If You Read Only One Security Federation Paper This Year…


…let it be this one: http://msdn2.microsoft.com/en-us/library/bb498017.aspx


The whitepaper was co-authored by Microsoft and IBM and I participated in the review of the healthcare scenario.


[UPDATE: The post looked a little bit dry after reading it again, so I added some more context]


The healthcare scenario starts at section 4 and talks about how to use the WS-Federation specification, recently submitted to OASIS, and the family of related standards and specs (WS-Trust, WS-MetadataExchange, WS-Policy and so on) to automate much of the process of getting service endpoints to securely exchange information when a number of trust domains and players are present and it is not practical to go with a centralized security solution (actually, when is??).


While the scenario resembles one of a central government with a Medical Authority establishing a top-to-bottom network of trust, the WS-Federation specs do not rely on that and several different topologies are possible (see the Enterprise scenario in the same paper for another example).


The whitepaper provides also a good introduction to the terms and concepts defined in WS-Federation and should be used as a reference for anyone working in this area.


Have a look and let me know what you think!

Comments (2)

  1. nfurtwangler says:

    Thanks for the link, it was an excellent paper.

    I really don’t know much about web services but I was able to read and understand what the paper was describing, WS-Federation.

    Cool stuff!

  2. mgoodner says:

    Nice summary Roberto. We certainly appreciated your input on the healthcare scenario, I think it really helped the end result.

    nfutwangler, glad the paper was understandable to you even without a backround in WS-*. That was a stretch goal, glad to hear is was met for you.