Geneva’s Beta 2 Authorization

The beta 2 “Geneva” framework contains the concept of a claims authorization manager, represented by the ClaimsAuthorizationManager base class. This class contains a single method
public virtual bool CheckAccess(AuthorizationContext context)
that computes the authorization decision for the access represented by context. This object, of AuthorizationContext type, contains the following properties

Subject, of IClaimsPrincipal type, represents the subject [...]

Read Full Post »

Geneva’s Beta 2 Claims Model

This week was released the beta 2 of the “Geneva” framework. This framework aims to provide an unified model for claims based identity management and access control. This includes a class model for representing claims-based identities, showed in the next diagram.
 

This class model, present in the Microsoft.IdentityModel.dll assembly, is similar to the one [...]

Read Full Post »

DevDays ARC209 demos

The demos of the ARC209 “Windows Azure – Introdução aos .NET Services” session (in Portuguese), which I co-presented with João Pedro Martins  at Lisbon’s DevDays 09, are available here.
By the way, the .NET Services account provisioning is now resumed.

Read Full Post »

Geneva’s Pipeline

Yesterday, I saw the recording of PDC’s session Identity: “Geneva” Deep Dive, which I greatly recommend. Specially interesting was the description of the Geneva pipeline (from 19:55 to 25:20 recording time).

Read Full Post »

Zermatt’s claims model

In the last couple of posts, I’ve written about the claims and security token concepts, and also about how WCF models them:

What are claims?
Claims and claims sets in WCF
What are security tokens?
Security tokens in WCF
Authorization policies in WCF: from tokens to claim sets
The ServiceAuthorizationManager class in WCF

In this post I will start writing about how [...]

Read Full Post »

Authorization policies in WCF: from tokens to claim sets

In a previous post, I presented some classes for handling security tokens in WCF. This post describes the process that begins with the authentication of a token and ends with a collection of claim sets, available at the AuthorizationContext (see this previous post).
One of the classes referred in the last post is the SecurityTokenAuthenticator class, [...]

Read Full Post »

Security tokens in WCF

In WCF, security tokens are represented by classes derived from the SecurityToken abstract class. However, this class exposes little functionality:

A SecurityKeys property, to access the keys associated with this token.
Two properties, ValidFrom and ValidTo, with the token’s validity period.
A couple of methods for creating and matching key identifiers.

Most of the functionality related to security tokens [...]

Read Full Post »

What are security tokens?

In the Identity Metasystem, claims are produced by issuers and consumed by relying parties (named service providers on other models). A security token is the data structure that holds the claims during the communication between these two parties. However, a security token is more that a mere container of claims. Typically, it contains the metadata [...]

Read Full Post »

Claims and claims sets in WCF

How are claims represented in WCF?
As described in an earlier post, the Identity Metasystem proposes a model where identities are defined by claim sets.
The WCF platform adopts this view and provides a claims-based authentication model, mostly defined in the System.IdentityModel.dll assembly, introduced with .NET 3.0.
In both the Identity Metasystem and the WS-* specifications, the claim [...]

Read Full Post »

What are claims?

The use of classical identity based access control models, on which authorization decisions are based on the requestor unique identifier, is not adequate for large scale decentralized systems, such as the World-Wide Web. Several aspects contribute to this inadequacy, namely:

Access control policy -When an access request crosses security domains, the identifier of the requestor on [...]

Read Full Post »