For those that have been writing claims-aware web applications for AD FS, you have a leg up on the value the claims-based model brings to application development. You’ve already taken the step to architect your applications for cross-organization, cross-security boundary, cross-platform access. Now, with Microsoft’s recent release of the “Zermatt” beta, this claims-based model is set to enable a new generation of business applications that fully participate in the Identity Metasystem (Kim Cameron’s blog). With Zermatt you can build “Relying Party” (think “resource-side” in AD FS terms) applications, custom “Identity Providers” (think “account-side” in AD FS terms) and security token services (STS). It also provides the means to issue managed information cards (think Windows CardSpace on the Microsoft platform) to users and consume those information cards on relying party sites. Exciting stuff! That said, Zermatt in of itself is not the next version of AD FS, but it is a developer framework that enables building claims-aware applications and security token services on the Microsoft platform.
Zermatt, as a developer framework, not only supports the WS-Federation passive requestor (browser client) case as used in AD FS, but it also supports the long awaited for “active requestor” (think web services) case. So whether you’re writing an ASP.NET application or a client application that employs web services, Zermatt exposes a single object model for you to use for accessing identity and claims. The beta comes with a broad collection of sample applications categorized to demonstrate basic, intermediate and advanced scenarios. So there’s something for everyone. To help scope your investigation/discovery, here’s some suggestions.
Get Zermatt here. On the download site is a white paper by Keith Brown that is a must read and will set you up for working the sample applications.
For ongoing insights into building various application scenarios with Zermatt, follow Vittorio’s blog, Vibro.NET. Start from his Zermatt announcement and work your way forward, chronologically. Also, for those that would like an all-up understanding on the broader need for digital identities in today’s application access paradigm, I highly recommend his book, “Understanding Windows CardSpace: An Introduction to the Concepts and Challenges of Digital Identities”.
Lastly, if you don’t want to install beta bits onto your machine, here are some links to downloadable resources: