Welcome Guest. | Log In| Register | Membership Benefits

  • Email this page E-mail
  • |  Print Print
  • |   Bookmark and Share
  • icon

Microsoft Azure Supports Federated ID


A federated identity can be used to provide a single sign on to multiple applications, both in the enterprise and in the cloud.

By Charles Babcock
InformationWeek
November 25, 2009 08:50 AM

Microsoft has adopted a "claims-based architecture" in its approach to managing the identities of users in its Azure cloud.

At its Professional Developers Conference in L.A. recently, it announced a Microsoft Identity Platform that invokes the architecture to establish a federated identity for users. A federated identity can be used to provide a single sign on to multiple applications, both in the enterprise and in the cloud.

More Software Insights

Whitepapers

Analytics

Videos

Roger Smith spoke with the CEO of Engine Yard, Lance Walley, about their Ruby and Rails deployment platform. Roger Boyce, CEO of Evident Software, discusses application virtualization. As companies take many servers and make them look like one, it's very difficult to measure the changes. Evident provides unique insights into the operation of those new appli Upstart Intacct focuses on financial and accounting software as a service, providing a choice for small-to-medium sized businesses.
Roger Boyce, CEO of Evident Software, discusses application virtualization. As companies take many servers and make them look like one, it's very difficult to measure the changes. Evident provides unique insights into the operation of those new appli

A federated identity of some type is going to be necessity if there is any prospect of hybrid cloud computing coming into vogue. IT departments that ship part of their workload off to the public cloud will need to be able to allow end users of applications to follow them into the cloud and use them there as well.

Microsoft's claims-based architecture is a more flexible approach to establishing a users' identity, than a straight forward, on-premises Active Directory system. The claims-based architecture can accept digital identifiers from multiple sources, such as LDAP directories, Active Directory, Outlook or Lotus Notes directories, certificates from security services, or a Windows token, said Kim Cameron, Microsoft's chief identity architect, in an interview at the developers conference.

Once a user's identity verifier is supplied, a central brokering authority compares the "claim" to that required by a particular application. If there's a match, use of the application can proceed.

Under a claims-based architecture, retrieving some form of digital identity is not enough, said Cameron. It is just a "claim" to an end user identity until the central broker checks its authenticity and its status to see if it meets the requirements of the application. All forms of identity remain untrusted -- they're treated as claims, not proof -- until the central authority decides they meet the needs of the application, he said.


Page 2: 
1 | 2 Next Page »


Subscribe to RSS


Advertisement

Sponsored Links






      


Get InformationWeek in Print

Apply for a free 1-year subscription to InformationWeek (a $199 value)



NOTE: Offer valid for U.S., U.S. possessions, & Canada only.