My company is in need of a federated identity solution, and being a Microsoft shop, we're looking to use MS technologies to accomplish this goal.
We don't have Server 2008 or .NET 3.5 in production, so we're limited to a .NET 2.0/Server 2003-based solution.
This means (in terms of a federated identity solution), Active Directory Federation Services.
ADFS looks pretty good because it supports the WS-Federation standards, which means we can federate with partners not using Microsoft technologies.
Unfortunately (for us), Microsoft is close to releasing a .NET 3.5-based identity framework, the Geneva Framework.
The Geneva framework appears to be better than ADFS in every way (mostly because it's ADFS plus additional functionality and standards support).
Since we're not a .NET 3.5 shop and Geneva is only in beta, it's not a viable option for us at this time.
My question is this: how hard will it be for us to move from ADFS to Geneva?
We're just at the proof-of-concept phase with ADFS, so we haven't started diving into the code changes required to move from identity-based authorization to ADFS claims-based. I'm sure we can put this logic in an assembly that can be updated to support Geneva claims-based authentication.
Along with the code changes required, how difficult will it be to migrate our claims-based infrastructure from ADFS to Geneva? (e.g. Moving from ADFS's STS (Federation Service) to Geneva's STS (Geneva Server))
Thanks for any input on this topic, it's greatly appreciated!
I received a response on an MSDN forum post:
Although I haven't done it myself, but it should be pretty safe to anticipate moving from ADFS to Geneva should be qute plesant journey. By that time your RP will be already claim-based application so there's no big leap there; and Geneva facilitates configurations by autoconfig based on metadata exchanges.