Thursday, November 20, 2008

WS-federation is enabled with 'Geneva' and obviously also SAML V2.0 support

pencil icon, that"s clickable to start editing the post

Yesterday I had the pleasure of attending an Architecture session with Vittorio Bertocci on Identity Management and the Geneva server/Framework. Though he claimed not to be trustworthy since he's both Italian and long-haired, I found it quite the opposite. His presentation was right-paced and with a fine live demo that he handlede greatly with his tablet (envy). It inspired me to ask enough questions that I somehow qualified myself for a copy of his book Understanding Windows CardSpace: An Introduction to the Concepts and Challenges of Digital Identities, which he unfortunately didn't have with him!

The talk was on all the Geneva stuff (earlier Zermatt, not that I knew). My take away was that ws-federation (and ws-trust with it) now had full product support and that MS sees that combined with the claim-thing as a big solver for the architectual complexity of handling identity. There were several questions on SAML V2.0 support, that has had quite a pickup in Denmark. The short answer was that IdP Lite support was there and that SP Lite was expected to follow later. I was disappointed to hear this but today I found a positive source that not only is SP Lite implemented, it has undergone som interoperability tests with Ping and underway is maybe even a conformance test with Liberty - it can all be read in “Geneva” SAML Interop … With a Lot of Help from Our Friends.

I still haven't found time and interest to delve in ws-federation and ws-trust, but it's becoming much more relevant. As for the clash between ws-federation and SAML at Oasis (Federation power fight in the backyard of OASIS) I haven't read or heard anything since but my best bet is that SAML V2.o is here to stay, but that I expect development to happen in lieu of ws-federation, since it's wider and has most of the big players. Also Sun who's had a central part in SAML is diminishing as a player.

There's more info on '/geneva': Identity Management ("Geneva" Simplifies User Access to Applications and Services), but apparently no all information is available yet, since I could not get any of the downloads from Geneva Whitepapers and Datasheet, except blank pages (in any browser). Another good place to look is the coverpages: Microsoft 'Geneva' Framework Supports SAML 2.0, WS-Federation, and WS-Trust.

The best language flower of the day was not from Vittorio, who had a solid but understandable accent, but by the host Rene Løhde that at the start of the session told Vittorio that when it was time for the break he would give him the stare and then he would break him! with Vittorio commenting that it didn't sound nice.

I've noticed that Rene has a related TechTalk next week Identitetshåndtering på nettet med Geneva FX (tidl. Zermatt).