Microsoft released Zermatt a new developer focused framework for .Net application development. Microsoft is trying to help customers who have .Net applications to do the following:
- Building claims-aware applications
- Building Security Token Services (STS)
- Creating Information Cards
- ASP.NET Controls
Felix Gaehtgens has written a nice review here of the technology and the business impact of the release. One of the claims that he makes is that this release will also allow organizations to create their own custom Secure Token Service (STS).
"The white paper released by Microsoft, together with the Zermatt
software and programming examples also explains how to build a custom
STS. The groundwork is all done by the Zermatt library, and therefore
allows a developer to concentrate on writing the actual business logic
to enable the trust relationships. The documentation hints towards
significant new STS features in Microsoft’s upcoming next release of
ADFS and suggests that the best approach for most organisations is to
buy a STS, and not build – however for those who need to build, the
framework is there in Zermatt ready to be unleashed. "
Another approach is to use the STS that is in OpenSSO. The Secure Token Service in OpenSSO Provides for standards based creation, validation, and translation of standards-based tokens and proprietary tokens such as Oracle Access Manager and CA SiteMinder. It is a flexible solution that can be deployed with OpenSSO’s access management and federation services or it can be deployed standalone to support 3rd party web access management and federation solutions and XML gateways. You can read more about the capabilities of OpenSSO STS at the OpenSSO Wiki or in the design documents with the OpenSSO project here (there is also a nice presentation here)
Felix goes on to say the following about vendor’s shipping their own STS.
What is the impact of Zermatt for the industry? Within the Microsoft
environment, this is an incentive for developers to make their
applications claims-aware, and to use the new features that WS-*
brings. It is therefore realistic to expect more applications becoming
ready for federation in the near future, and an impetus for SOA
developers to draw on identity information through WS-*. Although the
Zermatt framework is very specific to the Microsoft environment it may
be likely to see similar efforts being made on other platforms. Most
likely, existing frameworks might be extended to make the processing or
claims easier in other environments, and provide foundations to build
secure token servers in an easier way than done today. Kuppinger Cole
also expects that vendors will soon start shipping their own shrink
wrapped STS. As Microsoft is expected to significantly upgrade ADFS in
the next release, we also expect opportunities for companies to harness
ADFS’s customisation and plug-in capabilities to create value-added
add-ons, similar to what Omada has done for Microsoft’s ILM.
As OpenSSO provides an STS that works with .Net and Java based platforms we are excited about how the marketing is evolving in the space of Web Services Security. Don’t wait to start your project. Download it today at OpenSSO.org.