A Guide to Claims based Identity – Released - The strategy behind it and our plans

As most of you know, the Guide for Claims based Identity is officially released. We’ve been “technically done” for a couple months, but it just takes some time for all content to be pushed to MSDN, an ISBN to approved, the final PDF to be ready for publishing and the process with the printer to be started.

So now that this is done I wanted to take an opportunity to share with you the reasons we invested on this guide and our plans moving forward.

There should be little doubt that Microsoft is betting heavily on “the cloud”. We knew this for quite a bit, way before Windows Azure was even called that. So one key question we asked ourselves at that time: what can we do today to help customers prepare for that? And “today” is a very important constraint. Back in June 2009, we knew Azure was coming, but features and implementation details were constantly changing. Investing on Azure specifics, would not have been wise; as the shelf-life of our deliverables would have been very short.

Looking at various scenarios for application development, it became quite clear to us that identity management was pretty basic thing that you had to get it right before considering serious development on the cloud. Especially if you are a company with quite a bit of on-premises investments considering moving some of those to the cloud. And this is a big segment of our customers.

So you take this, you add the fact that key technologies were in the last phase of being released (e.g. WIF and ADFS) and you now see why writing a guide on claims based identity made sense to me…It’d be small, simple deliverable, but a key stepping stone to our work on the cloud.

But there’re always tradeoffs. And the compromise was not to ship anything targeting Azure in 2009. Many questioned this and asked me: why aren’t you doing anything for this key platform? claims? identity? single-sign-on? WTF?

In retrospective I’m very happy of my decision and investment proposal. The jury is out on the guide itself of course, but here are some proof-points on the rationale for writing it:

 

This year’s RSA conference in San Francisco was about . . . the cloud.

During his keynote, Scott Charney (our own CVP Trustworthy Computing), said:

“…identity is so important in the context of the internet generally. It actually becomes an amplified issue in the cloud. It gets its own place in the stack…”

 

Travis Spencer, security expert (who we were very lucky to have as a reviewer for our guide), commented on the RSA conference:

…identity is going to be a fundamental obstacle that we must overcome. Including wording on his slides, Charney said identity over 25 times in his short address. Microsoft, all the other speakers, and myself believe that identity is key in the adoption of cloud computing which is the future of all organizations…

And this is from Art Coviello (Executive Vice President, EMC Corporation and President, RSA, The Security Division of EMC)

…enterprises [will] start to outsource their infrastructures to external service providers. But you won't want any part of that unless service

providers can demonstrate their ability to effectively enforce policy, prove compliance and manage multi- tenancy. At this stage, federation becomes an important capability.

Organizations will need the ability to dictate and federate identity and policy to their service providers on how information is accessed and handled.

 

Hey, even “amplified” was a word I used back then :-).

These are just a couple of examples that are very much in line with our strategy in delivering this guide: a required step towards cloud guidance.

Which brings me to the next topic: our plans for the next months.

Scott, our Dev Lead, has written an excellent summary, so I won’t bore you with different words and same meaning. We just started this project, again with a world class team and extended reviewers. What’s important to highlight though, is that in tune with the cloud’s agility, we are aiming at smaller pieces of content available more often.

My next posts will be about the scenarios, challenges and topics we want to cover. As usual, we’d live your input.

I very much look forward to working on this project and to getting your feedback so we can help you be more successful.