BT
x Your opinion matters! Please fill in the InfoQ Survey about your reading habits!

Geneva Manages Your Identity

by Abel Avram on Nov 11, 2008 |

 Microsoft has released Geneva Beta 1, previously known as Zermatt, an identity management solution which takes the burden of authenticating and authorizing users away from applications. Geneva supports the OASIS WS-Trust specification.

Most applications need to address the issues of user authentication and authorization. This has not always been an easy job, especially when data and access security was at stake. Geneva aims to take all the identity management effort off the applications with a claims based access platform. According to Microsoft, Geneva is useful:

For developers: "Geneva" helps simplify user access for developers by externalizing access logic from applications via claims, and reducing development effort with pre-built security logic and integrated .NET tools.

For IT professionals: "Geneva" helps IT efficiently deploy and manage new applications by reducing custom implementation work, consolidating access management in the hands of IT, helping establish a consistent security model, and facilitating seamless collaboration between organizations with automated federation tools.

For information workers and consumers: Users can benefit from help navigating logins, managing different personas, and controlling how personal information is shared.

Geneva includes the following three components, according to All About Interop blog:

Geneva Server.  This is a security token service (STS), as defined in the OASIS WS-Trust specification.  This thing issues and transforms claims, manages user access, and enables automated federation.

Geneva Framework.  This is a managed (.NET) Framework that helps developers build claims-aware applications and services, that connect to the STS.  You can use it to process claims on either side of an authorization transaction (requestor or responder).

Windows CardSpace Geneva.  This is just an extension of the CardSpace thing in Windows you know and love today.  chances are, you've seen it, but you don't use it. In a nutshell - CardSpace is a set of Windows features and user-interface that lets users navigate access decisions and control how personal information is used. Everyone has multiple claims as part of their identity: you are a student at UW, you are an employee of BigCorp, you are a member in good standing of a particular club, you have received a particular security clearance, You have a bank account with number 4444-444-44 at BigBank, etc. CardSpace lets you decide which of the manyclaims you can make about your identity, to disclose to a particular service or server. Rather than disclosing "everything" about you to every server or service, you disclose only what you need to disclose for the particular transaction. That is one aspect of the identity model, and CardSpace is the thing in Windows that makes that possible.

Geneva Beta 1 can be downloaded from Microsoft Connect site. Useful documents: Introducing "Geneva" and Microsoft Code Name "Geneva" Framework Whitepaper for Developers. Geneva supports OASIS WS-Trust, as it does Sun's WSIT and WebSphere App Server v7.0.

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Open Source equivalent by Paul Fremantle

If you are looking for an Open Source equivalent for Geneva, the WSO2 Identity Solution is also:
* An WS-Trust STS (Secure Trust Service)
* Supports SAML tokens
* Is an Identity Provider (IdP) for both Infocard and OpenID
* Includes Relying Party components for both OpenID and Infocard - allowing your applications to use WSO2 IS as an identity solution
* Has a simple web-based management framework
* Works with its own user store, LDAP or Active Directory
* Runs on Tomcat and other JEE servers or just standalone
* Is freely available in Open Source under the Apache License

You can download it here: wso2.org/projects/solutions/identity

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

1 Discuss

Educational Content

General Feedback
Bugs
Advertising
Editorial
InfoQ.com and all content copyright © 2006-2014 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT