{"id":1002,"date":"2008-07-09T17:09:50","date_gmt":"2008-07-10T01:09:50","guid":{"rendered":"\/?p=1002"},"modified":"2008-07-09T17:51:35","modified_gmt":"2008-07-10T01:51:35","slug":"getting-down-with-zermatt","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=1002","title":{"rendered":"Getting down with Zermatt"},"content":{"rendered":"<p><img src=\"\/wp-content\/images\/2008\/07\/zermatt.jpg\" alt=\"\" \/><\/p>\n<p>Zermatt is <a href=\"http:\/\/www.zermatt.ch\/index.e.html\">a destination<\/a> in Switzerland, shown above,\u00a0that benefits from what\u00a0Nietzsche\u00a0calls &#8220;the air at high altitudes, with which everything in animal being grows more spiritual and acquires wings&#8221;.<\/p>\n<p>It&#39;s therefore a good code name for\u00a0the new identity application development framework Microsoft has <a href=\"http:\/\/go.microsoft.com\/fwlink\/?LinkId=122266\">just released in Beta form<\/a>.\u00a0 We used to call it IDFX internally\u00a0 &#8211; who knows what it will be called when it is released in final form?\u00a0<\/p>\n<p>Zermatt is what you use to develop interoperable\u00a0identity-aware applications that run on the Windows platform.\u00a0 We are building\u00a0the future versions of\u00a0Active Directory Federation Services (ADFS) with it, and claims-aware Microsoft applications will all use it as a foundation.\u00a0 All capabilities of the platform are open to third party developers and enterprise customers working in Windows environments.\u00a0 Every aspect of the framework\u00a0works over the wire with other products on other platforms.<\/p>\n<p>\u00a0I can&#39;t stress enough how important it is to\u00a0make it easy for application developers to incororate the\u00a0kind of sensible and sophisticated capabilities that\u00a0this framework\u00a0makes available.\u00a0 And everyone should understand that\u00a0our intent is\u00a0for this platform to interoperate <em>fully<\/em> with products and frameworks produced by other vendors and open source projects, and to help the capabilities we are developing to become universal.<\/p>\n<p>I also want to make it clear that this is a beta.\u00a0 The goal is to\u00a0involve our developer community\u00a0in driving this towards final release.\u00a0 The beta\u00a0also makes it easy for other vendors and projects to explore every nook and cranny of our implementation and advise us of problems or work to achieve interoperability.<\/p>\n<p>I&#39;ve been doing my own little project\u00a0using the beta Zermatt framework and will write about\u00a0the experience and share\u00a0my code.\u00a0 As an architect, I can tell you already how happy I am about the extent to which this\u00a0framework realizes the metasystem architecture we&#39;ve worked so hard to define.<\/p>\n<p>The product comes with\u00a0a good <a href=\"https:\/\/connect.microsoft.com\/Downloads\/DownloadDetails.aspx?SiteID=642&amp;DownloadID=12901\">White Paper for Developers<\/a> by Keith Brown\u00a0of Pluralsight.\u00a0 Here&#39;s how\u00a0Zermatt&#39;s main ReadMe sets out the goals of the framework.<\/p>\n<p style=\"PADDING-LEFT: 30px\"><strong>Building claims-aware applications<\/strong><\/p>\n<p style=\"PADDING-LEFT: 30px\">Zermatt makes it easier to build identity aware applications. In addition to providing a new claims model, it provides applications with a rich set of API\u2019s to reason about the identity of a caller using claims.<\/p>\n<p style=\"PADDING-LEFT: 30px\">Zermatt also provides developers with a consistent programming experience whether they choose to build their applications in ASP.NET or in WCF environments.\u00a0<\/p>\n<p style=\"PADDING-LEFT: 30px\"><strong>ASP.NET Controls<\/strong><\/p>\n<p style=\"PADDING-LEFT: 30px\">ASP.NET controls simplify development of ASP.NET pages for building claims-aware Web applications, as well as Passive STS\u2019s.<\/p>\n<p style=\"PADDING-LEFT: 30px\"><strong>Building Security Token Services (STS)<\/strong><\/p>\n<p style=\"PADDING-LEFT: 30px\">Zermatt makes it substantially easier for building a custom security token service (STS) that supports the WS-Trust protocol. These STS\u2019s are also referred to as an Active STS.<\/p>\n<p style=\"PADDING-LEFT: 30px\">In addition, the framework also provides support for building STS\u2019s that support WS-Federation to enable web browser clients. These STS\u2019s are also referred to as a Passive STS.