Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Implementing claims-based security (WCF/ASP.NET)

After researching on the topic of claims-Based security (or a federated security model). I've been coming across many examples that use CardSpace as an example. The main article that I read that gave a really great explanation of the subject was a PDF by Microsoft on a framework called Zermatt.

The claims-based security architecture I'm looking into is the equivalent of implementing an STS Authentication Broker in combination with an STS Authorization Broker. This way, when I create a new service all I need to do is ensure that the service will only accept claims issued by the Authorization Broker. And as noted in the article, the Authorization Broker would only accept claims issued by the Authentication Broker.

When that's setup, any time a client attempts to use the new service, it must authenticate with the Authentication Broker (issuing an authenticated claim) and then get authorized with the Authorization Broker (issuing an authorized claim).

This is all fine and dandy and the architecture is clear, but I don't see exactly how to implement an STS. As I mentioned, most (if not all) examples around the web are showing how to use CardSpace, but that doesn't exactly work when you have a database backing up your authentication scheme.

Sample Scenario

alt text http://img512.imageshack.us/img512/8329/claimsbasedsecurityza6.jpg

like image 839
nyxtom Avatar asked Oct 24 '08 08:10

nyxtom


1 Answers

I think I found my answer :D

http://www.theserverside.net/tt/articles/showarticle.tss?id=ClaimsBasedSecurityModel http://www.theserverside.net/tt/articles/showarticle.tss?id=ClaimsBasedSecurityModel2

And then there's the latest Microsoft Geneva Framework announced at PDC. Perfect for what I need. (now if only my own answer were marked as the answer :P)

http://www.microsoft.com/geneva

like image 58
nyxtom Avatar answered Nov 11 '22 07:11

nyxtom