{"id":1024,"date":"2008-11-06T19:09:22","date_gmt":"2008-11-07T03:09:22","guid":{"rendered":"\/?p=1024"},"modified":"2008-11-06T19:42:47","modified_gmt":"2008-11-07T03:42:47","slug":"project-geneva-part-4","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=1024","title":{"rendered":"Project Geneva &#8211; Part 4"},"content":{"rendered":"<p><em>[This is the fourth installment of a presentation I gave to Microsoft developers at the <\/em><a href=\"http:\/\/www.microsoftpdc.com\/\" class=\"broken_link\"><em>Professional Developers Conference (PDC 2008) <\/em><\/a><em>in Los Angeles. It starts <\/em><a href=\"\/?p=1019\"><em>here<\/em><\/a><em>.]<\/em><\/p>\n<p><img loading=\"lazy\" class=\"alignright\" style=\"FLOAT: right\" src=\"\/wp-content\/images\/2008\/10\/access_control_service.jpg\" alt=\"\" width=\"283\" height=\"297\" \/>We have another announcement that really drives home the flexibility of claims.<\/p>\n<p>Today we are announcing a Community Technical Preview (CTP) of the .Net Access Control Service, an STS that issues claims for access control. I think this is especially cool work since it moves clearly into the next generation of claims, going way beyond authentication. In fact it is a <strong>claims transformer<\/strong>, where one kind of claim is turned into another.<\/p>\n<p>An application that uses \u201cGeneva\u201d can use ACS to externalize access control logic, and manage access control rules at the access control service.\u00a0 You just configure it to employ ACS as a claims provider, and configure ACS to generate authorization claims\u00a0derived from the\u00a0claims that are presented to it.\u00a0<\/p>\n<p>The application can federate directly to ACS to do this, or it can federate with a \u201cGeneva\u201d Server which is federated with ACS.<\/p>\n<p>ACS federates with the Microsoft Federation Gateway, so it can also be used with any customer who is already federated with the Gateway.<\/p>\n<p>The .Net Access Control Service was built using the \u201cGeneva\u201d Framework.\u00a0 Besides being useful as a service within Azure, it is a great example of the\u00a0kind of service any other\u00a0application developer could create using the Geneva Framework.<\/p>\n<p>You might wonder \u2013 is there a version of ACS I can run on-premises?\u00a0\u00a0 Not today, but these capabilities will\u00a0be delivered in the future\u00a0through \u201cGeneva\u201d.<\/p>\n<p><strong>Putting it all together<\/strong><\/p>\n<p>Let me summarize our discussion so far, and then\u00a0conjure up\u00a0<a href=\"http:\/\/blogs.msdn.com\/vbertocci\">Vittorio Bertocci<\/a>, who will present a demo of many of these components working together.<\/p>\n<ul>\n<li>The claims-based model is a unified model for identity that puts users firmly in control of their identities.<\/li>\n<li>The model consists of a few basic building blocks can be put together to handle virtually any identity scenario.<\/li>\n<li>Best of all, the whole approach is based on standards and works across platforms and vendors.<\/li>\n<\/ul>\n<p>Let\u2019s return to why this is useful, and to my friend <a href=\"\/?p=1019#turbulence\">Joe<\/a>.\u00a0 Developers no longer have to spend resources trying to handle all the demands their customers will make of them with respect to identity in the face of evolving technology. They no longer have to worry about where things are running. They will get colossal reach involving both hundreds of millions of consumers and corporate customers, and have complete control over what they want to use and what they don\u2019t.<\/p>\n<p>Click on <a href=\"http:\/\/channel9.msdn.com\/pdc2008\/BB11\/\">this link<\/a> &#8211; then skip ahead about 31 Minutes\u00a0&#8211; and my friend Vittorio will take you on a whirlwind tour showing all the flexibility you get by giving up complexity and programming to a simple, unified identity model putting control in the hands of its users.\u00a0 Vitorrio will also be <a href=\"http:\/\/blogs.msdn.com\/vbertocci\">blogging <\/a>in depth about the demo over the next little while.\u00a0 [If your media player doesn&#39;t accept WMV but understands MP4, try <a href=\"Ipod: http:\/\/mschnlnine.vo.llnwd.net\/d1\/pdc08\/MP4\/BB11.mp4\">this link<\/a>.]<\/p>\n<p><a href=\"http:\/\/channel9.msdn.com\/pdc2008\/BB11\/\"><img loading=\"lazy\" src=\"\/wp-content\/images\/2008\/10\/vitorio_demo.jpg\" alt=\"\" width=\"540\" height=\"383\" \/><\/a><\/p>\n<p>In the next <em>(and thankfully final!<\/em>) installment of this series, I&#39;ll talk about the need for flexibility and granulartiy when it comes to trust, and a matter very important to many of us &#8211; support for OpenID.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The new Azure Access Control Service &#8211; and a demo of how all the pieces fit together<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[67,37,10,2,8,42],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1024"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1024"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1024\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1024"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1024"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1024"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}