Announcing the Beta release of “Zermatt” Developer Identity Framework

Ahh, I’ve been looking forward for this post for a looong time.

We just made available for download the bits of the Beta of “Zermatt” Developer Identity Framework. “Zermatt” is the codename of a .NET framework that helps developers build claims-aware applications to address challenging application security requirements using a simplified application access model.

Let me expand a bit on that. If you want to develop applications that take advantage of claims & identity Metasystem goodness in general, Zermatt makes your life easier by providing base classes, controls but especially capabilities & a programming model that take care of most of the plumbing for you. Regardless of the role (IP, RP, subject) or the style (Active, Passive, “Passive-Aggressive”), Zermatt shields you from the sheer handling of protocols & tokens and provides you with a great model for externalizing your access logic. For my loyal readers and in general to whoever worked with tokens and cardspace in general, who stormed me with mails since the TechEd EMEA demo and even earlier: this means that we can finally retire historical samples like the SimpleSTS and the TokenProcessor class. Zermatt is a fully supported developer framework that gives you those capabilities and MUCH more. How much more? Below there’s a partial list of the goodies you get:

· An HttpModule (the Federated Access Module, or FAM) that takes care of handling the token processing pipeline: fully extensible & web.config-urable, it exposes programmable events for every relevant step in the authentication lifecycle

· A new claim model, which unifies token & principal programming models achieving direct reuse of some classic access control techniques (IsInRole, PrincipalPermission) without requiring a rewrite

· Visual ASP.NET controls which take care of enhancing web pages with capabilities such as: information card signin and one-off information card requests, passive signin, session management and passive STS capabilities. All of those include comprehensive property management a and a rich events model

· Full control of session management: intended audience, pages whitelist, session duration, custom session tickets, etc

· A unified token handling model that works across ASP.NET and WCF applications alike

· Base classes for authoring STS, which handle automatically historically tedious tasks such as RST & RSTR parsing

· Native support for handling information cards: serialization, deserialization, issuance. Integration with the STS programming model for simplifying the development of cardspace-ready STSes

· Delegate authentication. Applications can now request new tokens on behalf of their callers, greatly simplifying three tier architectures and enabling a whole new class of scenarios

This is only a partial list. For a more in-depth coverage of Zermatt capabilities I invite you to read this excellent paper from Keith Brown, which introduces you to the basic concepts behind claim based identity management and describes Zermatt object model with samples and walkthroughs.

Needless to say, I’ll blog about this every single time I’ll have a moment. Once I’ll be back from vacation, we’ll also get a surprise guest on channel9 for hearing directly from the engineers who brought us Zermatt.

Finally, this is the tool that can help developers to experience directly the power of claim-aware applications. I invite you to download Zermatt and use it as much as you can: as you know this world is very new, and we’d really like feedback, feedback, feedback. Feedback on what works, what doesn’t, what you’d like to see, what you accomplished with it… we love every bit :-) the place for sending us your feedback & discussing Zermatt is the forum at this address.


· Get Zermatt bits from here

· Discuss here & give feedback here

· Read Keith Brown paper about Zermatt here

Congratulations to the Zermatt team for a great beta of a new breed of products!

And now… back to the beach ;-) see you in a week!