Federated Scenarios - Windows Phone 7, WCF, and Azure
This is a big deal
Hide the complexity of using various identity providers
You have two main approaches you can take
Windows Identity Foundation Developer Training
What is STS?
It is about a security gateway
Decoupling apps and services from the authentication mechanism Supporting multiple credential types without complicating the implementation of applications and services.
Supporting federated scenarios where users are authenticated by their domain and granted access to resources in another domain—by establishing trust between each domain's STS.
Facilitating identity delegation scenarios where the authenticated user is granted access to downstream services.
Facilitating claims transformation so that relevant claims are available for authorization at applications and services.
The STS is built upon the WS-Trust Specification
WS-Trust is a WS-* specification and OASIS standard that provides extensions to WS-Security, specifically dealing with the issuing, renewing, and validating of security tokens, as well as with ways to establish, assess the presence of, and broker trust relationships between participants in a secure message exchange.
The WS-Trust specification was authored by representatives of a number of companies, and was approved by OASIS as a standard in March 2007.
Using the extensions defined in WS-Trust, applications can engage in secure communication designed to work within the Web services framework.
The tokens previously discussed are SAML Tokens
SAML, Identity Providers, Service Providers, Principals
Think of it this way - there is the "identity provider" who validates the identity of the user (often called a principal).
Then there is the "service provider" who receives the principal (user) from the "identity provider." The "service provider" decides what the principal can do by making an "access control" decision. The services provider relies on the identity provider that the principal is correct.
Access control simply means that you can access certain resources.
The single most important problem that SAML is trying to solve is the Web Browser Single Sign-On (SSO) problem, a problem also addressed by the more widely-used OpenID standard.
Single sign-on solutions are abundant at the intranet level (using cookies, for example) but extending these solutions beyond the intranet has been problematic and has led to the proliferation of non-interoperable proprietary technologies.
Is this post helping?
To be continued…
Seems like you don't finish any of the blog posts. the windows phone one, this one.
I have removed you from my favourites.