Hi,
My view on these issues is the following:
1)
AzMan is a Policy Decision Point (PDP) that has the following functionality
a) User interface to define and manage
RBAC based authorization policies
b) Policy engine to evaluate these policies upon request, given (client, operation) pairs, using a proprietary request interface
AzMan is strongly based on the
RBAC model.
2) The
Geneva Fx (Windows Identity Foundation - WIF) is a .NET class library to
a) Develop ASP.NET or WCF based claims consumer apps, that is, webapps or services that receive claims packaged inside tokens and use this claims to identity and authorize the clients
b) Develop claims transformers (in the form of Security Token Services), that is webapps or services that receive claims packaged inside tokens, apply a claim issuance policy and issue tokens containing the derived claims
3) The
Geneva Server (ADFS 2) is a turn-key claims transformer server, based on WIF.
The Geneva products are strongly based on the
Identity Metasystem model These products are complementary. For instance, AzMan can be used in an claim transformer to transform name claims into role claims or permission claims:
- The
geneva products implement the communication protocols (WS-Trust, WS-Federation, ...) and the claims packaging (SAML)
- The AzMan implements the logic that maps names into operation permissions
HTH
Pedro Felix
http://pfelix.wordpress.com
index > Claims based access platform (CBA), code-named Geneva > AzMan and Geneva