When we implemented claim based authorization in LitwareHR, we had to write a lot of code and play with non-trivial configurations (LitwarehR includes 2 STS and all the supporting infrastructure for securing the web services and the callers to them).
Not being a security expert myself, I found the “theory” behind this amazingly simple and powerful, but the “practice” quite complex.
The good news is that all this just got much easier with the release of “Zermatt”:
“Zermatt” is a .NET developer framework and SDK that helps developers build claims-aware applications to address today’s application security requirements using a simplified model that is open and extensible, can improve security, and boosts productivity for developers. Developers can build externalized authentication capabilities for “relying party” applications and build custom “identity providers”, often referred to as Security Token Services (STS). With these components, developers can build applications that meet a variety of business needs more quickly.
Quoting my good friend Peter Provost: “I love deleting code!”. “Zermatt” will allow us to get rid of a ton of "plumbing" code in LitwareHR.
Update: if you look at LitwareHR code, you will see that the approach used is very similar to Zermatt's, so it is great to see that we were on the right direction. Obviously, Zermatt's scope is larger.
Link to the beta: http://go.microsoft.com/fwlink/?LinkId=122266
More info on MSDN: http://msdn.microsoft.com/en-us/security/aa570351.aspx
Maestro Bertocci's blog: http://blogs.msdn.com/vbertocci
Kim Cameron blog: http://www.identityblog.com
Keith Brown blog & article: http://www.pluralsight.com/community/blogs/keith/archive/2008/07/09/introducing-microsoft-code-name-zermatt.aspx
“Zermatt” requires .Net 3.5 to be installed. It has been verified on Windows 2K3 SP2 with IIS 6.0 and Windows Vista SP1 and Windows Server 2008 with IIS 7.0.