David Chappell


Get the Feed! Subscribe

Introducing Geneva  
# Wednesday, November 05, 2008
The move to claims-based identity continues. Making this approach real requires infrastructure, however, which the vendors need to provide. Without it, a claims-based world won't materialize.

Microsoft's Geneva technology family provides one example of this infrastructure. First made public at last week's PDC, it has three parts:
  • The Geneva server, which is the next release of Active Directory Federation Services and more
  • CardSpace Geneva, the next release of Windows CardSpace
  • The Geneva framework, providing a foundation for developers to create claims-based applications and other identity-oriented software. (This technology was originally announced under the code name "Zermatt".)
"Geneva" is also a code name, and all of these technologies are still in their initial betas. Still, to help people understand what they're all about, I've written a Microsoft-sponsored Geneva white paper, available here.

I believe that claims-based identity is a terrific idea--it can make life so much simpler both for developers and for the people who use the apps they create. I look forward to a world where this approach is the norm.

3 comments :: Post a Comment



I was wondering how/whether you see OpenID fitting into the picture.

I was also wondering how/whether you see simpler, more RESTful approaches, fitting in with Geneva in the future?

In general, OpenID could be used to authenticate a user to an STS. There's nothing in the claims-based identity world that precludes this, since an STS can do pretty much anything it likes to authenticate users. Still, I think OpenID gets too much attention. It was designed to provide authentication for low-value situations, e.g., blog comments, and so it's just not a terrific choice for more serious scenarios.

And about REST: The only aspect of claims-based identity that relies on SOAP is WS-Trust-based requests to an STS. The token an STS supplies can certainly be sent in a RESTful request. Given this, it's possible that a RESTful approach to requesting tokens from an STS could be agreed on by all of the major vendors--we'll see.

I've heard it said that Geneva will only use OpenID in conjunction with an Info Cards because of its susceptibility to phishing attacks.

I also agree with you David that OpenID gets way to much attention. What's with that? I have had very little success using it to login to various site, so I can't figure out why it is so popular.

Post a Comment

<< Home