BT

Your opinion matters! Please fill in the InfoQ Survey!

Geneva Manages Your Identity

| by Abel Avram Follow 4 Followers on Nov 11, 2008. Estimated reading time: 2 minutes |

 Microsoft has released Geneva Beta 1, previously known as Zermatt, an identity management solution which takes the burden of authenticating and authorizing users away from applications. Geneva supports the OASIS WS-Trust specification.

Most applications need to address the issues of user authentication and authorization. This has not always been an easy job, especially when data and access security was at stake. Geneva aims to take all the identity management effort off the applications with a claims based access platform. According to Microsoft, Geneva is useful:

For developers: "Geneva" helps simplify user access for developers by externalizing access logic from applications via claims, and reducing development effort with pre-built security logic and integrated .NET tools.

For IT professionals: "Geneva" helps IT efficiently deploy and manage new applications by reducing custom implementation work, consolidating access management in the hands of IT, helping establish a consistent security model, and facilitating seamless collaboration between organizations with automated federation tools.

For information workers and consumers: Users can benefit from help navigating logins, managing different personas, and controlling how personal information is shared.

Geneva includes the following three components, according to All About Interop blog:

Geneva Server.  This is a security token service (STS), as defined in the OASIS WS-Trust specification.  This thing issues and transforms claims, manages user access, and enables automated federation.

Geneva Framework.  This is a managed (.NET) Framework that helps developers build claims-aware applications and services, that connect to the STS.  You can use it to process claims on either side of an authorization transaction (requestor or responder).

Windows CardSpace Geneva.  This is just an extension of the CardSpace thing in Windows you know and love today.  chances are, you've seen it, but you don't use it. In a nutshell - CardSpace is a set of Windows features and user-interface that lets users navigate access decisions and control how personal information is used. Everyone has multiple claims as part of their identity: you are a student at UW, you are an employee of BigCorp, you are a member in good standing of a particular club, you have received a particular security clearance, You have a bank account with number 4444-444-44 at BigBank, etc. CardSpace lets you decide which of the manyclaims you can make about your identity, to disclose to a particular service or server. Rather than disclosing "everything" about you to every server or service, you disclose only what you need to disclose for the particular transaction. That is one aspect of the identity model, and CardSpace is the thing in Windows that makes that possible.

Geneva Beta 1 can be downloaded from Microsoft Connect site. Useful documents: Introducing "Geneva" and Microsoft Code Name "Geneva" Framework Whitepaper for Developers. Geneva supports OASIS WS-Trust, as it does Sun's WSIT and WebSphere App Server v7.0.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Open Source equivalent by Paul Fremantle

If you are looking for an Open Source equivalent for Geneva, the WSO2 Identity Solution is also:
* An WS-Trust STS (Secure Trust Service)
* Supports SAML tokens
* Is an Identity Provider (IdP) for both Infocard and OpenID
* Includes Relying Party components for both OpenID and Infocard - allowing your applications to use WSO2 IS as an identity solution
* Has a simple web-based management framework
* Works with its own user store, LDAP or Active Directory
* Runs on Tomcat and other JEE servers or just standalone
* Is freely available in Open Source under the Apache License

You can download it here: wso2.org/projects/solutions/identity

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

1 Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT