Microsoft Zermatt Gives Developers better WS\* and ADFS Support
By nwooler on Jul 21, 2008
Microsoft released Zermatt a new developer focused framework for .Net application development. Microsoft is trying to help customers who have .Net applications to do the following:
- Building claims-aware applications
- Building Security Token Services (STS)
- Creating Information Cards
- ASP.NET Controls
Felix Gaehtgens has written a nice review here of the technology and the business impact of the release. One of the claims that he makes is that this release will also allow organizations to create their own custom Secure Token Service (STS).
"The white paper released by Microsoft, together with the Zermatt software and programming examples also explains how to build a custom STS. The groundwork is all done by the Zermatt library, and therefore allows a developer to concentrate on writing the actual business logic to enable the trust relationships. The documentation hints towards significant new STS features in Microsoft's upcoming next release of ADFS and suggests that the best approach for most organisations is to buy a STS, and not build - however for those who need to build, the framework is there in Zermatt ready to be unleashed. "
Another approach is to use the STS that is in OpenSSO. The Secure Token Service in OpenSSO Provides for standards based creation, validation, and translation of standards-based tokens and proprietary tokens such as Oracle Access Manager and CA SiteMinder. It is a flexible solution that can be deployed with OpenSSO's access management and federation services or it can be deployed standalone to support 3rd party web access management and federation solutions and XML gateways. You can read more about the capabilities of OpenSSO STS at the OpenSSO Wiki or in the design documents with the OpenSSO project here (there is also a nice presentation here)
Felix goes on to say the following about vendor's shipping their own STS.
What is the impact of Zermatt for the industry? Within the Microsoft environment, this is an incentive for developers to make their applications claims-aware, and to use the new features that WS-\* brings. It is therefore realistic to expect more applications becoming ready for federation in the near future, and an impetus for SOA developers to draw on identity information through WS-\*. Although the Zermatt framework is very specific to the Microsoft environment it may be likely to see similar efforts being made on other platforms. Most likely, existing frameworks might be extended to make the processing or claims easier in other environments, and provide foundations to build secure token servers in an easier way than done today. Kuppinger Cole also expects that vendors will soon start shipping their own shrink wrapped STS. As Microsoft is expected to significantly upgrade ADFS in the next release, we also expect opportunities for companies to harness ADFS's customisation and plug-in capabilities to create value-added add-ons, similar to what Omada has done for Microsoft's ILM.
As OpenSSO provides an STS that works with .Net and Java based platforms we are excited about how the marketing is evolving in the space of Web Services Security. Don't wait to start your project. Download it today at OpenSSO.org.