Wow, 3 months since my last post… Lots of things happened. We’ve been working with James Conard’s team from Microsoft DPE on the PDC09 keynote demos, specifically the Platform Converge demo (Doug Pourdy) and the VS2010, AppFabric, NET4, WIF demo (by Cameron Skinner, read more in his post). We also helped delivering the training kits... read more
Eugenio announced yesterday the kickoff of a new guide from patterns & practices in which I’m collaborating: Claims based Authentication & Authorization Guide. This is not a new topic as Eugenio suggests in his blog, but it’s getting more and more attention because: Technology is more mature, hence it’s easier to implement claim-based identity Enterprises... read more
I will go straight to the point in this post. This is a possible architecture if you want to allow OpenID authentication in a claims-aware WS-Federation-compatible web application. In this architecture there are three actors: the web application (aka the relying party) the OpenID provider (myopenid, Google, Yahoo, etc.) the “protocol broker” STS that “translates”... read more
Another identity development widget brought to you by Vittorio’s team. This time it’s a very tiny control called SecurityTokenVisualizer that helps debugging claims-aware web applications. But the thing I like of this control is that it can also be used as a teaching tool, very useful for demos by the way. Last week we “dogfooded”... read more
Vittorio just announced it in his blog… we helped writing an experiment of raising the level of abstraction to work against claims. We created a server control that allows you to work with claims. There are three types of expression: Claim Value: set the value of a property with the value of a specified claim... read more
The following table shows an analogy of identity concepts between a single application and a federated application. The single app has its own identity silo and the federated app relies on an STS (like Geneva Server). I find this analogy useful to explain how things differ from the non-federated non-claim-based world.
Couple of months ago Ezequiel posted a summary of a very interesting article published on the Identity issue of the Architecture Journal. This article talked about different patterns on the federated identity world. Last week we had an interesting requirement to solve in a project and this article came to my mind. Specifically one of... read more
This post had a lot of visits so I have updated it to work with Geneva Beta 2 1: public static ClaimsIdentityCollection ToClaimsIdentityCollection(this GenericXmlSecurityToken originalToken, TrustVersion trustVersion, X509Certificate2 signature, X509Certificate2 encryption) 2: { 3: var tokenReader = new StringReader(originalToken.TokenXml.OuterXml); 4: var reader = XmlReader.Create(tokenReader); 5: 6: var privateKeyToken = new X509SecurityToken(encryption); 7: var issuerKeyToken =... read more
During the last couple of months I’ve been helping the Microsoft DPE team (namely Vittorio and Donovan) building the Identity Development Training Kit. It’s been great to work with such knowledgeable guys like them and with one of the best frameworks I’ve ever developed with: Microsoft Geneva Framework. The training kit covers a lot of... read more
UPDATE: the code has been updated to work with WIF RTM. Thanks Nico! Providing the federation metadata for your STS will be very useful when a relying party want to establish a trust relationship with your STS. For instance, the Geneva Framework provides a FedUtil.exe tool that allows you to point to this metadata file... read more
