J.D. Meier's Blog

Software Engineering, Project Management, and Effectiveness

REST with ACS

REST with ACS

  • Comments 0

This is a draft of our REST with ACS application scenario for your feedback.  It’s a whiteboard sketch of how to secure a REST service on Azure.

As part of our patterns & practices Azure Security Guidance project, we’re putting together a series of Application Scenarios and Solutions.  Our goal is to show the most common application scenarios on the Microsoft Azure platform.  This is your chance to give us feedback on whether we have the right scenarios, and whether you agree with the baseline solution.

REST with ACS Scenario

Scenario

image

Solution

image

Solution Summary Table

Area Notes
Authentication
  • Use AppFabric Access Control for authentication to REST service
  • Authenticate REST service using claims provided by Access Control
  • Establish trust relationship between REST service and Access Control
  • Create AppFabric service namespace for claims mapping
  • Use client to obtain Simple Web Token (SWT) from Access Control
  • Use SWT to authenticate connections to REST service
Authorization
  • Authorize service resources against claims in SWT
Communication
  • Communicate with Access Control using oAuth WRAP (protocol)
  • Use SWT to provide claims
  • Send oAuth WRAP messages over HTTP

My Related Posts