Microsoft releases second beta of Geneva ID management server
New features include compatibility with SharePoint 2007 and Microsoft Federation Gateway
- By Kurt Mackie
- May 12, 2009
Microsoft has launched the second beta version of its claims-based identity management server platform, code-named Geneva.
The company announced the availability of the new test release at its Tech-Ed North America conference in Los Angeles this week.
The platform’s Geneva Server component, previously referred to as the Zermatt project, runs a security token service that issues and transforms claims to help administrators manage user identities for authentication. Microsoft announced the first beta of Geneva Server in late October at its Professional Developers Conference.
eneva is a critical component of Microsoft's effort to link its cloud-based Azure Services Platform and Active Directory with other federated identity management platforms. "Geneva is our open platform for providing simplified user access to applications and systems, whether they are on-premises or in the cloud," said Brendan Foley, Microsoft’s group product manager, in a phone interview.
The company also provides the Geneva Framework to help developers build claims-aware .NET applications and externalize authentication from the application. The other key component of the Geneva platform is Windows CardSpace, which is part of the .NET 3.5 Framework that helps users navigate access decisions.
Microsoft plans to release the final Geneva Server product in the second half of the year. The release might occur in the fall, around the time of this year's Professional Developers Conference, said Gerry Gebel, an analyst at the Burton Group. Geneva Framework and CardSpace will likely follow soon after, he added.
Geneva faces competition, including a number of open-source options. However, if Microsoft makes it easy for users to migrate to the product, "it should have a pretty large impact," Gebel said.
"I think it will have a bigger impact than [Active Directory Federation Services] did because Geneva does support the [Security Assertion Markup Language] protocol, and the Geneva model is part of a bigger claims-based authorization philosophy that Microsoft is promoting," Gebel said. “And thirdly, it's also a big part of the Azure picture. As Microsoft hosts SharePoint and Exchange, where you can build your own apps using Azure, Geneva is going to be a critical component for creating access to those applications from your on-premises environment.”
Beta 2 of Geneva Server includes seven new features, Foley said. One is federated document collaboration with SharePoint Server 2007, which makes it easy for end users to securely connect to applications inside and outside the organization without having to deal with extra passwords.
Microsoft also added new templates to Visual Studio that provide developers with prebuilt security logic and .NET tools and components.
Furthermore, developers and administrators can now establish a connection between the Geneva Server and the Microsoft Federation Gateway in a one-click process. And identities created on-premises in Active Directory can be extended to various cloud-based services.
In addition, administrators can now specify that anybody accessing a federated application will automatically get the CardSpace client. It happens in the background, giving the user a seamless, single-sign-on experience, Foley said.
The latest beta also supports federated rights management and has a new claims transformation engine that can source claims from Active Directory, SQL and other custom databases.
Lastly, Microsoft expanded support for Security Assertion Markup Language (SAML) in Geneva Server and added support for WS-Trust and WS-Federation.
In a bid to show compatibility with other systems and applications that require user authentication, Microsoft said it will participate in interoperability testing with CA Federation Manager, CA SiteMinder, Novell Access Manager, SAP NetWeaver, and Sun Microsystems’ OpenSSO Enterprise and Fedlet software.
SAP is testing the use of SAML tokens from Geneva Server for connections between Web services and .NET applications. Novell, Sun and CA are similarly enabling interoperability between their identity and access solutions using SAML 2.0 and Web services protocols, Foley said.
Microsoft previously collaborated with IBM Tivoli and Shibboleth on Geneva Server interoperability.