Skip Links

Microsoft pushes ADFS 2.0, federated identity for cloud security

Active Directory Federation Services 2.0 operates with other SAML-based identity management products

By , Network World
June 08, 2010 03:23 PM ET

Network World - At its TechEd conference this week, Microsoft is pushing its newly upgraded Active Directory Federation Services (ADFS) technology as the foundation for identity in cloud computing environments, but some analysts point out there are still more pieces to come in the complex federated identity puzzle.

Microsoft emphasizes hybrid cloud at TechEd

Enterprises often use Microsoft's Active Directory as the foundation for enterprise-wide identity and authentication management, and many are wondering how they might extend or add to these controls to prepare for cloud-based computing.

"When you talk about migrating infrastructure, ADFS 2.0 gets you that interoperability between private, public and hybrid clouds," says JG Chirapurath, Microsoft's director in the identity and security business group. "Identity is the glue that will make it all work. We firmly believe that it's all about identity."

But what is Microsoft's identity glue, ADFS 2.0, really all about?

ADFS 2.0, which was released in early May, "doesn't require changes to Active Directory server -- it's a separate server that knows how to talk to Active Directory," says Burton Group analyst Bob Blakley.

ADFS 2.0 can be expected to be used in different scenarios — Microsoft likes to point to some early deployments by Thomson Reuters and the government in British Columbia for use in single-sign on in their organizations.

Blakley says there's no doubt ADFS 2.0 is a central piece of Microsoft's identity management strategy, providing a two-way gateway for sending and receiving claims-based requests, as Microsoft calls them, using SAML-based tokens containing information about users and what they want in terms of information and access.

ADFS 2.0 supports the open standard protocol Security Assertion Markup Language (SAML) 2.0, and Microsoft late last year showed it could operate with other vendor products based on SAML for identity management. 

"SAML interoperability is built into ADFS 2.0," says Joel Sider, a Microsoft senior product manager. "Microsoft has a responsibility to step up and say there should be protocol neutrality. The most important thing is that people who are invested in identity can take it to the cloud," he adds.

"Federation is now important because of the cloud. It's not domain-centric -- it's looser partnerships, more loosely aligned. We need a way for people to collaborate on a project basis," Blakley says.

Blakley points out that while ADFS 2.0 is an implementation of SAML 2.0 integrated into the Microsoft infrastructure, it supports the most important aspects of SAML, though strictly speaking, not the entire SAML profile. "With the SAML security token service in ADFS 2.0, if you have a Windows Server 2007 with Active Directory domain services, and users are just logging on, they can now go to applications outside the domain and get access."

Moreover, ADFS 2.0 is expected to be baked into many future Microsoft application products, such as SharePoint 2010. But the reality is today legacy applications don't have the ability to easily work under a SAML-based framework, though they can be made to work that way.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News