We’re excited to tell you more about the beta release of “Geneva” Server. In this post we’ll talk a bit about what “Geneva” Server is, as well as discuss the features of “Geneva” Server. As you may have read already, “Geneva” Server is one component of the broader “Geneva” claims based access (CBA) platform. The other components are the “Geneva” Framework for developers and Windows CardSpace “Geneva”. All of the “Geneva” components are available for download at our Connect site.
This beta release of “Geneva” Server is not yet feature complete, and is not intended for use in a production environment. We’re looking forward to your early feedback on “Geneva” Server’s features and on what you’d like to see in future releases.
“Geneva” Server is a security token service (STS) that enables Active Directory to be an identity provider in the claims based access platform. Specifically, “Geneva” Server solves several identity problems for information technology (IT) professionals:
Simplified trust establishment: “Geneva” Server uses industry standard metadata formats for establishing trust between federation partners. The “Geneva” Server administration console allows administrators to establish trust by simply entering the partner’s trust metadata URL. This simplifies and improves the trust establishment experience for administrators by reducing the number of manual steps involved.
Information Cards: Information Cards provide an improved log-in experience, and the issuance of Information Cards allows “Geneva” Server to act as an identity provider that can be used with Windows CardSpace. “Geneva” Server includes a Web application where Active Directory users can obtain managed Information Cards, as well as administrative capabilities for branding these Information Cards.
Identity delegation: Web applications in a multitier architecture often call infrastructure services to access common data or functionality. It is important for these infrastructure services to know the identity of the original user so that the service can make authorization decisions and perform auditing. “Geneva” Server allows an authorized front-end Web application to impersonate its users to the infrastructure service. When using “Geneva” Server, the infrastructure service knows that the front-end Web application is serving as the user’s delegate. In addition, “Geneva” Server does not require that an account exist in Active Directory for the impersonated user.
Multiple supported authentication methods: “Geneva” Server supports multiple authentication methods at the STS. Users will be able to authenticate with user name/password, the Kerberos authentication protocol, client X.509 certificates, and Information Cards. Administrators have fine-grained control over the specific authentication methods that are supported, to suit their security policies. In addition, “Geneva” Server supports responding to requests for particular authentication methods, such as smart-cards. This enables applications that are protected by “Geneva” Server to easily step-up to smart-card authentication for particular operations.
Interoperable by design: “Geneva” Server supports multiple, industry-standard, interoperable protocols such as WS-Federation, WS-Trust and other WS-* security standards. In addition, “Geneva” Server supports identity provider functionality in the Web SSO profile of the SAML 2.0 protocol. This broad base of protocol support makes it possible for “Geneva” Server to work with a variety of identity products from other vendors that support these protocols.
Please give us your feedback and tell us what you think. The set of features above provides only a quick overview of what “Geneva” Server can do. More posts are coming to discuss these features in detail, and we look forward to a conversation on how “Geneva” Server can solve your identity challenges. Thanks,
- The “Geneva” Server Team