{"id":1021,"date":"2008-11-01T12:30:18","date_gmt":"2008-11-01T20:30:18","guid":{"rendered":"\/?p=1021"},"modified":"2008-11-01T23:21:43","modified_gmt":"2008-11-02T07:21:43","slug":"project-geneva-part-3","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=1021","title":{"rendered":"Project Geneva – Part 3"},"content":{"rendered":"

[This is the third installment of a presentation I gave to Microsoft developers at the <\/em>Professional Developers Conference (PDC 2008) <\/em><\/a>in Los Angeles. It starts <\/em>here<\/em><\/a>.]<\/em><\/p>\n

\"\"Microsoft also operates one of the largest Claims Providers in the world – our cloud identity provider service, Windows Live ID.<\/p>\n

It plays host to more than four hundred million consumer identities.<\/p>\n

In the Geneva wave, Live ID will add \u201cmanaged domain\u201d services for sites and customers wanting to outsource their identity management.\u00a0 With this option, Live would\u00a0take care of identity operations\u00a0but the sign in\/sign up UX can be customized to fit the look of your site.<\/p>\n

But in what I think is\u00a0an especially\u00a0exciting evolution, Live IDs also get access to our cloud applications and developer services via the gateway, and are now part of the same open, standards-based architecture\u00a0that\u00a0underlies\u00a0the rest of the Geneva Wave.<\/em><\/p>\n

Microsoft Services Connector<\/strong><\/p>\n

Some customers may want to take advantage of Microsoft\u2019s cloud applications, hosting, and developer services –\u00a0and have Active Directory – but not be ready to start federating with others.<\/p>\n

\"\"We want to make it very easy for people to use our cloud applications and developer services without having to make any architectural decisions.\u00a0 So for that audience, we have built a fixed function server to federate Active Directory directly to the Microsoft Federation Gateway.<\/p>\n

This server is called the Microsoft Services Connector (MSC).\u00a0\u00a0 It was built on Project Geneva technology.<\/p>\n

Since it\u2019s optimized for accessing Microsoft cloud applications it manages a single trust relationship with the Federation Gateway.\u00a0 Thus most of the configuration is fully automated.\u00a0 We think the Microsoft Services Connector will allow many enterprises to start working with federation in order to get access to our cloud, and that once they see the benefits, they\u2019ll want to upgrade their functionality to embrace full federation through Geneva Server and multilateral federation.<\/em><\/p>\n

Through the combination of Geneva Framework and Server, Microsoft Services Connector, Live ID, the Microsoft\u00a0Federation Gateway – and the\u00a0ability to use\u00a0CardSpace to protect credentials on the Internet -millions of Live and AD users will have easy, secure, SSO access to our cloud applications and developer services.<\/p>\n

But what about YOUR applications?<\/strong><\/p>\n

\"\"OK.\u00a0 This is all very nice for Microsoft's apps, but how do other application developers benefit?<\/p>\n

Well, since the Federation Gateway uses standard protocols and follows the claims-based model, if you write your application using a framework like \u201cGeneva\u201d,\u00a0you can just plug it into the architecture and\u00a0benefit from secure, SSO access by vast numbers of users – ALL the same users we do.\u00a0 The options open to us are open to you.<\/p>\n

This underlines my conviction that Microsoft has really stepped up to the plate in terms of federation.\u00a0 We haven't simply made it easier for you to federate with\u00a0US in order to consume\u00a0OUR services.\u00a0 We are trying to make you as successful as we can in this amazing new era of identity.\u00a0 The walled garden is down.\u00a0\u00a0We want to move\u00a0forward\u00a0with developers\u00a0in a world not constrained by zero sum thinking.<\/p>\n

Configure your application to accept claims from the Microsoft Federation Gateway and you can receive claims from Live ID and any of the enterprise and government Federation Gateway partners who want to subscribe to your service.\u00a0 Or ignore the MFG and connect directly to other enterprises and other gateways that might emerge.\u00a0 Or connect to all of us.<\/p>\n

Crossing organizational boundaries<\/strong><\/p>\n

If this approach sounds too good to be true, some of you may wonder whether, to\u00a0benefit from Microsoft's identity infrastructure,\u00a0you need to\u00a0jump onto\u00a0our cloud and be trapped there even if you don't like it!<\/p>\n

But the claims-based model moves completely beyond\u00a0any kind of identity lock-in.\u00a0 You can run your application whereever you want – on your customer's premise, in some other hosting environment, even in your garage.\u00a0 You just\u00a0configure it to\u00a0point to\u00a0the Microsoft Federation\u00a0Gateway – or any other STS – as a source of claims.<\/p>\n

\"\"These benefits are a great demonstration of\u00a0how\u00a0well\u00a0the claims model spans organizational boundaries.\u00a0 We really do move\u00a0into a “write once and run anywhere” paradigm.\u00a0<\/p>\n

Do you want choice\u00a0or more choice?<\/strong><\/p>\n

For even more flexibility, you can use\u00a0an enterprise-installed \u201cGeneva\u201d server as your application's claim source, and configure that server to accept claims from a number of gateways and direct partners.<\/p>\n

In the configuration shown here,\u00a0the Geneva\u00a0server\u00a0can accept claims both hundreds of millions of Live ID users and from a partner who federates directly.<\/p>\n

Claims-based access really does mean applications are written once, hosted anywhere.\u00a0 Identity source is a choice, not a limitation.<\/p>\n

You get the ability to move in and out of the cloud at any time and for any reason.<\/p>\n

Even more\u00a0combinations are possible and are just a function of application configuration. It\u2019s a case of \u201cWhere do you want to get claims today?\u201d.\u00a0\u00a0 And the answer is that you are in control.<\/p>\n

In the next installment of this presentation I'll tell you about another service we are announcing – again a claims-based service but this time focussing on authorization.\u00a0\u00a0I'll also\u00a0link to\u00a0the demo, by Vittorio Bertocci, of how all these things fit together.<\/p>\n","protected":false},"excerpt":{"rendered":"

Claims will give you vast “reach” both with consumers and with enterprises. They'll also guarantee choice, making you immune to lock-in. <\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[16,37,43,19,10,8],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1021"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1021"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1021\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1021"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1021"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1021"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}