Today at our Professional Developers Conference Microsoft announced the availability of Windows Identity Foundation (WIF), a new extension to the .NET Framework that makes it easier for developers to create more secure applications with interoperable, identity-based access.
The software and documentation are available here. You can watch a video discussion about WIF on Channel 9 here.
WIF is ideal for both on-premises and cloud apps, and it ties closely to today’s launch of the Windows Azure, Microsoft’s cloud services platform. As part of our open platform for simplified access to both on-premises and cloud applications (formerly known as codename “Geneva”,) WIF is a key element of how Microsoft is addressing customer needs around cloud security. It also represents more progress for our Business Ready Security strategy.
Extending single sign-on from on-premises infrastructure to cloud applications is an important customer need, to simplify user login and ensure productivity. But the complexities of identity and access often block developers from quickly delivering this capability. There are too many identity technologies to choose from. Custom development of identity functionality is slow, expensive and requires developers to be identity and security experts.
WIF changes this, by providing developers with a standard approach to building identity-based access into on-premises and cloud applications using the claims-based architecture. It boosts developer productivity through a single, simplified identity model within familiar tools, such as .NET and Visual Studio.
For example, Quest Software says it was able to reduce authentication/authorization development time by 80% using WIF for its new OnDemand IT management solution hosted on Windows Azure – announced today. Quest OnDemand relies on ADFS 2.0 (beta) for authentication, too.
Online travel service leader Hogg Robinson in the UK is using WIF and ADFS 2.0, as well. Lead architect Jon Simpson said the technologies "masked many complexities, yet offered extension points throughout the solution such that we could implement all of our requirements. We welcome this new, open approach from Microsoft. We didn't have to compromise our solution anywhere!"
WIF enhances application security because it provides consistent, proven means for single sign on, federation, strong authentication and identity delegation. With WIF developers don’t have to continually re-build authentication logic, and applications can call each other securely. And, because WIF allows developers to externalize identity logic from applications, re-coding is less likely to be required as identity needs change.
Additionally, WIF is based on industry standard protocols for interoperability across heterogeneous cloud and enterprise environments.
Complementing WIF are the upcoming Active Directory Federation Services 2.0 – a role in Windows Server that allows customers to extend their existing investment in identity infrastructure to cloud applications – and Windows CardSpace 2.0, which helps end users easily navigate multiple logins and manage different personas.