The Schwartz Report

Blog archive

Will ADFS 2.0 Boost Cloud Security?

The pending release of Microsoft's Active Directory Federation Services (ADFS) 2.0 is expected to play a key role in simplifying how organizations provide access control to systems and applications, including those running in the cloud.

Microsoft is expected to release ADFS 2.0, the free Windows 2008 Server add-in to Active Directory, this week, as reported. ADFS 2.0 provides claims-based authentication to applications developed with Microsoft's recently released Windows Identity Foundation (WIF).

While ADFS 2.0 give single sign-on to .NET applications built-in WIF and systems running Windows 2008 Server instances, it also extends that authentication to Microsoft's Windows Azure cloud service. But just as important, it provides single sign-on to Windows applications running on other cloud-based services, said Jackson Shaw, Quest Software's senior director of product management.

"ADFS 2.0 is really going to shed the spotlight on federation and cloud services and that's something the industry can use," Shaw said, in a telephone interview from the company's TEC 2010 conference in Los Angeles. "You can put an ADFS 2.0 instance up and use it to connect directly to Google or Salesforce.com. It's fairly straightforward."

Key to ADFS 2.0 is its support for the Security Assertion Markup Language 2.0 (SAML) standard, which is widely supported by cloud providers and ISVs. By allowing Windows and .NET apps to make and exchange SAML-based authentication claims, that removes a key barrier.

While Shaw sees ADFS 2.0 as a key step forward toward improving cloud security, he cautioned it's not a panacea. "Not every single piece of information about what someone can or can't do is stored in Active Directory," Shaw said. "There may be something about my spending authority in the SAP system, for example. What that means is it forces a customer to synchronize more info into Active Directory."

The problem, he explained, is customers may not want to always do that."That's part of the evolution of cloud services we have to go through, and that's why I am excited about ADFS 2.0, because as more and more customers start to use this, these types of difficulties are going to be surfaced," Shaw said.

Not lost on him of course, is the opportunity that presents for third parties like Quest, Ping Identity, Symplify, CA, Novell and others to offer tools to remediate some of these issues.

Keynoting at this year's TEC 2010 was Conrad Bayer, Microsoft's general manger for Identity and Access solutions. Shaw, who attended the keynote, shared a few observations:

  • Directory technologies have all been brought together into one group at Microsoft, which Bayer will oversee. That includes ADFS, Forefront Identity Manager and Rights Management Server. "This is definitely a step in the right direction from the perspective of actual integration across the product line and hopefully some proper integration with Active Directory," Shaw said in a blog posting released just after we spoke.
  • When Bayer polled the audience to see how many were using AFDS, very few raised their hands. "I believe this will change once ADFS v2.0 releases later this year - since ADFS is basically free," Shaw noted.
  • Cardspace 2.0 is not ready, Bayer confirmed. "It doesn't go away but it isn't imminent to be released either," noted Shaw. "They want to add OpenID support and they are working on that along with incorporating it into Internet Explorer."

Are you looking to use ADFS 2.0 in your organization or for your clients?  Drop me a line at jschwartz@1105 media.com.

Posted by Jeffrey Schwartz on April 26, 2010 at 11:59 AM


Featured

  • Microsoft Sweetens Windows 7 Extended Security Updates for E5 Licensees

    In a promotional offer, organizations that have E5 licensing can get a year of free access to Microsoft's Extended Security Updates program for Windows 7.

  • Rollout Begins for HoloLens 2

    Microsoft started shipping the new version of its mixed reality headset, the HoloLens 2, on Thursday.

  • The 2019 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generation of HoloLens, here's what's on tap from Microsoft this year.

  • 2019 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss this year.

RCP Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.