Hands-On-Labs released!

Check out the new labs we just released that complement the guide content. A notable addition is specific excercises for ADFS v2.
Download docs and code from here.

Release Candidate is now available!

This new drop includes all samples and all chapters of the guide. Download them from here

This new (and hopefully last) release includes the majority of the guide content (all previous chapters available in V1 and the new ACS and SharePoint chapters). Thanks to everyone in this community that helped us get here.

Drop #3 is out!

New samples and chapters of the new guide are now available for download here. This download includes:
  • All samples for ACS (updated to ACS production version).
  • A sample for using WP7 as a client for REST services.
  • All previous samples refactored and cleaned-up.
  • A new Dependency Checker (much simplified).
  • A new sample with ACS as a Federation Provider.
  • All ACS chapters.
  • Two appendices on protocols and authorization strategies.
Let us know what you think!

New Project! Extensions to the Claims based Identity Guide

The team is now working on a few extensions to the guide to include:
  • Access Control Service ACS Labs
  • Claims-enabling SharePoint



The "Blue" line is hwat the guide covers today. "Green" and "Black" are the new chapters. Of course as we make progress on each we will know more details.

We are also planning on fixing a few things on the exisitng samples: final upgrade to VS2010 and .NET 4.0, Windows Azure SDK 1.3 and bugs here and there. The "Dependency Checker" is also getting a full upgrade to get rid of the powershell scripts that caused so much trouble.

As usual, we will start publishing on this site early drafts of the content (both samples & docs). Feedback very much welcome!

First edition of the Guide is Released and available here:

- Book content online on MSDN.
- Book PDF download
- Final samples download
- Samples updated to Visual Studio 2010 download

What is Claims-Based Identity, and Why Should You Care?

There are many features in a typical secure application, three of the most common being:
  • Authentication: “Who are you?”
  • Authorization: “Are you allowed to do this?”
  • Personalization: “How can I personalize your experience?”

This guide will introduce you to “claims-based” identity, a set of ideas and tools that may make it easier for you to build features like these into your apps in a more flexible way. In this guide, we’ll introduce some concepts that may sound new: claims, federated identity, and much more. But many of the ideas presented here have been floating around for a long time.

The protocols we’ll show in this guide have a similar flavor to Kerberos, one of the most broadly accepted authentication protocols in use today (used in Active Directory for example). WS-Federation, SAML, and other federated identity protocols have been incubating for this entire decade. This is really not so new after all, but it does require a new way of thinking as we move toward a better architecture for identity in applications.

Claims based identity is specially compelling for applications that are deployed to the cloud. This Guide covers such scenarios.

Claims-based identity isn’t new. It’s been being designed and implemented for almost a decade.

Just Released! - Book content on MSDN.

Guide on Wiki

Preface (English) Preface (Spanish) - in progress
An Introduction to Claims (English)
Claims Based Architectures
Claims-Based Single Sign-On for the Web
Federated Identity for Web Applications
Federated Identity for Web Services
Federated Identity with Multiple Partners

Why do we need a guide now?

Only within the last year have tools been released to make claims-based identity generally available to applications on the Windows platform. With the Windows Identity Framework (WIF), Active Directory Federation Services v2 (ADFS), the identity landscape has opened up quite a bit, and our goal in this guide is to show how you can benefit by understanding these concepts and using these tools.

How is the Guide Organized?

The Guide will contain a few introductory chapters that will cover the basics of Claims based Identity, common terminology, protocols and technologies. This is the "theory" part of the book and we hope it will be useful for those new to the subject. Claims based identity is surprisingly simple and yet very powerful. Then, there will be a number of chapters with "case studies". These are very specific, commonly occurring scenarios where we surface goals, challenges and solutions in concrete contexts. As examples of the kind of scenarios we are considering, take a look at these three blog posts:

WebSSO
Federation
Software as a Service - Part I
Software as a Service - Part II

Check the downloads section for early chapters and samples!

Downloads

Blogs

Dominick Baier:

 www.leastprivilege.com News Feed 
Monday, May 14, 2012  |  From www.leastprivilege.com
 www.leastprivilege.com News Feed 

Vittorio Bertocci

 Vibro.NET News Feed 
Monday, November 24, 2014  |  From Vibro.NET
Wednesday, November 19, 2014  |  From Vibro.NET
 Vibro.NET News Feed 

Keith Brown:

 Security Briefs News Feed 
Friday, March 25, 2011  |  From Security Briefs
Monday, January 17, 2011  |  From Security Briefs
Wednesday, January 12, 2011  |  From Security Briefs
Friday, November 12, 2010  |  From Security Briefs
Monday, August 2, 2010  |  From Security Briefs
 Security Briefs News Feed 

Eugenio Pace:

 Eugenio Pace : Claims News Feed 
Thursday, February 24, 2011  |  From Eugenio Pace : Claims
Wednesday, February 16, 2011  |  From Eugenio Pace : Claims
 Eugenio Pace : Claims News Feed 

Erwin van der Valk



Matias Woloski

Last edited Jun 10, 2011 at 1:58 AM by eugeniop, version 36