Search code examples
wcf-securitysamlfederated-identitygeneva-frameworksts-securitytokenservice

Implementing claims-based security (WCF/ASP.NET)


After researching on the topic of claims-Based security (or a federated security model). I've been coming across many examples that use CardSpace as an example. The main article that I read that gave a really great explanation of the subject was a PDF by Microsoft on a framework called Zermatt.

The claims-based security architecture I'm looking into is the equivalent of implementing an STS Authentication Broker in combination with an STS Authorization Broker. This way, when I create a new service all I need to do is ensure that the service will only accept claims issued by the Authorization Broker. And as noted in the article, the Authorization Broker would only accept claims issued by the Authentication Broker.

When that's setup, any time a client attempts to use the new service, it must authenticate with the Authentication Broker (issuing an authenticated claim) and then get authorized with the Authorization Broker (issuing an authorized claim).

This is all fine and dandy and the architecture is clear, but I don't see exactly how to implement an STS. As I mentioned, most (if not all) examples around the web are showing how to use CardSpace, but that doesn't exactly work when you have a database backing up your authentication scheme.

Sample Scenario

alt text http://img512.imageshack.us/img512/8329/claimsbasedsecurityza6.jpg


Solution

  • I think I found my answer :D

    http://www.theserverside.net/tt/articles/showarticle.tss?id=ClaimsBasedSecurityModel http://www.theserverside.net/tt/articles/showarticle.tss?id=ClaimsBasedSecurityModel2

    And then there's the latest Microsoft Geneva Framework announced at PDC. Perfect for what I need. (now if only my own answer were marked as the answer :P)

    http://www.microsoft.com/geneva