Until now when you developed your application, you had to decide during development time what security approach you wanted to support. Then your application was more or less coupled to the security implementation.
Changing your application from a Windows to a Web application could mean re-developing the whole security handling (recovery of rights and verification, etc…) for example.
New WIF Security Abstraction Layer
This is about to change considerately with Windows Identity Foundation (WIF), Cardspace 2.0 and ADFS 2.0 or any other provider that can act as STS.Applications will not mind anymore from where security is coming. In fact they won’t know anymore. They will just know what rights – or better what claims they need and who they trust. It will be the responsibility of the Security Token Service (STS) provider to recover claims and sending them to requesting applications.
Security will be decoupled completely form application development in this scenario. And it is very easy to do!
The WIF API will provide all functions and objects, that are necessary to do the implementations in your applications. You may change your security configuration by modifying the application configuration file (like for WCF) and changes will be immediate even in production environments.
No comments:
Post a Comment