News

Microsoft Set To Release ADFS 2.0

Microsoft is expected to release Active Directory Federation Services 2.0, a key add-in to Windows Server 2008 that promises to simplify single sign-on authentication to multiple systems and the company's cloud-based portfolio.

ADFS 2.0 (formerly code-named "Geneva"), which provides claims-based authentication to applications developed with Microsoft's recently released Windows Identity Foundation (WIF), will be available "in any day," said J.G. Chirapurath, senior director in Microsoft's Identity and Security Business Group, in an interview.

Microsoft's claims-based Identity Model, implemented in the Windows Communication Foundation of the .NET Framework, presents authentication schema such as identification attributes, roles, groups and policies and a means of managing those claims, as tokens. Applications built by enterprise developers and ISVs based on WIF will also be able to accept these tokens.

ADFS 2.0 likely will prove important to Microsoft's overall cloud computing vision. Several Microsoft officials and outside observers believe that as enterprise customers, ISVs and software-as-service providers add ADFS 2.0 to their Windows Server environments, it will remove a key barrier to those reluctant to deploy their apps to the cloud.

Pass-through authentication in ADFS 2.0 is enabled by accepting tokens based on both the Web Services Federation (WSFED) and Security Assertion Markup Language (SAML) standards. While Microsoft has long promoted WSFED, it only agreed to support the more widely adopted SAML spec 18 months ago.

Many enterprises have expressed reluctance to use cloud services, such as Microsoft's Windows Azure, because of security concerns. "Security [issues], particularly identity and the management of those identities, are perhaps the single biggest blockers in achieving that nirvana of cloud computing," Chirapurath said.

Because ADFS 2.0 is built into Windows Azure, organization can now offer claims-based tokens that will work with both Windows Server 2008 and Microsoft's cloud-based services, enabling hybrid cloud scenarios. A user can authenticate to Azure or Windows Server and WIF-enabled applications using InfoCards built into Windows 7.

"Just like e-mail led to the explosive use of Active Directory, Active Directory Federation Services will do the same for the cloud," Chirapurath said.

Danny Kim, CTO of Boston-based Microsoft Certified Gold Partner FullArmor, who has stress-tested ADFS 2.0, said it is ready for production.

"ADFS 2.0 does the linking of identities back to our server space and our cloud-based services and we have one version that works across all of those environments," Kim said. One major financial services firm wants to roll it out right away to allow its users to authenticate applications running on FullArmor's Windows Azure-based applications, Kim added.

"This is a security-conscious company that has said unless security is guaranteed, we are not going to deploy these services in the cloud," Kim said. ADFS maps the user's token into Active Directory, which is passed through to other ADFS-enabled systems, he explained.

Still, some argue that may be easier said than done. For example, it remains to be seen how compatible SAML tokens are with those provided by other vendors' platforms, said Patrick Harding, CTO of Ping Identity, which provides its own single sign-on server that works across multiple platforms.

"We have been doing SAML for about four years," said Harding, whose company is both a Microsoft competitor and partner. "We know full well that SAML in the lab and SAML in the real world can be very, very different, especially when you get a lot of SaaS vendors who choose to write their own SAML implementations and there are always nuances with those."

Harding also questioned how quickly the .NET development community will embrace WIF. "While it's a good idea, WIF does require developers to learn from the ground up a brand new paradigm and a brand new development framework for how they need to integrate their apps into ADFS," Harding said.

However, Kim disagreed. "For developers who are familiar with the .NET environment, I don’t think there is a significantly high learning curve," he said.

Those issues aside, Harding acknowledged the release of ADFS 2.0 will likely pave the way for new cloud computing initiatives. "ADFS 2.0 is a big deal because it validates that federated identity management is important; it's going to become a must-have for cloud computing and SaaS computing," he said. "All boats rise with Microsoft and this is going to make people comfortable with the fact that federation is real."

About the Author

Jeffrey Schwartz is editor of Redmond magazine and also covers cloud computing for Virtualization Review's Cloud Report. In addition, he writes the Channeling the Cloud column for Redmond Channel Partner. Follow him on Twitter @JeffreySchwartz.

comments powered by Disqus

Featured

  • Compare New GitHub Copilot Free Plan for Visual Studio/VS Code to Paid Plans

    The free plan restricts the number of completions, chat requests and access to AI models, being suitable for occasional users and small projects.

  • Diving Deep into .NET MAUI

    Ever since someone figured out that fiddling bits results in source code, developers have sought one codebase for all types of apps on all platforms, with Microsoft's latest attempt to further that effort being .NET MAUI.

  • Copilot AI Boosts Abound in New VS Code v1.96

    Microsoft improved on its new "Copilot Edit" functionality in the latest release of Visual Studio Code, v1.96, its open-source based code editor that has become the most popular in the world according to many surveys.

  • AdaBoost Regression Using C#

    Dr. James McCaffrey from Microsoft Research presents a complete end-to-end demonstration of the AdaBoost.R2 algorithm for regression problems (where the goal is to predict a single numeric value). The implementation follows the original source research paper closely, so you can use it as a guide for customization for specific scenarios.

  • Versioning and Documenting ASP.NET Core Services

    Building an API with ASP.NET Core is only half the job. If your API is going to live more than one release cycle, you're going to need to version it. If you have other people building clients for it, you're going to need to document it.

Subscribe on YouTube