ADFS Analogy


I’ve recently come across an analogy which perfectly sums up the use of ADFS and the requirement of certificates.

This kind of puts the whole process into context.

A woman, let’s call her Louise Smith, is offered the once-in-a-lifetime chance to buy a diamond for a great price. The seller, let’s call him Jonathan Jones, contacts Louise and, gives her his name, address, details of the gem registry entry for the diamond, and agrees on a price. She is a careful person by nature, so she makes enquiries. She confirms that the diamond is real, that it is worth the money, and that it really belongs to Jonathan Jones. Then she writes a cheque for the money and Jonathan Jones gives her the diamond.

A week later, the police call to collect the stolen diamond, because the seller wasn’t actually Jonathan Jones. It was all a question of identity. Adding amusement to injury, the police find that the actual buyer hasn’t lost anything either, because she wasn’t actually Louise Smith and was using a stolen chequebook.

The point being, is that all the permissions can exist to allow the participants to participate in a transaction, but if the identities are not verified, the security doesn’t have a firm base.

In this case we look at CA (Certificate Authorities) to issue certificates to organisations or individuals to ensure that ‘requests’ are who they say they are. This works much like a passport and the above analogy could have been prevented if each user had declared their passport to one another, however, this assumes a perfect world.

The CA’s basically ‘vouch’ for the subject for the usages agreed.

This is the basis for ADFS, creating trust and ensuring identity. A very complex subject that is difficult to visualise, so I’m hoping this short story helps!

About Stephen Pothecary
IT Professional and Cloud Evangelist! IT Manager at Comms Group UK Ltd - Managed Services | Solutions | Procurement | Support Services | Cloud | Fujitsu!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: