Wednesday, July 09, 2008 - Posts

• Introducing Microsoft Code Name Zermatt

  For a couple of years now, I've been giving talks about "claims-based identity", and "claims-aware applications". The most concrete example of a claims-based identity architecture that I've been able to show so far is Active Directory Federation Services v1 (ADFS) and Windows CardSpace. And the claims programming model I've been using is the one that shipped with WCF in the System.IdentityModel assembly. But today I'm happy to announce that there's a new path forward in the claims world. Zermatt is the "identity framework" that I've been itching to talk about, but until today, hasn't been announced publicly. Well, Vittorio just made the announcement just a moment ago, and now you can get your hands on this new framework. With it, you can build web applications and services that rely on claims to discover identity details about users. And you can easily build a security token service (STS) that supplies those claims. Zermatt makes this possible by supplying all of the plumbing that implements WS-Trust (for web services) and WS-Federation (for browser-based web applications). All you have to do is figure out what claims you want to issue based on what you know about the user and what you know about the application (aka relying party). I was fortunate to be asked by the team to write the white paper introducing Zermatt to developers. You can download it here. The paper introduces the ideas behind claims-based identity, and talks about how you can use Zermatt to centralize authentication (and to some degree, authorization) in an STS, thus making it easy to achieve single sign on in your applications, and even be ready to federate with other organizations or platforms should that need arise. Here are some highlights of what you'll find in Zermatt: Zermatt includes a new claims programming model, with IClaimsPrincipal and IClaimsIdentity, two new interfaces that extend the existing IPrincipal and IIdentity that you already know and love from the .NET Framework. IClaimsIdentity adds a collection of claims. Zermatt's claims programming model is in many ways simpler than that in WCF - the Claim class exposes the value of claims as strings (always) and calls the value of a claim "Value", instead of "Resource" as WCF did. But the model is also more sophisticated - multi-hop delegation is supported, so one user can "Act As" another user, and the relying party will see the entire Read More... Posted Wednesday, July 09, 2008 4:27 PM from Security Briefs | 0 Comments Filed under: Security, Identity, Geek talk

• Welcome, David Starr

  One of the main reasons that Fritz , Aaron , and I wanted to create this company was to provide a home for people who love to teach. We didn't want to build an empire, and we weren't out to get rich. We just wanted a place where we could comfortably practice what we love to do: giving software developers a boost - watching that light go on over their heads when a new concept becomes clear. We love to teach, and it's always exciting to find talented individuals who share that passion. David Starr is one of those people. I've seen him in action, and not only does he have a lot of very practical experience from the trenches, but he also has a clear ability to convey his knowledge and experience to his students. It's clearly important to David to connect with his students, and he does so in a way that lets them know that it's all about them - he's not there just to show off his mad skillz (which he has in abundance!) So I'm very excited to welcome David on board as our newest Pluralsight instructor. I apologize for not writing this sooner - we've all been really busy getting the new website out the door. Here's what David had to say . Welcome! Read More... Posted Wednesday, July 09, 2008 9:01 AM from Security Briefs | 0 Comments Filed under: Geek talk

• Information Card Foundation

  Finally there's a home on the Internet for information cards . I've been waiting for this for a long time - a place to point consumers, executives, and developers to learn more about information cards. And it's not just a Microsoft thing. Founding members include Google, PayPal, Novell, and the Liberty Alliance. While the adoption of information cards has been happening at a snail's pace, this collaboration might just change that. And that would be very good for consumers. Read More... Posted Wednesday, July 09, 2008 8:15 AM from Security Briefs | 0 Comments Filed under: Security, Identity, Geek talk