Identity Technology Previewed

Geneva, Microsoft’s next generation of technology to support cross-platform, cross-organization access control, could simplify log-on for users, enhance security, and ease management overhead by consolidating user accounts. The technology faces a chicken-and-egg adoption problem that Geneva alone can’t solve, but Microsoft could help break the cycle by adopting the technology in its own business.

Updated Technology for Claims-Based Identity

The Geneva project (a code name) is updating Windows to support an access control architecture that Microsoft calls “claims-based identity” and supports Microsoft’s broader goal of a cross-platform, cross-organization security system that the company has called the “identity metasystem.”

In the claims-based identity architecture, an application makes access control decisions based on claims (also called assertions) about the application’s clients (which can be users or other applications). Those claims are backed by a trusted organization called an identity provider, which authenticates the clients and manages their user accounts. Claims can be application-specific and can be anything that the identity provider and the application provider (also called the relying party) can agree on.