April 22, 2013 1 Comment
Web Services and WS* specifications are an essential foundation for federation, without them ADFS would not function correctly.
This allows compliance within the universal acceptance for developers to create cross-platform experiences for end-users. Using this method provides following benefits to name a few, end-to-end security, reliable messaging and distributed transactions.
Web services are commonly used as a means for businesses to communicate effectively internally and externally with clients seamlessly, without knowledge of the underlying infrastructure at either end of the communication chain (firewalls, hardware etc).
With ADFS, Microsoft has developed a technology capable of inter-operating with partners using technologies from differing vendors, providing they also adhere to the same standards.
XML (Extensible Markup Language) forms a key part of this seamless inter-operating . It is the standard for exchanging data across security enabled platforms. XML is an open standard defined by the W3C (World Wide Web Consortium).
Other standards commonly used include;
The term WS-* is more of a general reference to the fact that many specifications are named with WS- as their prefix. These web services allow overlap and competition between specifications and some even compliment one another.
WS-Federation defines mechanisms for allowing security realms to broker information about identities, identity attributes and authentication. Federation is a part of a larger web services framework including; WS-Policy and WS-Trust.
WS-Trust deals with issuing, validating and the renewal of security tokens. Using these specifications allows applications to engage in secure communication within a web services framework.
Security Assertion Markup Language (SAML) is an XML-based standard for exchanging authentication and authorization between security domains; for example, between an Identity Provider (Claims provider in ADFS) that produces assertions and a Service Provider (Relaying Party in ADFS) which consumes those assertions. SAML assumes that a user is affiliated with at least one Identity Provider to identify and authenticate the user.