The Schwartz Report

Blog archive

Will ADFS 2.0 Boost Cloud Security?

The pending release of Microsoft's Active Directory Federation Services (ADFS) 2.0 is expected to play a key role in simplifying how organizations provide access control to systems and applications, including those running in the cloud.

Microsoft is expected to release ADFS 2.0, the free Windows 2008 Server add-in to Active Directory, this week, as reported. ADFS 2.0 provides claims-based authentication to applications developed with Microsoft's recently released Windows Identity Foundation (WIF).

While ADFS 2.0 give single sign-on to .NET applications built-in WIF and systems running Windows 2008 Server instances, it also extends that authentication to Microsoft's Windows Azure cloud service. But just as important, it provides single sign-on to Windows applications running on other cloud-based services, said Jackson Shaw, Quest Software's senior director of product management.

"ADFS 2.0 is really going to shed the spotlight on federation and cloud services and that's something the industry can use," Shaw said, in a telephone interview from the company's TEC 2010 conference in Los Angeles. "You can put an ADFS 2.0 instance up and use it to connect directly to Google or It's fairly straightforward."

Key to ADFS 2.0 is its support for the Security Assertion Markup Language 2.0 (SAML) standard, which is widely supported by cloud providers and ISVs. By allowing Windows and .NET apps to make and exchange SAML-based authentication claims, that removes a key barrier.

While Shaw sees ADFS 2.0 as a key step forward toward improving cloud security, he cautioned it's not a panacea. "Not every single piece of information about what someone can or can't do is stored in Active Directory," Shaw said. "There may be something about my spending authority in the SAP system, for example. What that means is it forces a customer to synchronize more info into Active Directory."

The problem, he explained, is customers may not want to always do that."That's part of the evolution of cloud services we have to go through, and that's why I am excited about ADFS 2.0, because as more and more customers start to use this, these types of difficulties are going to be surfaced," Shaw said.

Not lost on him of course, is the opportunity that presents for third parties like Quest, Ping Identity, Symplify, CA, Novell and others to offer tools to remediate some of these issues.

Keynoting at this year's TEC 2010 was Conrad Bayer, Microsoft's general manger for Identity and Access solutions. Shaw, who attended the keynote, shared a few observations:

  • Directory technologies have all been brought together into one group at Microsoft, which Bayer will oversee. That includes ADFS, Forefront Identity Manager and Rights Management Server. "This is definitely a step in the right direction from the perspective of actual integration across the product line and hopefully some proper integration with Active Directory," Shaw said in a blog posting released just after we spoke.
  • When Bayer polled the audience to see how many were using AFDS, very few raised their hands. "I believe this will change once ADFS v2.0 releases later this year - since ADFS is basically free," Shaw noted.
  • Cardspace 2.0 is not ready, Bayer confirmed. "It doesn't go away but it isn't imminent to be released either," noted Shaw. "They want to add OpenID support and they are working on that along with incorporating it into Internet Explorer."

Are you looking to use ADFS 2.0 in your organization or for your clients?  Drop me a line at jschwartz@1105

Posted by Jeffrey Schwartz on 04/26/2010 at 1:14 PM


  • Microsoft Nabs IoT Platform Provider Express Logic

    As part of its plan to invest $5 billion in IoT technologies, Microsoft this week acquired Express Logic, which provides real-time operating systems for industrial embedded and IoT devices.

  • Dealing with Broken Dependencies in SCVMM

    Brien shows you how to resolve some broken, template-related dependencies in Microsoft's System Center Virtual Machine Manager.

  • AzCopy Preview Adds AWS S3 Data Transfer Improvements

    Microsoft announced this week that it has improved the preview version of its AzCopy tool to better handle Amazon Web Services (AWS) S3 data.

  • Microsoft Adding Google G Suite Migration in Exchange Admin Center

    Microsoft's Exchange Admin Center will be getting the ability to move Google G Suite calendar, contacts and e-mail data over to the Office 365 service "in the coming weeks."

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.