Archive

Posts Tagged ‘Federation’

My forgotten research paper : Windows Identity Foundation and Enterprise Service Bus Sample

September 10, 2012 1 comment

Hi friends,

Just yesterday, I remembered my research paper edited just last year. I hope it won’t be the last one.

In this paper I have proposed a new architecture for vehicular communications. My own objective was to develop a new secure architecture. For this reason, SOA was my basis platform to ensure that the different Web Services specifications can be easily integrated like the security. The ESB technology was also adapted  to reuse easily native applications; Biztalk was my inspiration source.

Windows Identity Foundation framework ( which is widely used in many Microsoft technologies like SharePoint) was integrated to ensure the security federation.

A very useful paper for who want to master Web services security specifications, Security federation, Applications integration and some Microsoft technologies like WCF, WIF, Biztalk, etc.

Would you like to download it? you can do it just here. From IEEE, the paper is here.

The french version is also disposable here.

Advertisements

Federated access control through Windows Identity Framework (WIF) Part 1

October 12, 2010 Leave a comment

In this post, I will introduce the concept of the federated access control to different resources using the Windows Identity Framework (Geneva framework) delivered by Microsoft. The purpose of this first part is to introduce the concept of the federated authentication.

First of all, let’s imagine the following scenario: You are usually using X.509 certificates technology to access to the resources of your enterprise but in an other enterprise, where you are obliged to spend some days, you won’t be able to use the same resources since they use an other technology like Kerberos for example.

Assuming that you are not obliged to implement the Kerberos technology, so how will you be capable of consuming the services of the new enterprise?

The federation principle is aiming to resolve that problem by federating existing protocols and even future ones.

Secondly, the claims based authentication is a new concept where different credentials used for authentication are considered as claims contained into a serialized structure named token.

The federation principle is based on the concept of the CBA (Claims Based Authentication) through three roles as illustrated in the following image :

 

  1. The user is the entity aiming to consume a service through a passive browser or a thin client.
  2. The identity provider (IP) which is implementing a special service to deliver tokens according to Relying Party policies to the User after authentication. This special service is implementing WS-Trust endpoints and is named Security Token Service (STS).
  3. The application which delivers services to User.

So for our first scenario, the User consults the policy of the application and knows that is requiring a Kerberos ticket. The User generates a Request Security Token to the IP. The IP after authenticating the user (by Certificates) delivers to him a signed token containing the requested kerberos ticket. The user sends finally the generated token to the application which can verify the identity of the IP thanks to its signature.

Finally, the application can rely on a local rules engine or an external process to manage the authorization of the user.

Categories: Security Tags: , , ,