The Schwartz Report

Blog archive

Will ADFS 2.0 Boost Cloud Security?

The pending release of Microsoft's Active Directory Federation Services (ADFS) 2.0 is expected to play a key role in simplifying how organizations provide access control to systems and applications, including those running in the cloud.

Microsoft is expected to release ADFS 2.0, the free Windows 2008 Server add-in to Active Directory, this week, as reported. ADFS 2.0 provides claims-based authentication to applications developed with Microsoft's recently released Windows Identity Foundation (WIF).

While ADFS 2.0 give single sign-on to .NET applications built-in WIF and systems running Windows 2008 Server instances, it also extends that authentication to Microsoft's Windows Azure cloud service. But just as important, it provides single sign-on to Windows applications running on other cloud-based services, said Jackson Shaw, Quest Software's senior director of product management.

"ADFS 2.0 is really going to shed the spotlight on federation and cloud services and that's something the industry can use," Shaw said, in a telephone interview from the company's TEC 2010 conference in Los Angeles. "You can put an ADFS 2.0 instance up and use it to connect directly to Google or It's fairly straightforward."

Key to ADFS 2.0 is its support for the Security Assertion Markup Language 2.0 (SAML) standard, which is widely supported by cloud providers and ISVs. By allowing Windows and .NET apps to make and exchange SAML-based authentication claims, that removes a key barrier.

While Shaw sees ADFS 2.0 as a key step forward toward improving cloud security, he cautioned it's not a panacea. "Not every single piece of information about what someone can or can't do is stored in Active Directory," Shaw said. "There may be something about my spending authority in the SAP system, for example. What that means is it forces a customer to synchronize more info into Active Directory."

The problem, he explained, is customers may not want to always do that."That's part of the evolution of cloud services we have to go through, and that's why I am excited about ADFS 2.0, because as more and more customers start to use this, these types of difficulties are going to be surfaced," Shaw said.

Not lost on him of course, is the opportunity that presents for third parties like Quest, Ping Identity, Symplify, CA, Novell and others to offer tools to remediate some of these issues.

Keynoting at this year's TEC 2010 was Conrad Bayer, Microsoft's general manger for Identity and Access solutions. Shaw, who attended the keynote, shared a few observations:

  • Directory technologies have all been brought together into one group at Microsoft, which Bayer will oversee. That includes ADFS, Forefront Identity Manager and Rights Management Server. "This is definitely a step in the right direction from the perspective of actual integration across the product line and hopefully some proper integration with Active Directory," Shaw said in a blog posting released just after we spoke.
  • When Bayer polled the audience to see how many were using AFDS, very few raised their hands. "I believe this will change once ADFS v2.0 releases later this year - since ADFS is basically free," Shaw noted.
  • Cardspace 2.0 is not ready, Bayer confirmed. "It doesn't go away but it isn't imminent to be released either," noted Shaw. "They want to add OpenID support and they are working on that along with incorporating it into Internet Explorer."

Are you looking to use ADFS 2.0 in your organization or for your clients?  Drop me a line at [email protected]

Posted by Jeffrey Schwartz on April 26, 2010 at 11:59 AM


  • The 2020 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.

  • Microsoft's Power Platform, Dynamics 365 Get AI Boost with Orions Systems Buy

    Microsoft this week acquired Orions Systems with plans to bring the firm's AI-powered video analysis solutions to the Dynamics 365 and Power Platform products.

  • 2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss. (Now updated with COVID-19-related event changes.)

  • Microsoft Partners with Movial To Bring Android to Surface

    Microsoft is adding more Android expertise to its in-house engineering teams via a deal with Movial, a software engineering and design services company based in Finland.

RCP Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.