LHA Consulting, Incorporated

…or…”The AD FS Kitteh’s head asplode!”

Sourced from http://www.networkworld.com/news/2009/111809-microsoft-active-directory.html?t51hb, reporting on an announcement from the Professional Developer’s Conference this week:

“NGAD…is not a replacement for Active Directory but a "clip-on" that provides developers a single programming API for building access controls into applications that can run either internally, on devices or on Microsoft's Azure cloud operating system. Users will not have to alter their existing directories but will have to option to replicate data to NGAD instances.

NGAD stores directory data in an SQL-based database and utilizes its table structure and query capabilities to express claims about users such as "I am over 21" or "Henry is my manager." To ensure security, each claim is signed by an issuing source, such as a company, and the signatures stay with the claim no matter where it is stored.”

[Begin commentary]

So it appears that we’re creating a “SQL-like” engine in front of AD that will allow applications to extract claims which can be sent along to (presumably claims-aware) applications, also presumably by way of an STS or three?

And this is a correct interpretation? Then the AD FS Kitteh is very happy. Or at least, AD FS Kitteh will be very happy once the apps start playing along. Much like current implementations of ADFS & the claims-aware model, application compatibility will be the making or breaking of this. To wit: if a claim is issued by the (AD) forest and Exchange isn’t able to consume it, does it make a sound?

(The previous phrase copyright, the AD FS Kitteh. :-))

[End commentary]

For more info, Kim Cameron’s PDC session on this is available for viewing/download here: http://microsoftpdc.com/Sessions/SVC10