Web Services

More issues exist with Web services and ASP.NET. Web services caused a big hype in past years with offering services across different platforms. What we've seen in the past has just been a first step into the possibilities that this technology can offer. To build great interoperable services where licensing is involved, guaranteed message delivery is needed, platform-independent authentication, authorization and confidentiality is needed, some more features of Web services are required.

Here's one example in more detail. As many departments of bigger companies are thinking about opening applications for their partners to allow better integration and faster business processes, company policies might soon get put into place that do not allow departments to control who is authorized to access what data. Of course, not every department would want to manage users and deal with authentication issues. On the other hand, with big companies it is not possible to centrally control applications that are designed with department support in mind.

What's needed in such a scenario is a federation server. With federation, identities are shared across extranets. The federation server uses policies that define who is allowed to access what services offered by the enterprise.

Figure 32-1 shows a federation scenario where a security token from the requestor is used to acquire a security token from the resources realm (which may be a partner company) to access the resources. A trust is set up between the requestor and the resource realms — the security token service from the resource realm trusts the identity provider from the requestor realm. The security token from the requestor is checked by the security token service of the resource realm to determine if the requestor is allowed to access the resource.

Figure 32-1