BUILD 2011 hinted at some ground-breaking possibilities in Windows 8 and what lays ahead with Windows Server 8 and AD FS 2.1. One of the biggest attraction points  may lie in the depth at which identity claims will be integrated into the Windows platform itself. This is (potentially) massive, particularly when Microsoft are touting it as covering the whole AAA gamut (authentication, authorization and auditing). That represents either some major architectural changes (and capability) within Windows, not to mention a few burning questions:

1. How deep will Identity Claims really go in the OS.. really down to NTFS and SDDL?
2. What level will we be able to match identity claims against embedded metadata such as FCI or document classification metadata?
3. How will this integration work with next generation mobile devices?
4. What does this mean for (Information) Rights Management ?
5. Will non-AD authentication providers / claims providers be available as credential providers for logon . e.g. LiveID, SAML 2.0 IdP’s?
6. Will AD FS 2.1 be available on Windows 2008 R2 in the same way that AD FS 1.0, 1.5 options appeared in 2003 R2/2008 RTM?
7. Will the claims-aware AAA concept be back-pedaled into Windows 7?

Early days and the Developer Previews are just that, but the Access Management concepts do look promising.