As today we’re going to host our 3rd Microsoft Austria Interoperability Council, I thought that in addition to our existing results we’re presenting today, it’s a good time to publish an update of my Identity Interoperability Demos and samples I created earlier this year.
Furthermore, based on the feedback of members from our interop-council, I’d like to provide a few links with more information on Identity Interoperability between Microsoft Windows Identity Framework (WIF) and Active Directory Federation Services v2 (ADFS v2- both formerly codenamed Geneva Framework and Geneva Server).
The Foundation – OASIS Identity Metasystem
Primarily the foundation for all these interoperability thoughts is the Identity Metasystem vision originally started by Kim Cameron (Microsoft – see article on MSDN). More information on the official standards can be found on the following link:
Sun Metro / WSIT Interoperability
The interop-identity PoC I’ve created demonstrates interoperability with Sun Metro / Web Services Interoperability Toolkit. For the PoC you need a Glassfish v2 application sever to host a Java-based Relying Party and integrate this RP with a .NET-based Security-Token-Service (STS) and a .NET-based client. The PoC shows, how you can integrate Java-based services in a Windows-based security-infrastructure based on standards.
Note, that the download package is a little big larger this time. You don’t need to download any additional bits. Everything including all Java-Pre-Requisites is included, except Microsoft Geneva Beta 2 (click here to download).
Interoperability with CA, Novell Access Manager, Sun Open SSO
While working with colleagues (Michael Steinböck, Dominik Paiha from Microsoft) on a proposal for a customer (who is also a member of the council) on identity interoperability, we’ve collected a number of additional resources on identity interoperability. First and foremost I would like to mention papers on interop between Sun Open SSO, Novell Access Manager and CA.
OpenID Interoperability with Microsoft ADFS v2 and WIF
Also a question continuously asked is the interoperability between the Microsoft-platform and OpenID. Of course OpenID can be used as a means of authentication on top of a WIF/ADFSv2-based STS.
Thanks to Matias Woloski who is working very close with Microsoft’s patterns & practices team, you can find more information and a conceptual view below (click image to enlarge):
Novell Bandit Project provides Information-Card Interoperability
In partnership with Microsoft, Novell is working on an initiative called “The Bandit Project”. This initative provides components and source code to implement a complete Identity Metasystem-based solution with STS, RP and even identity selectors (DigitalMe) for clients. To get these components to ensure complete interoperability of your Java- and browser-based components and end user experience on Linux, click the link below:
Identity Interoperability with IBM Tivoli
Interoperability between Shibboleth and ADFS
Microsoft published a guide on interoperability between Shibboleth and the Microsoft platform for it’s previous version of Active Directory Federation Services, already. Of course this guide is still available.
With ADFS v2, Microsoft is implementing the SAML 2 protocol in addition to the WS-* protocols which are available in both, ADFS v2 and the Windows Identity Framework. Having that said, interoperability will be given for Shibboleth and ADFS v2, as well. I’ve found the following references on this interoperability and I’ll continue my search to find or build more concrete step-by-step guides and samples on this kind of interoperability:
Patterns & Practices Identity and Access Guide
Finally I wanted to share one last, extremely important resource. My friend Eugenio Pace from the Microsoft patterns and practices team in Redmond is currently working on a PnP-guide on identity and access management using ADFS v2 and WIF. This guide is currently under development and is published as a open project on www.codeplex.com. That means, feel free to start reading through the guide and provide the PnP team with feedback as much as you can and about all the things you would love to read there.
They are also working on a guidance on how-to implement BOTH, single-sign-on (which is available out-of-the-box in Geneva) and single-sign-off, which is a very special challenge, typically!"
I think, these are some of the most important pieces of information, architects and developers need when it comes to thinking about identity interoperability. I personally strongly believe in all the parts of the identity metasystem vision and claims-based security. I also see, that most of the vendors are (slowly) moving towards this direction with their products and offerings.
So stay tuned, keep your eye on all these things.