Working on a Geneva prototype has been interesting. The extendability of the framework is awesome, using id management from multiple Security Tokin Services allows for an ease of managing multi-site users with no extra hassle. To understand what I mean, check out the Geneva documentation on the Microsft website, or the MSDN we site.
I would however say that there is somewhere that the framework may be let down. From what I gather, as a basic overview, the STS manages the identity, with the STS of the install, or primary STS, managing all the claims that the Geneva sever passes back to the client. But how does the application update the users details? For an instance using one STS, not a problem, point your appliaction management sections (web-links etc) to management functionallity in the STS. But with more than one STS? How, without making a claim(s) that contains the require data, would the Geneva framework handle that?
From my understanding, there are 2 possible solutions. One is to include the information as part of the claim. This would allow each application to manage the conections between the users and their identity management. The secnd is to use Geneva to send the details to, or show the form of, and have that communicate with the affected STS. How Geneva passed the update through to the STS is up to Geneva, and Geneva could through an exception if it were not possible. Also, the mechanics of the update could be defined at the creation of the trust.
Anyways, I am looking foward to using Geneva. From what I have seen it is a powerful identity platform that will have a great future. Who knows, the theories and practices behind Geneva could become the standard in multi-site identity management.
No comments:
Post a Comment