REST with ACS

This is a draft of our REST with ACS application scenario for your feedback.  It’s a whiteboard sketch of how to secure a REST service on Azure.

As part of our patterns & practices Azure Security Guidance project, we’re putting together a series of Application Scenarios and Solutions.  Our goal is to show the most common application scenarios on the Microsoft Azure platform.  This is your chance to give us feedback on whether we have the right scenarios, and whether you agree with the baseline solution.

REST with ACS Scenario

Scenario

Solution

Solution Summary Table

Area	Notes
Authentication	Use AppFabric Access Control for authentication to REST service Authenticate REST service using claims provided by Access Control Establish trust relationship between REST service and Access Control Create AppFabric service namespace for claims mapping Use client to obtain Simple Web Token (SWT) from Access Control Use SWT to authenticate connections to REST service
Authorization	Authorize service resources against claims in SWT
Communication	Communicate with Access Control using oAuth WRAP (protocol) Use SWT to provide claims Send oAuth WRAP messages over HTTP

My Related Posts

• WCF Security Scenarios on Azure
• ASP.NET Security Scenarios on Azure