Katana is Microsoft’s stand-alone implementation of OWIN, the Open Interface for .NET standard. It provides a lightweight alternative to IIS and System.Web when those features are not needed or desirable. With the release of version 3, Kanata is wholly to the asynchronous model offered by .NET 4.5.

Microsoft’s deprecation of .NET 4.0 support in Katana is not surprising. Whilst .NET has had asynchronous support since NET 2.0’s IAsyncResult model, Node.js appears to have gained all the mindshare. Microsoft may well be hoping to reverse the trend with .NET 4.5's async/await model.

Furthermore, Microsoft is trying to dramatically reduce its maintenance burden by moving developers off older versions .NET by early 2016. Making it clear that new APIs won’t be offered for .NET 4.0 goes a long way to accomplishing that goal.

In terms of new functionality, mostly they concentrated on “enterprise grade authentication and claims based identity”. Vittorio Bertocci of the Katana 3 project mentioned these three protocols specifically:

WS-Federation

OpenId Connect (id_token and id_token+code, via form_post)

OAuth2 bearer token authentication for Web API

Vittorio also wrote,

This release includes fixes for issues related to Twitter and Google API changes. If you have an app using Google authentication and you are updating to Katana 3, please make sure you read this post!

Katana is available via NuGet. According to the Katana website, there are over 20 packages to choose from depending on which features you need. (Contrast this to classic ASP.NET where almost everything was crammed into one massive assembly.)