- Why Microsoft Should Not Support SCA
- Virtualization for Windows: A Technology Overview
- Responses to REST vs. WS-*: War is Over (If You Wa...
- Introducing SCA
- REST vs. WS-*: War is Over (If You Want It)
- SCA vs. SOA?
- Supporting SCA’s Java Component Model: Which Vendo...
- Microsoft and BPM: A Technology Overview
- Introducing System Center
- Windows Workflow Foundation and BPEL
Opinari
Subscribe
Digital Identity for .NET Applications: A Technology Overview
# Tuesday, October 30, 2007
Identity is an inescapable aspect of distributed applications. The .NET world provides several technologies that developers can use in this area, but figuring out what each one does and how they fit together can be challenging. I've written a Microsoft-sponsored white paper to help people find their way through this thicket of options. Available here, the technologies it describes include ADFS, Windows Cardspace, and several more.
Handling identity well should be a fundamental competence for anybody who creates .NET applications. The goal of this paper is to help people get started on the path to acquiring this competence.
2 comments :: Post a Comment
Comments:
Great paper! One things that comes to my mind reading this paper and from listening to your talk at the SOA & BP Conf is not just the problems with username/passwords but also with credit cards. Credit card information could be claims provided by a card issuer or my bank in the role of a IdP. But how can one rely on the relying partner in this scenario not storing and missuse my credit card information. Are there any other way credit card information can be used related to federated identity?
# posted by 
: October 31, 2007 10:02 AM
: October 31, 2007 10:02 AM
A credit card number certainly could be conveyed as a claim. Just as if you'd typed that number into a web page, however, it's up to the web site you're interacting with (i.e., the relying party) to use it responsibly. How the number gets there doesn't change this.
Another possibility is that a payment organization might create a single-use authorization number for a particular payment rather than sending your credit card number. This could act like a digital check, allowing you to pay for a single transaction without fear of later misuse.
Post a Comment
Another possibility is that a payment organization might create a single-use authorization number for a particular payment rather than sending your credit card number. This could act like a digital check, allowing you to pay for a single transaction without fear of later misuse.
<< Home