If You Read Only One Security Federation Paper This Year...

...let it be this one: https://msdn2.microsoft.com/en-us/library/bb498017.aspx

The whitepaper was co-authored by Microsoft and IBM and I participated in the review of the healthcare scenario.

[UPDATE: The post looked a little bit dry after reading it again, so I added some more context]

The healthcare scenario starts at section 4 and talks about how to use the WS-Federation specification, recently submitted to OASIS, and the family of related standards and specs (WS-Trust, WS-MetadataExchange, WS-Policy and so on) to automate much of the process of getting service endpoints to securely exchange information when a number of trust domains and players are present and it is not practical to go with a centralized security solution (actually, when is??).

While the scenario resembles one of a central government with a Medical Authority establishing a top-to-bottom network of trust, the WS-Federation specs do not rely on that and several different topologies are possible (see the Enterprise scenario in the same paper for another example).

The whitepaper provides also a good introduction to the terms and concepts defined in WS-Federation and should be used as a reference for anyone working in this area.

Have a look and let me know what you think!