If you want to achieve a login user experience like the one shown in the following screenshot, then keep reading… Windows Azure AppFabric Access Control 2.0 has been released last week after one year in the Labs environment and it was officially announced today at MIX. If you haven’t heard about it yet, here is... read more
During the next couple of weeks, Southworks will be presenting together with a Fortune 500 pharmaceutical company a project that we’ve developed during the last couple of months around Claims Based Federated Identity and the Cloud. Hong Choing and Ben Flock from Microsoft DPE are hosting the event in New Jersey and Boston and kindly... read more
I found myself posting more on twitter than my blog. However this deserved a post. The RTM of the guide is finally out there in PDF version. Book content online on MSDN. Book PDF download Final samples download Discuss at Codeplex Looking at my name in the cover of a book together with such a... read more
Eugenio announced yesterday the kickoff of a new guide from patterns & practices in which I’m collaborating: Claims based Authentication & Authorization Guide. This is not a new topic as Eugenio suggests in his blog, but it’s getting more and more attention because: Technology is more mature, hence it’s easier to implement claim-based identity Enterprises... read more
I will go straight to the point in this post. This is a possible architecture if you want to allow OpenID authentication in a claims-aware WS-Federation-compatible web application. In this architecture there are three actors: the web application (aka the relying party) the OpenID provider (myopenid, Google, Yahoo, etc.) the “protocol broker” STS that “translates”... read more
In my last post I talked about an identity roadmap and how we are helping companies to achieve Level 1: Externalizing Authentication. In this first level, we only care about checking the credentials of a user in a Security Token Service and issue a token with a couple of claims. That token will be enough... read more
The following table shows an analogy of identity concepts between a single application and a federated application. The single app has its own identity silo and the federated app relies on an STS (like Geneva Server). I find this analogy useful to explain how things differ from the non-federated non-claim-based world.
During the last couple of months I’ve been helping the Microsoft DPE team (namely Vittorio and Donovan) building the Identity Development Training Kit. It’s been great to work with such knowledgeable guys like them and with one of the best frameworks I’ve ever developed with: Microsoft Geneva Framework. The training kit covers a lot of... read more
UPDATE: the code has been updated to work with WIF RTM. Thanks Nico! Providing the federation metadata for your STS will be very useful when a relying party want to establish a trust relationship with your STS. For instance, the Geneva Framework provides a FedUtil.exe tool that allows you to point to this metadata file... read more
A typical scenario for an ISV that wants to create the "next application in the cloud" will be how to support identity federation with their customers (tenants). A common requirement I’ve heard is: "I want to enable single sign on and allow enterprises that have their own STS to integrate with us. For companies that... read more
