Claims and Cloud: Pardon our Dust
Developing secure applications and providing a hosting service often provide seemingly contrasting requirements. In order to secure communications you take advantage of protected resources, such as private keys; but when you offer a hosting service for multiple tenants, you abstract away the access to those very resources. The net result is that if you combine early versions of products and offerings that evolved under those different requirements, they may not just work with one another out of the box. This is currently the case with Geneva Framework and Windows Azure: for a variety of reasons, an application that takes advantage of the Geneva Framework will not work “as is” when hosted in Windows Azure, including Microsoft products that were written to use the Geneva Framework. You may have heard that the new full trust settings we announced for Windows Azure at MIX would make the above scenario work, however that’s not the case: there is more than full trust for enabling the complete range of possibilities offered by claims based access.
The product teams are well aware of the importance of being able of taking advantage of claims & advanced identity capabilities no matter where you host your applications, and are working on a strategic, long term solution: one that allows you to confidently rely on our technology, without hacks or workarounds. We absolutely understand that this is a key scenario for you – I think I can say that as engineers we know exactly what you are feeling.
Those are the growing pains that can only be expected when you deal with a huge undertaking such as creating an entirely new way of developing applications. As our cloud and our identity technologies evolve, you will see today’s inconsistencies disappear one after another: so pardon our dust as we work to deliver the best cloud platform with the best identity story you have ever seen!
Vittorio,
Does Geneva Beta 2 solve this problem with .NET Services March 2009 CTP?
(Repeated from a comment to a later post.)
–rj