Today I want to write few words about federation security.
So, imaging following situation. You work in one company, which partners with one or two others. And Both of them provide some kind of IT services.
One of the ways of dealing with such situation is make for each IT service login name and password for each of IT services. Of course it's not very convenient. It's not convenient for users, which need to have few accounts, it's not convenient for administrators, which need ot manage user names and passwords. Etc. How to deal with it? One of the solutions is identity federation.
How it works. One of the ways of solving it is making IT services to work with accepting tokens which are produced by STS ( security token service ) of another organization.
The schema is the following.
User logs in your app, your app makes some kind of requests to Federation provider, which receives you a security token, and then your app uses generated token in order to access another IT services.