For software developers, working with identity management isn’t a piece of cake. A developer needs to decide which identity technology to use for a particular application. If the application will be accessed in different ways, such as within an organization, across different organizations and via the public internet, one identity technology might not be enough. Next, the developer needs to figure out how to retrieve the identity information (e.g. job title, salary, favorite color etc.) from different locations (directory services, SAP database etc.).
Sounds complex and it is complex. Why not create a single interoperable approach to identity that works in pretty much every situation? Why making the applications hunt for identity information, why not make sure, that this single approach lets users supply each application with the identity information it requires?
Claims-based identity achieves both of these goals. It provides a common way for applications to acquire the identity information they need from the users inside their organization, in other organizations and on the internet. This is making the lives of developers significantly simpler and can also lower the cost of building and manage applications.
Making claims-based identity real requires developers to understand how and why to create claims-based applications. It also requires some infrastructure software that applications can rely on.
We already implemented some claims-based identity test scenarios, where users could single sign-on and use services across organizations. We used for this tests the forthcoming Microsoft Technologies:
- Active Directory Federation Services 2.0 (formerly known as “Geneva” Server)
- Windows Identity Foundation (formerly known as “Geneva” Framework)
- Windows CardSpace (formerly known as Windows CardSpace “Geneva”)
Thanks to supported standards as WS-Trust, WS-Federation and SAML 2.0 in Microsoft “Geneva” (Beta 2), interoperability will be ensured with identity management solutions from other vendors.