News

Microsoft Releases Second Beta of Geneva

• By Kurt Mackie
• May 11, 2009

Microsoft on Monday launched the second beta of its claims-based identity management server platform, code-named "Geneva."

Microsoft disclosed the availability of the new test release at its Tech-Ed conference being held Los Angeles this week. Geneva Server, previously referred to as the "Zermatt" project, runs a security token service that issues and transforms claims to help manage user identities for authentication. Microsoft announced the first beta of Geneva Server in late October at its Professional Developers Conference (PDC).

Geneva is a critical component in bridging Microsoft's cloud-based Azure Services Platform and its own Active Directory with other federated identity management platforms. "Geneva's our open platform for providing simplified user access to applications and systems, whether they are on-premise or in the cloud," said Brendan Foley, group product manager at Microsoft, in a phone interview.

Geneva Server is one part of Microsoft's identity platform; Microsoft also provides the Geneva Framework to help developers build claims-aware .NET applications and externalize authentication from the application. The other key component of the Geneva platform is Windows CardSpace, part of the .NET 3.5 Framework, which helps users navigate access decisions.

Microsoft is planning to release the final Geneva Server product in the second half of 2009. The release may occur in the fall, near this year's PDC, according to Gerry Gebel, an analyst at the Burton Group. Geneva Framework and CardSpace likely will soon follow the release of Geneva Server, he added.

Geneva faces competition in the market, including a number of open source options. However, if Microsoft makes it easy for users to migrate to the product, "it should have a pretty large impact," Gebel said.

"I think it will have a bigger impact than ADFS [Active Directory Federation Services] did because Geneva does support the SAML [Secure Assertion Markup Language] protocol and the Geneva model is a part of a bigger claims-based authorization philosophy that Microsoft is promoting. And thirdly, it's also a big part of the Azure picture. As Microsoft hosts SharePoint and Exchange, where you can build your own apps using Azure, Geneva is going to be a critical component for creating access to those applications from your on-premises environment," Gebel said.

Beta 2 of Geneva Server includes seven new features, according to Foley. One is a federated document collaboration with SharePoint 2007, which he said makes it easy for end users to securely connect with applications inside and outside the organization without having to deal with extra passwords.

Microsoft also added new templates to Visual Studio that provide developers with pre-built security logic and .NET tools and components.

Thirdly, with Geneva beta 2, developers and administrators can establish a federation between the Geneva Server and the Microsoft Federation Gateway in a one-click process. Identities created on-premises in Active Directory can be extended to various cloud-based services.

Microsoft enabled end-to-end provisioning of information cards in beta 2 of Geneva Server. Administrators can set it up so that anybody going to a federated application will automatically get the CardSpace client. It happens in the background, giving the end user a seamless, single sign-on experience, Foley said.

The beta also supports federated rights management services. A sixth feature is a new claims transformation engine in Geneva Server with extensibility to source claims from Active Directory, SQL and other custom attributes stores.

Lastly, Microsoft expanded SAML support in Geneva Server, adding support in beta 2 for WS-Trust and WS-Federation.

In its bid to show compatibility with other systems and applications that require user authentication, Microsoft said it will participate in interoperability testing with CA Federation Manager, CA SiteMinder; Novell Access Manager; SAP NetWeaver; Sun OpenSSO Enterprise and Fedlet software.

SAP is testing the use of SAML tokens from Geneva Server for connections between Web services and .NET apps. Novell, Sun and CA are similarly enabling interoperability between their identity and access solutions using SAML 2.0 and WS protocols, Foley said.

Microsoft previously collaborated with IBM Tivoli and Shibboleth on Geneva Server interoperability.