For years, Windows has supported a rich, built-in authentication and authorization framework. If you can assume clients will have a Windows account, you can rely on Windows integrated authentication to validate client identity, and use impersonation, ACLs, and role-based security to authorize access to resources. But that model only works if all of your users have Active Directory accounts in a trusted domain. It's difficult to turn one of these applications to face the Internet to support remote employees, partners, and so on. This talk introduces you to a new model for identity, which allows you to factor authentication and many authorization decisions out of your applications and into a central identity service. This model makes it much easier to achieve Internet-friendly single sign-on. It also makes it easier for your application to receive richer identity information, and paves the way for identity federation, should you ever need to integrate with another organization or another platform (Java, for example). This talk introduces the Microsoft code name "Geneva" Framework as the new API for building claims-aware applications.