Claims-based Identity in .NET 4.5 and Windows 8

There was not a ton of new information about WIF and related technologies at Build, but Samuel Devasahayam did a great talk about claims-based access control that contained some very interesting bits of information with regards to future directions.

From his slides:

Windows 8

  • Bring existing identity claims model into the Windows platform
  • Domain controller issues groups & claims
  • Claims (user and device) sourced from identity attributes in AD
  • Claims delivered in Kerberos PAC
  • NT Token has a new claims section
  • Enhanced SDDL API’s to work with claims
  • Enhanced user mode CheckAccess API’s to work with claims
  • New ACL-UX
  • Target audits with claims-based expressions

WIF & .NET 4.5

  • WIF is in the box with .NET Framework 4.5
  • Every principal in .NET 4.5 is a ClaimsPrincipal

ADFS 2.1

  • ADFS 2.1 is available now as a in-box server role in Windows 8
  • Adds support for issuing device claims from Kerberos ticket
This entry was posted in .NET Security, IdentityModel. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s