Time
• Single paradigm, mature tools, stable design patterns and frameworks• Software developer’s comfort zone• Competing paradigms, no tools, design patterns & frameworks not established
• Architectural responsibilities are greatest
Windows Identity Foundation
Windows Identity Foundation
Windows CardSpace 2.0
Windows CardSpace 2.0
Active Directory Federation Services
2.0
Active Directory Federation Services
2.0
Soft
ware
Serv
ices
Cla
ims-B
ase
d A
ccess
InteroperabilityImproved SecurityImproved Productivity
Windows Live ID
Windows Live ID
Microsoft Federation Gateway
Microsoft Federation Gateway
.NetAccess Control
Service
.NetAccess Control
Service
Application ServerApplication Server
Security Token Security Token ServiceService
End UserEnd User
Claims Claims FrameworFramewor
kk
Your AppYour App
3. R
ead
polic
y
5. Send claims
1. Establish relationship using metadata
2. Read policy
trust
4. G
et c
laim
s
Application ServerApplication Server
““Geneva” Geneva” ServerServer
End UserEnd User
““GenevaGeneva” ”
FrameworFrameworkk
Your AppYour App
3. R
ead
polic
y
5. Send claims
1. Establish relationship using metadata
Active Directory
2. Read policy
trust
4. G
et c
laim
s
WSFAM
SecurityTokenHandler
ClaimsAuthenticationManager
SessionAuthenticationModule
ClaimsAuthorizationManager
Identity must flow across all these boundaries and more. [Reprinted from A Short Introduction to Cloud Platforms, courtesy of
David Chappell]
STS
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.