“provides companies with simplified user access and single sign-on, for on-premises and cloud-based applications in the enterprise, across organizations, and on the Web to facilitate collaboration, increase security and reduce cost.”
There are 3 components to Geneva which now have more official names:
Geneva Framework = Windows Identity Foundation: provides developers pre-built .NET security logic for building claims-aware applications
Geneva Server = Active Directory Federation Services (ADFS) 2.0: a security token service (STS) for issuing and transforming claims, enabling federations, and managing user access
Geneva Cardspace = Windows Cardspace: helps users navigate access decisions
The aim of Geneva is to provide a true “Single Sign On” (SSO) experience to users across the various platforms that they come across, be they corporate and/or personal.
For example, once a user is logged in with their corporate domain credentials they could then access Microsoft Online Services such as Hotmail, MSDN, LiveSpaces etc; without being prompted to enter their @hotmail/@live credentials. All this requires is 1 Geneva Server and a Windows Live Tool currently called “Microsoft Online Services Federation Utility”.
The Microsoft Federation Gateway is a cloud based identity service, that extends beyond your corporate domain out into the internet. This is the hub for all the connections users want to make to external MS technologies, be it Azure, Live or BPOS (MS use CRM Online as an example on the MSDN site).
The above shows the federation of identities between partners. An example of how the data flows between the different points of the SSO setup can be seen below:
You can find more information about the Microsoft Federation Gateway on MSDN here.
A slide from PDC 2008 showed an example of Geneva working with a BPOS component for the US:
The full 1hour+ video of the “Identity Roadmap for Software + Services” presentation video from PDC 2008 can be viewed here on Channel 9.
I know that BPOS, Microsoft’s hosted offerings of Exchange & Sharepoint (among others) will start using ADFS 2.0 at some stage next year. Most likely when the 2010 versions are deployed to the cloud, which I expect to be around late calendar Q3 so August/September. This is where I’m particularly keen to see what Geneva can do for SSO…it should make it pretty much seamless for corporate users whether they’re accessing on-site applications such as Exchange, their Online brethren, custom developed applications, hotmail, MSDN and more…and that will be excellent!
I use a variety of different MS Online Services and have at least 3 different logins for them…I’ll be interested to see if Geneva can look after that for me 🙂 BPOS currently comes with a separate SSO client which needs to be installed for each user and comes with it’s own unique set of issues, so having a corporate wide SSO would definitely be better. Also, you currently need to re-enter your details for OWA with BPOS as it’s on an HTTPS connection…I assume Geneva would remove that need?
Some great technical documents, step-by-step guides and Virtual Machine demos of Geneva can be found on the Technet site here.