Microsoft “Geneva”: Single Sign On & Online Services

Microsoft Geneva:

“provides companies with simplified user access and single sign-on, for on-premises and cloud-based applications in the enterprise, across organizations, and on the Web to facilitate collaboration, increase security and reduce cost.”


There are 3 components to Geneva which now have more official names:

Geneva Framework = Windows Identity Foundation: provides developers pre-built .NET security logic for building claims-aware applications

Geneva Server = Active Directory Federation Services (ADFS) 2.0: a security token service (STS) for issuing and transforming claims, enabling federations, and managing user access

Geneva Cardspace = Windows Cardspace: helps users navigate access decisions

The aim of Geneva is to provide a true “Single Sign On” (SSO) experience to users across the various platforms that they come across, be they corporate and/or personal.

For example, once a user is logged in with their corporate domain credentials they could then access Microsoft Online Services such as Hotmail, MSDN, LiveSpaces etc; without being prompted to enter their @hotmail/@live credentials. All this requires is 1 Geneva Server and a Windows Live Tool currently called “Microsoft Online Services Federation Utility”.

Federation Gateway

The Microsoft Federation Gateway is a cloud based identity service, that extends beyond your corporate domain out into the internet. This is the hub for all the connections users want to make to external MS technologies, be it Azure, Live or BPOS (MS use CRM Online as an example on the MSDN site).


The above shows the federation of identities between partners. An example of how the data flows between the different points of the SSO setup can be seen below:


You can find more information about the Microsoft Federation Gateway on MSDN here.

A slide from PDC 2008 showed an example of Geneva working with a BPOS component for the US:


The full 1hour+ video of the “Identity Roadmap for Software + Services” presentation video from PDC 2008 can be viewed here on Channel 9.

I know that BPOS, Microsoft’s hosted offerings of Exchange & Sharepoint (among others) will start using ADFS 2.0 at some stage next year. Most likely when the 2010 versions are deployed to the cloud, which I expect to be around late calendar Q3 so August/September. This is where I’m particularly keen to see what Geneva can do for SSO…it should make it pretty much seamless for corporate users whether they’re accessing on-site applications such as Exchange, their Online brethren, custom developed applications, hotmail, MSDN and more…and that will be excellent!

I use a variety of different MS Online Services and have at least 3 different logins for them…I’ll be interested to see if Geneva can look after that for me 🙂 BPOS currently comes with a separate SSO client which needs to be installed for each user and comes with it’s own unique set of issues, so having a corporate wide SSO would definitely be better. Also, you currently need to re-enter your details for OWA with BPOS as it’s on an HTTPS connection…I assume Geneva would remove that need?

Some great technical documents, step-by-step guides and Virtual Machine demos of Geneva can be found on the Technet site here.

A few Sharepoint 2010 tidbits

A few more bits of info about Sharpeoint 2010 have come out of TechEd through blogs and tweets.

The 2 big ones are:

Groove is to be renamed “Sharepoint Workspace Manager”. I think this will help drive an increase in people using this technology as currently, most people don’t know that Groove & Sharepoint can be used together.

Sharepoint 2010 is going to be 64bit only-and will require a wholly 64bit environment I.e. “64-bit Windows Server 2008 or 64-bit Windows Server 2008 R2 to run. It also will require 64-bit SQL Server 2008 or 64-bit SQL Server 2005”.

Another point is that it won’t support Internet Explorer 6 but will be “targeting standards based browsers (XHTML 1.0 compliant) including Internet Explorer 7, Internet Explorer 8 and Firefox 3.x. running on Windows Operating Systems. In addition we’re planning on an increased level of compatibility with Firefox 3.x and Safari 3.x on non-Windows Operating Systems”.

All info via Mary Jo Foley

Windows Mobile 6.5 Launch

MS have confirmed that the offical launch date for Windows Mobile 6.5 is May 11th 2009, which is the first day fo this year’s TechEd event.

The Windows Mobile blog says:

“Stephanie Ferguson, GM (General Manager) of Business Experiences at Microsoft’s Mobile Communications Business is going to deliver the kick off launch presentation of Windows Mobile 6.5 on Monday, May 11th at 1:00PM – 2:15PM. This Tech Ed 2009 session focuses on one of the biggest launches in the history of Windows Mobile – Windows Mobile 6.5. It is targeted at both IT Professionals and Developers, with a cool demo and an outline of great stuff to come.”


It will still be a number of months until we see any WinMo 6.5 devices but TechEd will give us a chance to see even more about the features of the new mobile OS and more things to look forward to!

*Update* Microsoft Windows Mobile 6.5 phones will start being released on October 6th 2009 🙂

%d bloggers like this: