Announcing the Beta release of “Zermatt” Developer Identity Framework

Ahh, I’ve been looking forward for this post for a looong time.

We just made available for download the bits of the Beta of “Zermatt” Developer Identity Framework. “Zermatt” is the codename of a .NET framework that helps developers build claims-aware applications to address challenging application security requirements using a simplified application access model.

Let me expand a bit on that. If you want to develop applications that take advantage of claims & identity Metasystem goodness in general, Zermatt makes your life easier by providing base classes, controls but especially capabilities & a programming model that take care of most of the plumbing for you. Regardless of the role (IP, RP, subject) or the style (Active, Passive, “Passive-Aggressive”), Zermatt shields you from the sheer handling of protocols & tokens and provides you with a great model for externalizing your access logic. For my loyal readers and in general to whoever worked with tokens and cardspace in general, who stormed me with mails since the TechEd EMEA demo and even earlier: this means that we can finally retire historical samples like the SimpleSTS and the TokenProcessor class. Zermatt is a fully supported developer framework that gives you those capabilities and MUCH more. How much more? Below there’s a partial list of the goodies you get:

· An HttpModule (the Federated Access Module, or FAM) that takes care of handling the token processing pipeline: fully extensible & web.config-urable, it exposes programmable events for every relevant step in the authentication lifecycle

· A new claim model, which unifies token & principal programming models achieving direct reuse of some classic access control techniques (IsInRole, PrincipalPermission) without requiring a rewrite

· Visual ASP.NET controls which take care of enhancing web pages with capabilities such as: information card signin and one-off information card requests, passive signin, session management and passive STS capabilities. All of those include comprehensive property management a and a rich events model

· Full control of session management: intended audience, pages whitelist, session duration, custom session tickets, etc

· A unified token handling model that works across ASP.NET and WCF applications alike

· Base classes for authoring STS, which handle automatically historically tedious tasks such as RST & RSTR parsing

· Native support for handling information cards: serialization, deserialization, issuance. Integration with the STS programming model for simplifying the development of cardspace-ready STSes

· Delegate authentication. Applications can now request new tokens on behalf of their callers, greatly simplifying three tier architectures and enabling a whole new class of scenarios

This is only a partial list. For a more in-depth coverage of Zermatt capabilities I invite you to read this excellent paper from Keith Brown, which introduces you to the basic concepts behind claim based identity management and describes Zermatt object model with samples and walkthroughs.

Needless to say, I’ll blog about this every single time I’ll have a moment. Once I’ll be back from vacation, we’ll also get a surprise guest on channel9 for hearing directly from the engineers who brought us Zermatt.

Finally, this is the tool that can help developers to experience directly the power of claim-aware applications. I invite you to download Zermatt and use it as much as you can: as you know this world is very new, and we’d really like feedback, feedback, feedback. Feedback on what works, what doesn’t, what you’d like to see, what you accomplished with it… we love every bit :-) the place for sending us your feedback & discussing Zermatt is the forum at this address.


· Get Zermatt bits from here

· Discuss here & give feedback here

· Read Keith Brown paper about Zermatt here

Congratulations to the Zermatt team for a great beta of a new breed of products!

And now… back to the beach 😉 see you in a week!

Comments (26)

  1. For a couple of years now, I've been giving talks about "claims-based identity", and "claims

  2. Derrière le nom de code " Zermatt " se cache un framework permettant de créer des

  3. ScottBrady says:

    Forgive the obvious question, but how does this compare with the WCF Identity Model []? When should you use one vs. the other?

  4. Announcing the Beta release of “Zermatt” Developer Identity Framework うーん、Webサービスベースの認証系の仕組み、と考えててていいのかなぁ。…

  5. ASP.NET Static Singletons for ASP.NET Controls [Via: Rick Strahl ] WPF Learning WPF with BabySmash…

  6. IIts been a long wait. After working with customers for getting out their token service and doing all

  7. Interested in the ‘identity problem’?  Sometimes these quiet, little betas should really get more

  8. Zermatt egy kisváros Svájc déli részén, mindössze tíz kilométerre az olasz határtól. A kb. 5500 fős település

  9. One of the great issues that exist when developing solutions is the Security, and when we talk about

  10.    One of the great issues that exist when developing solutions is the Security, and when we

  11. Vibro.NET says:

    Just back from vacation. The tan barely started to fade, and here I am already playing with the new shiny

  12. Mike Chaliy says:

    Could you please describe why installer is dedicated for Windows 2003 and later? What is not present on my XP box that prevent me to use it? Actually I have modified msi to allow installation on XP, so I will give a try to it, however still like to know official version :).

  13. vibro says:

    Hi Mike,

    see the thread "Server 2003 Dependency" at

    Marc Goodner from the product group gave the following answer to the same question:


    We have a link on the

    home page to the readme, I guess it doesn’t stand out. I’l add it to

    the downloads section later today so others don’t go through that.


    Right now we only have an SDK version which includes samples that use

    the ASP.Net integration features. Those features require either IIS

    6.0 or 7.0. We still haven’t made a decision regarding support for XP

    at RTM. For the ASP.Net features I expect the IIS 6.0 or 7.0

    requirement to remain.


  14. For those that have been writing claims-aware web applications for AD FS, you have a leg up on the value

  15. Cât timp am fost în concediu… Noi resurse pentru dezvoltare: S-a lansat Zermatt beta . Superba stațiune

  16. Vibro.NET says:

    You would not believe how often I have to set up identity enabled web sites: for verifying a theory,

  17. Zermatt is the framework recently released by Microsoft to develop claim-aware applications. You can

  18. Far Pointer says:

    I don’t write content for the ADFS team anymore; there are a few resources, however, that you can go

  19. Vibro.NET says:

      PDC has come and gone, and Microsoft’s identity landscape has changed. New products emerged, services