Already one month has passed since Microsoft announced “Zermatt”, nevertheless I am writing a few words about it now.

What is “Zermatt”?
The Microsoft Code Name “Zermatt” is a framework targeted for .Net developers to help them to build claims-aware applications to address today’s application security requirements using a simplified model that is open and extensible and can improve security. Developers can build externalized authentication capabilities for their applications and build custom “identity providers”, often referred to as Security Token Services (STS). Zermatt can be used in any web application or web service that uses the .NET Framework version 3.5.

Major Features

• Building claims-aware applications: The framework makes it easier to build identity aware applications. In addition to providing a new claims model, it provides applications with a rich set of API’s to reason about the identity of a caller using claims. The framework also provides developers with a consistent programming experience whether they choose to build their applications in ASP.NET or in WCF environments.
• Building Security Token Services (STS): The framework makes it substantially easier for building a custom security token service (STS) that supports the WS-Trust protocol. These STS’s are also referred to as an Active STS. In addition, the framework also provides support for building STS’s that support WS-Federation to enable web browser clients. These STS’s are also referred to as a Passive STS.
• Creating Information Cards
• ASP.NET Controls: ASP.NET controls simplify development of ASP.NET pages for building claims-aware Web applications, as well as Passive STS’s.

As an application developer, by building claims-aware web applications and services, you’ll spend less time worrying about where to find identity attributes for users and have more time to focus on building a great application that solves real business problems. By relying on claims, you’ll be able to personalize your applications more effectively, and implement important security features such as authorization and auditing, without baking one particular authentication method into your application, or writing queries against a corporate directory. By centralizing identity management in this fashion, the IT pros can build the most efficient possible queries against their directories and give your application the identity details that it needs about users. And becoming claims-aware means you’ll be in much better shape when you’re asked to implement single sign on and perhaps even identity federation. Zermatt is a framework for building claims-aware web applications and services, and even issuing authorities, should you need to roll your own. Or better yet, buy a pre-built authority like the upcoming version of ADFS. Claims-based identity is the wave of the future. Get on board with Zermatt today!

A newer version of the Zermatt/Geneva SDK has been released. Read this post for more information and download links.