A new identity management release could represent a major piece to the cloud security puzzle – or at least encourage more organizations to make the move.
Microsoft shipped Active Directory Federation Services (AD FS) 2.0 to the Web this week, a major update to the company's claims-based identity management software.
Originally released with Windows Server 2003 R2, AD Federation Services is an Active Directory extension designed to give authenticated users access to multiple systems and applications during a single session. The 2.0 release builds on the software's claims-based identity model by allowing user access to apps in various locations using Active Directory authentication. New features promise to cut down on the number of log in credentials required for users working in both heterogeneous environments and across company partnerships.
AD Federation Services 2.0 also extends its single sign-on capabilities to cloud-based applications. These apps can be hosted through Windows Azure or other cloud providers such as Salesforce.com or Google Apps.
Laura E. Hunter, a Microsoft MVP for Directory Services and principal with LHA Consulting Inc. out of Philadelphia, said AD FS 2.0 could be a major step toward answering questions about cloud security. "From the standpoint of encouraging organizations to move to the cloud, I think [AD FS 2.0] provides a major win," she said.
Hunter added that since AD FS 2.0 lets users authenticate to cloud providers using Active Directory credentials, those cloud permissions are terminated as soon as such Active Directory accounts are disabled. This should mean less work for administrators, as AD FS allows them to revoke a user's permissions to all applications -- both on-premise and in the cloud – with one fell swoop, she said.
Other features of AD Federation Services 2.0 include integration with Microsoft SharePoint 2010 and support for WS-* and SAML protocols. As with AD FS 1.0, the software can also be managed and deployed through Microsoft's Server Manager feature as a Windows Server role.
AD Federation Services was originally one-third of the company's Geneva framework, along with Windows Identity Foundation (WIF) and Windows CardSpace. Microsoft released WIF at the Professional Developers Conference (PDC) in November 2010 as a free download. It allows developers to create and manage applications that can process claims generated by AD FS or other federation servers. As for CardSpace, the company's information card technology, the 2.0 version was recently delayed with no projected timetable.
Active Directory Federation Services 2.0 is currently available for download with systems running various editions of Windows Server 2008 or Server 2008 R2.
Find more news and information AD security and other Active Directory topics for Windows.