It's since April that I don't write about the book (at the time we released the entire Chapter 2 on MSDN ). Last week I received notice that 2 new reviews were published: one is from the Denver Visual Studio User Group , the other is on Paul Van Brenk's blog . Both reviews are extremely nice, for which we are very grateful; I especially like the fact that in both cases the reviewers perceived our intention to deal with the problem from an holistic point of view, regardless of our affiliation with

This week's VRM Workshop at the Berkman Center in Cambridge, MA was quite interesting. It helped me quite a bit to sort out how Identity Management and VRM intersect, but also differ in some respect. To put it in a nutshell, I believe that the biggest difference between the two is that they are essentially two different ways of looking at the same problem. "Traditional" identity management has been focusing largely on the varies subjects (and objects), their characterization, and how they can be

OpenSocial and Liberty People Services are really tackling the same problem - only from two opposing sites. While the LAP PS has established a solid foundation for secure identity management, OpenSocial has started out to define an API for allowing social networking (but also other) software from different source to be run in one (or more than one) container. Ideally, these container abstract away the underlying platform and thus enable application portability. This becomes quite useful, since facebook,

Just back from vacation. The tan barely started to fade, and here I am already playing with the new shiny toy :-). Did you experiment with Zermatt by now? As Kim mentions the samples (and the documentation) are an excellent way to start, and I am sure that blog posts & tutorials will soon start mushrooming here and there in the blogosphere: here I begin my humble contribution with my first technical post about Zermatt . I had *absolutely* no hesitations when deciding which scenario I should tackle

We are back! I hope you had fun with the STS tutorial I posted yesterday night ; here we move a step further and examine how to equip our STS with managed card issuance logic & UI. As anticipated, this is going to be MUCH faster. If you recall, in the last post I asked you not to delete the Default.aspx page that the new web site template created for you: we are going to put our card issuance UI there. At thsi point the visual studio project should look as follows: The only new element I added

I am sure you already saw Kim's post about John Fontana's interview with Stuart , appeared on Network World . I like how John communicates the importance of this release, and how it positions it in the context of the broader picture. Recommended reading :) Also, the blogosphere is buzzing: if you toy with your favorite feeds or search engines, you'll find many sources chiming in or even already playing with Zermatt ... that's the spirit! See you next week ;-)

Ahh, I’ve been looking forward for this post for a looong time. We just made available for download the bits of the Beta of “Zermatt” Developer Identity Framework . “ Zermatt ” is the codename of a .NET framework that helps developers build claims-aware applications to address challenging application security requirements using a simplified application access model. Let me expand a bit on that. If you want to develop applications that take advantage of claims & identity Metasystem goodness in

For a couple of years now, I've been giving talks about "claims-based identity", and "claims-aware applications". The most concrete example of a claims-based identity architecture that I've been able to show so far is Active Directory Federation Services v1 (ADFS) and Windows CardSpace. And the claims programming model I've been using is the one that shipped with WCF in the System.IdentityModel assembly. But today I'm happy to announce that there's a new path

On the Seattle-Paris flight. I've just posted the piece about validation-authentication-authorization , and i am a bit bothered by the fact that I was unable to delve into greater details for what concerns the authoriZation part. In particular, I'd like to address one of the misunderstandings which can derive from transporting verbatim the knowledge of Kerberos & "unattended" security in general to the world of user centered identity management. Some of you claimaniacs may find the stuff below

One year ago we had a brief wall-to-wall exchange with Keith about the need of having consumer (as non-developer) info about CardSpace. The Information Card Foundation is doing a great job at handling those info for the general concept of information card. Specifically for Windows CardSpace, I am happy to announce that we now have a consumer friendly home for Windows CardSpace ! I am especially fond of the two videos ( home & work ) from the UK crew; and big kudos to Eileen for the entire effort.