If You Read Only One Security Federation Paper This Year...

...let it be this one: https://msdn2.microsoft.com/en-us/library/bb498017.aspx

The whitepaper was co-authored by Microsoft and IBM and I participated in the review of the healthcare scenario.

[UPDATE: The post looked a little bit dry after reading it again, so I added some more context]

The healthcare scenario starts at section 4 and talks about how to use the WS-Federation specification, recently submitted to OASIS, and the family of related standards and specs (WS-Trust, WS-MetadataExchange, WS-Policy and so on) to automate much of the process of getting service endpoints to securely exchange information when a number of trust domains and players are present and it is not practical to go with a centralized security solution (actually, when is??).

While the scenario resembles one of a central government with a Medical Authority establishing a top-to-bottom network of trust, the WS-Federation specs do not rely on that and several different topologies are possible (see the Enterprise scenario in the same paper for another example).

The whitepaper provides also a good introduction to the terms and concepts defined in WS-Federation and should be used as a reference for anyone working in this area.

Have a look and let me know what you think!

Comments

• Anonymous
  May 29, 2007
  Thanks for the link, it was an excellent paper. I really don't know much about web services but I was able to read and understand what the paper was describing, WS-Federation. Cool stuff!

• Anonymous
  June 04, 2007
  Nice summary Roberto. We certainly appreciated your input on the healthcare scenario, I think it really helped the end result. nfutwangler, glad the paper was understandable to you even without a backround in WS-*. That was a stretch goal, glad to hear is was met for you.