Geneva Manages Your Identity

Posted by Abel Avram on Nov 11, 2008

Sections

Architecture & Design,

Development,

Enterprise Architecture

Topics

.NET ,

SOA ,

Security ,

WS Standards ,

Identity Management ,

Architecture

Tags

WS-Trust ,

WS-Security ,

Microsoft

 Microsoft has released Geneva Beta 1, previously known as Zermatt, an identity management solution which takes the burden of authenticating and authorizing users away from applications. Geneva supports the OASIS WS-Trust specification.

Most applications need to address the issues of user authentication and authorization. This has not always been an easy job, especially when data and access security was at stake. Geneva aims to take all the identity management effort off the applications with a claims based access platform. According to Microsoft, Geneva is useful:

For developers: "Geneva" helps simplify user access for developers by externalizing access logic from applications via claims, and reducing development effort with pre-built security logic and integrated .NET tools.

For IT professionals: "Geneva" helps IT efficiently deploy and manage new applications by reducing custom implementation work, consolidating access management in the hands of IT, helping establish a consistent security model, and facilitating seamless collaboration between organizations with automated federation tools.

For information workers and consumers: Users can benefit from help navigating logins, managing different personas, and controlling how personal information is shared.

Geneva includes the following three components, according to All About Interop blog:

Geneva Server.  This is a security token service (STS), as defined in the OASIS WS-Trust specification.  This thing issues and transforms claims, manages user access, and enables automated federation.

Geneva Framework.  This is a managed (.NET) Framework that helps developers build claims-aware applications and services, that connect to the STS.  You can use it to process claims on either side of an authorization transaction (requestor or responder).

Windows CardSpace Geneva.  This is just an extension of the CardSpace thing in Windows you know and love today.  chances are, you've seen it, but you don't use it. In a nutshell - CardSpace is a set of Windows features and user-interface that lets users navigate access decisions and control how personal information is used. Everyone has multiple claims as part of their identity: you are a student at UW, you are an employee of BigCorp, you are a member in good standing of a particular club, you have received a particular security clearance, You have a bank account with number 4444-444-44 at BigBank, etc. CardSpace lets you decide which of the manyclaims you can make about your identity, to disclose to a particular service or server. Rather than disclosing "everything" about you to every server or service, you disclose only what you need to disclose for the particular transaction. That is one aspect of the identity model, and CardSpace is the thing in Windows that makes that possible.

Geneva Beta 1 can be downloaded from Microsoft Connect site. Useful documents: Introducing "Geneva" and Microsoft Code Name "Geneva" Framework Whitepaper for Developers. Geneva supports OASIS WS-Trust, as it does Sun's WSIT and WebSphere App Server v7.0.

1. Back to top

   Open Source equivalent

   by Paul Fremantle

   If you are looking for an Open Source equivalent for Geneva, the WSO2 Identity Solution is also:
   * An WS-Trust STS (Secure Trust Service)
   * Supports SAML tokens
   * Is an Identity Provider (IdP) for both Infocard and OpenID
   * Includes Relying Party components for both OpenID and Infocard - allowing your applications to use WSO2 IS as an identity solution
   * Has a simple web-based management framework
   * Works with its own user store, LDAP or Active Directory
   * Runs on Tomcat and other JEE servers or just standalone
   * Is freely available in Open Source under the Apache License
   
   You can download it here: wso2.org/projects/solutions/identity

   Reply

• Older >