WS-Federation Passive

I have discussed about Federation before. This post discusses Federation from the active context. "Active" means that the client is a smart client capable of doing encryption and signing and can actively participate in the Federation protocol. There are cases where the client is simply a Web Browser that is not capable of creating a secure message. In these cases the client is said to be "Passive". Federation in this case can be regulated through a series of HTTP 302 web redirects. The profile is described as the WS-Federation Passive profile.

ADFS Version 1 uses this profile to enable Federation of Identity. Moving forward ADFS will have support for Active and Passive profiles from version 2 onwards.