And single-sign on is a natural outcome, as the user is logging into a central identity provider in order to access a group of applications. Upgrading applications to use stronger authentication no longer requires touching each individual application only the identity provider needs to be changed. Application developers are no longer responsible for figuring out where to get identity attributes for users, or for learning the myriad of APIs required to gather those attributes.
APPTRENDS PERSONALIZATION WINDOWS
Zermatt works with both browser-based Web apps and Windows Communication Foundation services.Īn identity provider hides complications for example, user e-mail addresses may be stored in an enterprise directory, while user roles are stored in a SQL database. Any bugs in this identity logic can be fixed in one place, and all applications that rely on the identity provider immediately reap the benefits. Because queries to enterprise directories are now centralized in an identity provider, they can be easily optimized for performance, and it's much less likely that mistakes will be made. The identity provider can be written and maintained by an individual or a team with intimate knowledge of the central user stores. Offloading authentication into an identity provider leads to many benefits for applications. Claims are essentially name-value pairs, and as long as the application and its identity provider agree on what each claim means, the content of a claim can be as sophisticated as needed. Claims can also include authorization details such as groups, roles or capabilities. Claims could include personalization details such as the user's first and last name or an e-mail address, enabling the application to send e-mail notifications to the user. These claims are packaged in a security token that's digitally signed by the identity provider. NET version 3.5 library-that makes it easy for Web developers to adopt a claims-based approach to identity.Ī central tenet of this identity model is that each application should not be doing its own authentication rather, the application should rely on an external system-an identity provider-to gather identity attributes about the user and supply claims to the application that are directly useful. Microsoft's answer to this problem came last month when the company released the first beta of a set of class libraries code-named "Zermatt." Zermatt is a new identity framework from Microsoft-packaged as a.
As a result, provisioning and maintaining these databases is expensive, and users are burdened with accessing numerous systems. Consequently, each application often ends up with its own plumbing for authentication, usually accompanied by a private user account database or directory that stores names and passwords for users. Responsibility for implementing authentication, authorization, auditing and personalization into applications has traditionally belonged to Web developers, even though they often lack security expertise and training. Simplifying identity with Microsoft's 'Zermatt' class libraries.