Navigation
This form does not yet contain any fields.
    Login
    « Be it known that LHA Consulting works with some fantastic people. | Main | OpenID Welcomes new Board Member »
    Saturday
    Jan162010

    ADFS gets RBAC-y

    DateSaturday, January 16, 2010 at 04:52PM

    http://blogs.msdn.com/card/archive/2010/01/08/introduction-to-token-issuance-authorization-in-ad-fs-2-0-rc.aspx

    Token Issuance Authorization, new feature in the ADFSv2 release candidate. Allows the Identifying Party STS to control which users are authorized to receive tokens, thus decoupling both AuthN as well as certain aspects of AuthZ from the Relying Party.

    From the blog post, in describing a scenario in which Contoso users are accessing a Fabrikam online store:

    With the new token issuance authorization feature, the administrator of the Contoso STS can create a policy that authorizes token issuance to Fabrikam based on membership in an Active Directory security group. This implements a form of role based access control (RBAC) at the STS. The administrators of the Fabrikam online store need not be aware of the details of the [Contoso] access control policy and no action is required from the vendor if the [Contoso] policy changes.

    AuthorLaura E. Hunter | CommentPost a Comment |
    in , ,

    Reader Comments

    There are no comments for this journal entry. To create a new comment, use the form below.

    PostPost a New Comment

    Enter your information below to add a new comment.

    My response is on my own website »
    Author Email (optional):
    Author URL (optional):
    Post:
     
    All HTML will be escaped. Hyperlinks will be created for URLs automatically.
    Alert
    Comment Moderation Enabled
    Your comment will not appear until it has been cleared by a website editor.

    Notify me of follow-up comments via email.