On Wednesday, John Shewchuk gave a presentation at the Microsoft Professional Developer's Conference (PDC05) on Microsoft's approach to Digital Identity.
Session Level(s): 200Session Type(s): BreakoutTop Picks(s): Windows Server LonghornTrack(s): CommunicationsIn this session, we discuss Microsoft's vision for an Identity Metasystem using the industry-developed, interoperable WS-* Web services architecture. The Identity Metasystem was designed to give Internet users a practical sense of safety, privacy, and certainty about who they are relating to in cyberspace. This session discusses the rationale behind the architecture of the metasystem, shows how developers can take advantage of the metasystem, and introduces the components of the Windows implementation including the identity technologies codenamed “InfoCard” and Active Directory Federation Services.
The presentation included what I thought were convincing demos – using “PDC Bits”, meaning the software made available to conference attendees – showing the new InfoCard and Indigo working together. Indigo is the code name for the Windows Communication Foundation – our implementation of Web Services (development environment, deployment framework and runtime). Information is available here.
The new InfoCard bits are not only less visually displeasing (!) than the initial (wireframe) beta, but support what we call “managed cards”, meaning identity relationships with identity provider vendors and operators – independent of any particular platform (e.g. Windows, Linux, Unix, etc). Basically, by implementing a Security Token Service (STS), and then giving a user to whom you are willing to issue tokens a (signed) configuration file, your identity provider can be set up as an InfoCard in the user's Identity Selector. For those unfamiliar with the terminology, an STS is simply a service that implements WS-Trust – anyone can build one, and the PDC bits include an example of a simple Identity Provider STS built using Indigo.
Now we have all the pieces in place that make it is possible for third parties to create metasystem components that plug into the Windows Identity Selector through the Infocard metaphor.
Andy Harjanto then gave a more detailed presentation on Thursday:
Developing Federated Identity Applications Using “InfoCard” and the Windows Communications Foundation (“Indigo”)
Session Level(s): 300Session Type(s): BreakoutTop Picks(s): Windows Server LonghornTrack(s): Communications“InfoCard” is the Windows user experience for managing and submitting identities in the Identity Metasystem, which allows multiple identity technologies to interoperate. This session focuses on “InfoCard's” roles as an Identity Selector and Identity Provider. We look at federated identity scenarios with real-life code and enhance existing Windows Communications Foundation (formerly codename “Indigo”) applications by integrating with InfoCard. Each of the elements in the Identity metatsystem (Identity Provider, Relying Party, Identity Selector, User) are discussed and built. We also create a simple security token service that interops with “InfoCard”.
I thought Andy did a great job – and it was standing room only. An overflow area had to be set up in the hallway.
I'll make both presentations available for readers of this blog. In addition, the software that was distributed to the conference attendees will be available very soon for general download. I'll keep you posted on how to do this.