Monday, November 24, 2008

The "Geneva" Identity Framework

The "Geneva Framework" is a framework for building identity-aware applications. It contains functionality for incorporating Information Cards into an ASP.NET web site. The framework abstracts the WS-Trust and WS-Federation protocols and presents to developers an API for building security token services and identity providers. Applications can use the framework to process tokens issued from security token services and make identity-based decisions at the web application or web service.

Major Features

Build claims-aware applications
“Geneva” Framework helps developers build claims-aware applications. In addition to providing a new claims model, it provides applications with a rich set of API’s to help applications make user access decisions based on claims.
“Geneva” Framework also provides developers with a consistent programming experience whether they choose to build their applications in ASP.NET or in WCF environments.

ASP.NET Controls
ASP.NET controls simplify development of ASP.NET pages for building claims-aware Web applications, as well as Passive STS’s.

Translate between claims and NT tokens
“Geneva” Framework includes a windows service, named “Geneva” Claims to NT Token Service, that acts as a bridge between claims-aware applications and NT token based applications. It provides developers with an easy way to convert claims to NT-Token identity and makes it possible to access the resources that require NT-Token based identity from a claims-aware application.

Issue managed information cards
“Geneva” Framework offers InformationCard control that makes it easier for enabling information cards (for example: Windows CardSpace ““Geneva””) login in existing ASP.Net applications.

Easy provisioning of claims-aware application with a STS
“Geneva” Framework provides a utility, named FedUtil, to allow easy provisioning of claims-aware applications with an STS, for example: ““Geneva”” Server STS, LiveID STS.

Build identity delegation support into claims-aware applications
“Geneva” Framework offers the capability, referred as ActAs functionality, of maintaining the identities of original requestors across the service boundaries. This capability offers developers the ability to add identity delegation support into their claims-aware applications.

Build custom security token services (STS)
“Geneva” Framework makes it substantially easier to build a custom security token service (STS) that supports the WS-Trust protocol. These STS’s are also referred to as an Active STS.
In addition, the framework also provides support for building STS’s that support WS-Federation to enable web browser clients. These STS’s are also referred to as a Passive STS.

Major Scenarios
· Federation
“Geneva” Framework makes it possible to build federation between two or more partners. Its functionality offerings on building claims-aware applications (RP) and custom security token services (STS) help developers achieve this scenario.

· Identity Delegation
“Geneva” Framework makes it easy to maintain the identities across the service boundaries so that developers can achieve identity delegation scenario.

· Step-up Authentication
Authentication requirements for different resource access within an application may vary. “Geneva” Framework provides developers the ability to build applications that can require incremental authentication requirements (for example: initial login with Username/Password authentication and then step-up to Smart Card authentication).

No comments: