Use Geneva to develop the SOA security model

The latest Code released by Microsoft is Geneva Beta 1, and the previous code is Zermatt. Geneva helps developers more easily develop declarative-based identity model applications for authentication/authorization. This is a model developed by Microsoft but supported by the industry. It uses standard protocols such as WS-Federation, WS-trust, and SAML (Security Assertion Markup Language. Sun's wsit and WebSphere app server v7.0 also support these industry standards.

Geneva not only facilitates the development of authorized applications, but also makes it easier to deploy, manage, and protect applications. In Windows cardspace included in. Net 3.0, this is the first time that Microsoft has directly integrated its huge development army into its identity meta system plan. It defines a distributed identity architecture for multi-vendor platforms. Permissions are used to determine who can access, who can retrieve the content or who can complete the transaction.

The data contained in the permission can come from Active Directory, ldapv3-based directory, dedicated database, or a new user-centric identity model like liveid, openid, and infocard systems, including Microsoft's cardspace and Novell's digital me. Geneva is designed for the development of Windows-based applications. Geneva includes the following three components:

Geneva Server. This is a security token service (STS) defined in the oasis WS-trust specification ). This thing is issues and conversion declaration, which manages user access and can implement automated Federation.

Geneva framework. This is a hosted (. NET) framework that connects to STS and helps developers build declarative applications.ProgramAnd services. You can use it to process authorized transactions (requests or responses) to any party ).

Windows cardspace Geneva. This is an extension of your favorite cardspace in windows. Maybe you have seen him, but you have never used it. Simply put, cardspace is a set of Windows functions and user interfaces that allow users to access and control the use of personal information through navigation. Everyone has multiple declarations as part of their identities: you are a student at Um (Seattle University of Washington), you are an employee of bigcorp, and you are a member of a prestigious community, you get a special security card, and you also have a bigbank account 4444-444-44 and so on. Cardspace allows you to decide which statement to use to disclose your identity to a specific server or service. Instead of disclosing everything to you like all servers or services, you only need to disclose the information required by a specific exchange. This is an aspect of the Identity model. cardspace makes it possible to do this in windows.

The key to the declarative model is the security token service (STS ). STS is a lightweight gateway that exchanges security tokens (such as Kerberos or SAML) through negotiation and converts the tokens to different formats based on application requirements. It can be used for servers and clients.

Geneva can be used to develop applications that receive information from cardspace. Cardspace is a user-centric identity system in Vista and XP. If you want to do this in. net, you must have many self-written protocols.Code. Cloud services are the first field to use the declarative model. Microsoft's BizTalk services-Internet Service Bus (ISB) has an identity services-which allows organizations to manage users more easily, it also helps developers create safer applications and identify users from different organizations.

Geneva Beta 1 can be downloaded from the Microsoft connect website. Some useful documents: "Geneva" Introduction and Microsoft Code: "Geneva" framework for developers White Paper.