Application developers, meet Mr. 'separation of concerns'. Thanks to its support of claims-based identity, the Windows Identity Foundation (formerly Geneva) APIs allow you to eliminate from your application all authentication- and authorization- specific code, by delegating its function to external entities. The application developer retains access to all the user attributes that are needed for driving the experience or feeding the business logic, without the burden of knowing anything about the underlying security plumbing. The security architect can secure an application simply by manipulating its config file at deployment time, or decide to take full control of the process and easily develop custom authentication and authorization logic. This session provides an overview of how to use Windows Identity Foundation for comfortably achieving the above in interoperable, location-independent fashion.