News

Microsoft Renames 'Geneva' ID Management Solutions

• By Kurt Mackie
• July 16, 2009

Microsoft announced product names for its latest claims-based identity management server platform, dropping the "Geneva" code name.

The Geneva platform (once known as project "Zermatt") consists of three components, and Microsoft unveiled relatively straightforward product names for each. The name switch was announced on Monday at the Microsoft Worldwide Partner Conference in New Orleans.

Geneva Server will be called "Active Directory Federation Services" (ADFS). Essentially, ADFS is the same name used for Microsoft's current single sign-on federation product that's part of Windows Server 2003 R2 and Windows Server 2008.

The Geneva Framework used by developers will be called "Windows Identity Foundation" (WIF). Finally, Windows CardSpace, which helps with the management of access identities, will retain its same name.

Version numbers for the products will be announced later, according to the Vibro.NET Microsoft blog. The blog also emphasized the importance of elevating WIF as a .NET platform for developers.

"This is a Big Deal for developers on the .NET platform, and I want to make sure to give it as much visibility as I can," the blog states. "We claims tinkerers are now recognized first-class citizens in .NET, and it feels good."

Microsoft is planning to release the new ADFS product in the second half of 2009, and it will be available as part of Windows licensing. Geneva Server is currently available as beta 2, and was released in May.

Possibly, the ADFS product will be released in time for Microsoft's Professional Developers Conference in November, with WIF and CardSpace following soon after, according to Gerry Gebel, an analyst at the Burton Group.

The ADFS platform is important for Microsoft because it will be used to establish connections with Microsoft's Windows Azure platform, supporting hosted applications such as SharePoint Online and Exchange Online, Gebel explained.

The two biggest features of ADFS will be its claims-transform capability and its use of federation metadata, according to Donovan Follette, senior technical evangelist on Microsoft's Identity and Access technologies. The use of federation metadata makes it possible to configure relationships that used to take extra coding to establish.

"Flexibility with claims is the biggest shift that ADFS developers have to get their minds around," Follette explained, in a Microsoft Channel 9 video.

Microsoft changed some of the nomenclature with the new ADFS product. "Account partners" in the old version are now called "identity providers," Follette said. "Resource partners" are now called "relying parties" because they rely on a token that ADFS will provide to them. The use of the "applications" term disappears in ADFS because they are just considered to be another form of relying parties. Lastly, "organizational claims" or mappings will become "rules" in ADFS.

Developers will be able to use PowerShell to automate setups for relying parties (or applications), Follette explained. You can also use PowerShell to place rules, he said.

The new ADFS product will be interoperable with earlier versions of that server, Follette said. It will support the same SAML and WS protocols as the earlier version, but adds token support for SAML 2.0, he added.