IT:AD:WIF
Summary
Windows Identity Foundation (WIF) is was an extension to the .NET35, and is integral to .NET45.
Makes it easy for developers to enable advanced identity capabilities in the .NET Framework applications.
Based on interoperable, standard protocols, SAML/, WS-Federation/).
The claims-based identity model can be used to enable:
- single sign on,
- personalization,
- federation,
- strong authentication,
- identity delegation,
- and other identity capabilities
in both ASP.NET (browser/user based) and Windows Communication Foundation (WCF) (machine 2 machine) applications that run on-premises or in the cloud.
WIF and Protocols
WS-Federation
WIF was developed around WS-Federation/, which is distinct from SAML-P/ except for the use of the SAML/ syntax for (some|all?) messages.
SAML-P
- 2005: MS says it will not use SAML: http://www.infoworld.com/d/security-central/microsoft-says-it-wont-support-saml-20-238
- “WS-Federation protocols compete with the SAML 2.0 … which so far has strong footing [and] is backed by consortiums (Liberty Alliance,OASIS)“.
- MS says “SAML 2.0 does not have reliable messaging or transaction support”
- 2009: MS says it will it: http://www.infoworld.com/d/security-central/microsoft-ends-standoff-against-saml-20-protocol-940
- ADFS 2.0 is SAML 2.0 compliant (note that ADFS 2.0 is not general flavour WIF…but it's a start).
- “The company previously supported the SAML token, but never the transport profiles of the protocol”.
- 2011 (May): Starts adding SAML 2.0 to WIF:
-
- But it's a subset (S
-
- 2012 (April): Still not out of CTP…