BT

Your opinion matters! Please fill in the InfoQ Survey!

New Patterns & Practices Project – Claims Based Authentication & Authorization Guide

| by Jon Arild Tørresdal Follow 0 Followers on Aug 13, 2009. Estimated reading time: 2 minutes |

The Patterns & Practices team announced a newly started project for developing a new guide called "Claims Based Authentication & Authorization Guide". This guide will give best practices on how to implement "Geneva", Microsoft's attempt to simplify user access and single sign-on based on claims.

The "Geneva" framework (currently in beta 2) contains three components newly named: Active Directory Federation Services, Windows Identity Foundation and Windows Cardspace (same as before). Microsoft describe "Geneva" as:

…Microsoft’s user access platform for developers and IT professionals that helps simplify access to applications and other systems with an open claims-based model.  “Geneva” helps simplify user access for developers by externalizing user access from applications via claims and reducing development effort with pre-built security logic and integrated .NET tools. “Geneva” helps IT efficiently deploy and manage new applications by reducing custom implementation work, centralizing and standardizing access management across the enterprise, helping establish a consistent security model, and facilitating seamless collaboration between organizations.

The P&P project only started two weeks ago, so the information available is limited. However, two of the team members (Eugenio Pace and Matias Woloski) have published a scenario "tube map" of what they plan to cover:

Claim-Based Guide Map

The guide is split into two tracks: one for the Enterprise and one for Independent Software Vendors (ISV's).

Matias gives some more details on the different tracks:

…the Enterprise track approaches the federated identity problem from the point of view of a company with many applications that wants to implement SSO and Federation. The main stations are SSO (within the enterprise), Federation (with partners), SOAP Web Services (and flow of identity across services), SSO with a third party cloud app…

ISV track on the other hand tackle the problem from the perspective of an ISV that wants to offer an application as a service (think about Salesforce or Dynamics CRM Online as the canonical examples). In this track we start by explaining how to implement federated identity for a cloud application. Then we show how to automate federation to on board new customers. We also show things like exposing a REST API and how that plays with claims; how to integrate with LiveID (or OpenID) for small customers that don’t have an Identity Provider in place; and we end up explaining how to do auditing/billing with claims.

Other members of the team include Dominick Baier, Vittorio Bertocci, Keith Brown and David Hill.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT