Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Federation Concepts

Iron Contributor

I have read and understood few thing on this subject with respect to Microsoft's offering

 

1. There is Windows Identity Foundation come into the picture

Please answer why

 

2. OASIS WS-Trust for setting up Federation when Rich Application / Thick Clients involved (Apps)

Please answer what/which are the protocols used and why

Please answer what/which are the type of Tokens generated and why

 

3. OASIS WS-Federation for setting up Federation when Browser based access is required/involved

(websites)

Please answer what/which are the protocols used and why

Please answer what/which are the type of Tokens generated and why

 

4. OASIS SAML for setting up Federation when Browser or Rich/Thick clients are involved

Please answer what/which are the protocols used and why

Please answer what/which are the type of Tokens generated and why

 

I know the first two can issue SAML tokens also

 

5. When an Claims Aware Application is being developed how developer will choose what claims the application will ask for, Where's the STANDARD DEFINITION for the Claim-Types to be used

 

6.  When the Trust is being established using ADFS Management Console or for that matter one is setting up Federation with Azure AD, Is it the Application/Relying Party who chooses what Claims it will ask for

 

7. Is there a STANDARD DEFINITION around this ? What-Where is it?


8. Should it not be the Choice of Account Owner considering security what as Claims i am ok with to share with Application

 

9. I do understand this bit of this after reading on Azure AD - OpenIDConnect and Oauth 2.0 there are scopes defined in the application which will show or ask for users' consent and only then will have access to those Account related details (allow/grant access to your Contacts, Pictures, Phone Logs etc..)

 

0 Replies