Windows Identity Foundation has been around for a while now, and "Claims Based Security" is the cool kid that everyone wants to be friends with. The problem is that everyone (except Zulfiqar who speaks SAML natively) seems to think this stuff is impenetrably difficult to do...
Enter stage left: "A Guide to Claims-Based Identity and Access Control". It's a great little guide just released by patterns & practices that walks you through not only what the key scenarios and concepts are, but also how to implement them in .NET.
A few of my favourite topics are "Claims-Based Single Sign-On for the Web" and "Federated Identity for Web Applications". These are two scenarios that spring up with customers all the time, distilled into clear and easy to follow guidance.
Check it out!
Note: I feel the need to point out I don't work for p&p. And I don't mindlessly advertise everything they do. It's just they're really churning out some great stuff at the moment so I've been blogging about it; this guide, Prism, Web Client Guidance, Application Architecture Guide 2.0, etc... I wish they paid me royalties for referrals but they don't J