Role of Claims based Authentication in Federated Security
Before we get into the details of this, I would like to briefly touch upon the concepts of Federated Authentication and why it is so important.
One of the biggest challenges the organizations have today is the fact that Authentication in part and parcel of the Application and each Application can have its own way of storing credentials and authenticating users. This not only adds maintenance overheads to the maintenance folks, but also for the users who access these application as they will have to remember the credentials of all the applications they access. The issue will have a multiplier effect if the organization has applications on different platforms.
The solution that naturally evolved for this problem is to abstract out the Authentication Mechanism out of the Application and leave only the Authorization related stuff to the Application. Hence the end user is always directed to a central authority for Authentication and goes to the Application with the tokens issues by the authority to the end application. In the Microsoft world there are already a couple of solutions which evolved and failed to make a foot print. Passport is one of them which failed for the simple reason that nobody was ready to trust MS as the authority for storing all the credentials. Similarly WCS (Windows Card Space) evolved as part of the .Net 3.0 where in any party can act as Authority. But the issue with this is that all the parties involved will need to understand WCS. The new solution which is currently in the process of evolution is Zermatt which can take in any form of credentials and build token accordingly.
In the next blog we will see some of the basics of cryptography which plays an important role in understanding Zermatt, the new Single Sign On Solution which is in Betas today.