<\/p>\n<p style=\"PADDING-LEFT: 30px\"><strong>Creating Information Cards<\/strong><\/p>\n<p style=\"PADDING-LEFT: 30px\">Zermatt\u00a0includes classes\u00a0that you can use to\u00a0create Information Cards &#8211; as well as STS&#39;s that support them.<\/p>\n<p>There are a whole bunch of samples, and\u00a0for identity geeks they are\u00a0incredibly interesting.\u00a0 I&#39;ll discuss what they do in another post.<\/p>\n<p><strong>Follow the installation instructions!<\/strong><\/p>\n<p>Meanwhile, go ahead and <a href=\"https:\/\/connect.microsoft.com\/Downloads\/Downloads.aspx?SiteID=642\">download<\/a>.\u00a0 I&#39;ll share one word of advice.\u00a0 If you want things to run right out of the digital box, then for now <strong>slavishly<\/strong> follow the installation instructions.\u00a0 I&#39;m the type of person who <em>never<\/em> really looks at the ReadMe&#39;s &#8211; and I was <strong>chastened<\/strong> by the experience of\u00a0not doing what I was told.\u00a0 I went back and behaved, and the experience was flawless, so don&#39;t make the same mistake I did.<\/p>\n<p>For example,\u00a0there is a master installation script in the \/samples\/utilities directory called &#8220;SamplesPreReqSetup.bat&#8221;.\u00a0This is a miraculous piece of work that sets up your machine certs automatically and takes care of a great number of security configuration details.\u00a0 I know it&#39;s miraculous because initially (having skipped the readme) I thought I had to do\u00a0this configuration\u00a0manually.\u00a0 Congratulations to everyone who got this to work.<\/p>\n<p>You will\u00a0also\u00a0find a script in each sample directory that creates the necessary virtual directory for you.\u00a0 You need this because of the way you are expected to use the visual studio debugger.<\/p>\n<p><strong>Using the debugger<\/strong><\/p>\n<p>In order to show\u00a0how the framework really works, the projects all involve at least a couple of aspx pages (for example, one page that acts as a relying party, and another that acts as an STS).\u00a0 So you need the ability to debug\u00a0multiple pages at once.<\/p>\n<p>To do this, you run the pages from a virtual directory as though they were &#8220;production&#8221; aspx pages.\u00a0 Then you attach your debugger to the w3wp.exe process (under debug, select &#8220;Attach to a process&#8221; and make sure you can see all the processes from all the sessions.\u00a0 &#8220;Wake up&#8221; the w3wp.exe process by opening a page.\u00a0 Then you&#39;ll see it in the list).\u00a0<\/p>\n<p>For now it&#39;s best to compile the applications in the directory where they get installed.\u00a0 It&#39;s possible that if you move the whole\u00a0tree, they can be put somewhere else (I haven&#39;t tried this with my own hands).\u00a0 But if you move a single project, it definitely won&#39;t work unless you tweak the virtual directory configuration yourself (why bother?).<\/p>\n<p><strong>Clear samples<\/strong><\/p>\n<p>I found the samples very clear, and uncluttered with a lot of &#8220;sample decoration&#8221; that makes it hard to understand the main high level\u00a0points.\u00a0 Some of the samples have a number of components working together &#8211; the delegation sample is totally amazing &#8211; and yet it is easy, once you run the sample, to understand how the pieces fit together.\u00a0 There could be more documentation and\u00a0this will appear as the beta progresses.\u00a0<\/p>\n<p>The Zermatt team is really serious about collecting questions, feedback and suggestions &#8211; and responding to them.\u00a0 I hope that if you are a developer interested in identity you&#39;ll take a look and send your feedback &#8211; whether you are primarily a Windows developer or not.\u00a0 After all, our goal remains the Identity Big Bang, and getting identity deployed and cool applications written on all the different platforms.\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I found the samples very clear, and uncluttered with a lot of &#8220;sample decoration&#8221;<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[67,37,19,32,8,7,4],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1002"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1002"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1002\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1002"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1002"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1002"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}