Forum Discussion

Himanshu Singh's avatar
Himanshu Singh
Iron Contributor
Jun 02, 2018

Federation Concepts

I have read and understood few thing on this subject with respect to Microsoft's offering

 

1. There is Windows Identity Foundation come into the picture

Please answer why

 

2. OASIS WS-Trust for setting up Federation when Rich Application / Thick Clients involved (Apps)

Please answer what/which are the protocols used and why

Please answer what/which are the type of Tokens generated and why

 

3. OASIS WS-Federation for setting up Federation when Browser based access is required/involved

(websites)

Please answer what/which are the protocols used and why

Please answer what/which are the type of Tokens generated and why

 

4. OASIS SAML for setting up Federation when Browser or Rich/Thick clients are involved

Please answer what/which are the protocols used and why

Please answer what/which are the type of Tokens generated and why

 

I know the first two can issue SAML tokens also

 

5. When an Claims Aware Application is being developed how developer will choose what claims the application will ask for, Where's the STANDARD DEFINITION for the Claim-Types to be used

 

6.  When the Trust is being established using ADFS Management Console or for that matter one is setting up Federation with Azure AD, Is it the Application/Relying Party who chooses what Claims it will ask for

 

7. Is there a STANDARD DEFINITION around this ? What-Where is it?


8. Should it not be the Choice of Account Owner considering security what as Claims i am ok with to share with Application

 

9. I do understand this bit of this after reading on Azure AD - OpenIDConnect and Oauth 2.0 there are scopes defined in the application which will show or ask for users' consent and only then will have access to those Account related details (allow/grant access to your Contacts, Pictures, Phone Logs etc..)

 

No RepliesBe the first to reply

Resources