities in applications is hard for developers today as they must choose among many different identity technologies and code custom user-access logic into every application, which takes time away from core development work,” said Kim Cameron, chief architect of identity and a Microsoft distinguished engineer. “Geneva” addresses these concerns, simplifying the identity model by externalizing authentication from applications with claims – a set of statements about a user that provide specific information such as title or purchasing authority. The claims-based identity model provides a rich description of users’ characteristics while minimizing disclosure of identity information, improving the ability of applications to make fine-grained access control decisions while enabling users to maintain control over how their identities are used. This model will work in the enterprise, federations, and the consumer Web for both on-premises and cloud applications.”
‘Geneva’ helps businesses and governments facilitate collaboration within the enterprise, across organizational boundaries, and on the Web while satisfying cost cutting and security requirements. ’Geneva’ will also help organizations react to changing needs more quickly and economically by allowing identities on existing systems to interoperate with new systems such as cloud services and service-oriented architecture (SOA). ‘Geneva’ is available for developers today and includes three platform components for enabling claims-based access: ‘Geneva’Framework for .NET developers, ‘Geneva’ Server for IT Pros, and Windows CardSpace ‘Geneva’ for users. These beta releases and additional information can be accessed on the Microsoft Connect site: http://go.microsoft.com/fwlink/?LinkId=122266.
Microsoft’s single identity model adds Microsoft Services Connector and .NET Access Control Service in the cloud (supporting Azure, the recently announced cloud version of Windows) which are both built on “Geneva” technology and share the same claims architecture to enable a seamless experience that bridges on-premises and cloud environments. Together, these components form a flexible system for developers to harness, making any connected application easier to build, more secure, and less expensive for their customers to own.
Microsoft also announced other “Geneva wave” capabilities for Microsoft’s Live applications and Azure offerings. A new Microsoft Federation Gateway is fully compatible with Geneva and based on the same open standards and protocols, so it can federate with the Microsoft Services Connector, Geneva, or identity solutions from other vendors. Further, all Live IDs will now serve as OpenIDs, adding 400 million accounts to the network of OpenID identities.
Since there are many different and inconsistent user access technologies to choose from (for example Kerberos, X.509, LDAP, SAML), developers today must code their choice into each application with unique logic. This makes it expensive and complex to implement and manage applications with the goal of providing secure user access to heterogeneous systems as each application exists in its own user access technology ‘silo’. “Geneva” helps IT efficiently deploy and manage new applications by reducing custom implementation work, consolidating access management in the hands of IT, helping establish a consistent security model, and facilitating seamless collaboration between organizations with automated federation tools. To maximize administrative efficiency “Geneva” automates federation trust configuration and management using the new harmonized federation metadata format (based on SAML 2.0 metadata) that was recently adopted by the WSFED TC.
‘Geneva’ Server supersedes Active Directory Federation Services to offer customers the flexibility of browser based Web Single Sign-On and Federation using either the WS-Federation passive protocol or the Web SSO Profile of the SAML 2.0 protocol. ‘Geneva’ Server also provides Managed Information Card support for both Windows CardSpace v1 and Windows CardSpace ‘Geneva’.