Geneva, Exchange Online
What a way to start a blog. Geneva. It sounds important and it is. Geneva is the code name for our next generation identity services. At PDC we announced our new identity platform and that Microsoft IT (MSIT) is rolling this out for software corporate wide. Geneva will support 59 identity applications in the cloud with 29 different business partners.
Geneva went into public beta last month. This is the platform we are moving our hosted services to. Today connectivity to Exchange Online is accomplished by using a SSO client that can be used on Windows and Mac clients. This client needs to be installed and configured on each client. The reason for this is that the Exchange Online uses a separate identity system than our customers and you need to authenticate to it via the SSO client. I believe this was a great start to introduce Exchange Online but one that will be shortlived. Geneva is next.
Geneva is made up of a Geneva Server, Geneva Cardspace client, and the Geneva Framework. Also part of the platform is the Microsoft Service Connector, the Microsoft Federation Gateway and the .NET Access Control Service which provide our infrastructure for our cloud services.
How does it work?
1. User clicks link for service
2. User taken to Microsoft Services Connector for authentication
3. Connector validates credentials with Active Directory
4. Microsoft Service Connector issues a login token and redirects to the Microsoft Federation Gateway
5. Gateway validates token and transform claims
6. Federation issues service token a directs to the service
7. user accesses the service.
One of the great things about the use of Geneva is that we have an opportunity to look at Active Directory Federation as well as other identity systems because of our support of WS-* and SAML. Some great documentation on Geneva is posted here on MSDN: http://msdn.microsoft.com/en-us/library/cc287610.aspx
So I look forward to having federation for Exchange Online and other Microsoft cloud services. Stay tuned for more.
